CN114154147A - Man-machine behavior detection method, system, equipment and medium - Google Patents
Man-machine behavior detection method, system, equipment and medium Download PDFInfo
- Publication number
- CN114154147A CN114154147A CN202111493000.6A CN202111493000A CN114154147A CN 114154147 A CN114154147 A CN 114154147A CN 202111493000 A CN202111493000 A CN 202111493000A CN 114154147 A CN114154147 A CN 114154147A
- Authority
- CN
- China
- Prior art keywords
- user
- human
- address
- robot
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims abstract description 67
- 230000006399 behavior Effects 0.000 claims abstract description 35
- 238000012544 monitoring process Methods 0.000 claims abstract description 26
- 230000002159 abnormal effect Effects 0.000 claims abstract description 22
- 230000002452 interceptive effect Effects 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 17
- 241000282414 Homo sapiens Species 0.000 claims abstract description 13
- 230000003203 everyday effect Effects 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 230000002354 daily effect Effects 0.000 claims description 4
- 238000006073 displacement reaction Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 3
- 230000014759 maintenance of location Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims 2
- 238000005516 engineering process Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000013135 deep learning Methods 0.000 description 3
- 238000012216 screening Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000282412 Homo Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000035484 reaction time Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a man-machine behavior detection method, a man-machine behavior detection system, man-machine behavior detection equipment and a man-machine behavior detection medium. Relates to the technical field of man-machine behavior detection. The method comprises the steps of presetting a human-computer verification model; checking the server logs within a preset time period every day; when a user logs in an account, monitoring the login condition by checking a login log; the login failure times exceed the preset times within the fourth preset time; acquiring the IP address of the user and forbidding the access of the user; if the account number is in the login log and the number of times is lower than the preset number of times, the account number and the corresponding account number password are successfully input; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in. The robot can be used for discriminating by using different behaviors when the robot and the human acquire data, and discriminating by using abnormal downloads such as too fast data acquisition of the robot, so that the aim of stopping the robot is fulfilled.
Description
Technical Field
The invention relates to the technical field of human-computer behavior detection, in particular to a human-computer behavior detection method, a human-computer behavior detection system, human-computer behavior detection equipment and a human-computer behavior detection medium.
Background
With the continuous development of information technology, information is used as a resource, and the universality, the sharing property, the value-added property, the processability and the multi-utility property of the information make the information have particularly important significance for human beings, and the problem of information security is obvious day by day. In order to prevent information systems or information networks from being threatened, interfered and damaged by various types, various automatic malicious attack behaviors such as zombie account registration, brute force cracking, web crawlers and the like are carried out on websites. Automated turing testing technology for computers and humans, also known as captcha technology, arose by distinguishing whether a user operating a web page is a computer or a human by way of generating a captcha. However, with the development of the verification code technology, verification code cracking technology is also continuously developed, and an attacker can crack the verification code by adopting various technologies such as image processing, data analysis and the like, so that the existing verification code technology is difficult to identify whether a user operating a webpage is a computer or a human, and thus a man-machine behavior detection method is needed.
Disclosure of Invention
The invention aims to provide a man-machine behavior detection method, which can be used for discriminating different behaviors when a robot and a human acquire data and discriminating abnormal downloads such as too fast data acquisition of the robot, so that the aim of stopping the robot is fulfilled.
The embodiment of the invention is realized by the following steps:
in a first aspect, an embodiment of the present application provides a human-machine behavior detection method, which includes presetting a human-machine verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads the preset amount of information within second preset time according to the category, the user is judged to be the robot, the IP address of the robot is recorded, and all account numbers of the IP address are forbidden to log in; checking the server logs within a preset time period every day; when a user logs in an account, monitoring the login condition by checking a login log; if the account number of the user is in the login log, the login failure times within the fourth preset time exceed the preset times, and the account number is determined to be an abnormal account number; acquiring an IP address of the abnormal account, and setting the IP address to prohibit access; if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in.
In some embodiments of the invention, the human-machine-verification model further comprises: and if the user is imported from the external website, monitoring the stay time of the user on the internal initial webpage, if the stay time is shorter than the third preset time of normal human response, judging that the robot is the robot, recording the IP address of the robot, and forbidding all account numbers of the IP address to log in.
In some embodiments of the invention, a prompt message that the account is stolen is sent to the account logged in by using the IP address.
In some embodiments of the invention, the step of monitoring the time a user dwells on the internal initial webpage comprises:
when a user opens the internal initial webpage, the built-in timer starts timing, when the user clicks the link on the internal initial webpage, the internal initial webpage skips to the webpage corresponding to the link, and simultaneously sends a signal to the built-in timer, and the built-in timer stops timing and calculates the retention time.
In some embodiments of the present invention, after the user logs in, the mouse is tracked, and if it is detected that the mouse does not move above the download link after logging in, but the user displaying the IP address in the server is downloading information, it is determined that the user is a robot, the IP address of the robot is recorded, and all account login of the IP address is prohibited.
In some embodiments of the present invention, if the displacement of the mouse movement is not continuous, it is determined that the user is a robot, the IP address of the robot is recorded, and all account logins of the IP address are prohibited.
In some embodiments of the present invention, the human-machine-authentication interactive popup comprises a plurality of dynamic pictures containing text information and answer text corresponding to any of the dynamic pictures.
In a second aspect, an embodiment of the present application provides a human-machine behavior detection system, which includes a model establishing module, configured to preset a human-machine verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads the preset amount of information within second preset time according to the category, the user is judged to be the robot, the IP address of the robot is recorded, and all account numbers of the IP address are forbidden to log in; the daily detection module is used for checking the server logs within a preset time period every day; the user login detection module is used for monitoring the login condition by checking the login log when the user logs in the account; the first judgment module is used for determining the account as an abnormal account if the login failure times of the account of the user in the login log within the fourth preset time exceed the preset times; acquiring an IP address of the abnormal account, and setting the IP address to prohibit access; a second judgment module; if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in.
In a third aspect, an embodiment of the present application provides an electronic device, which includes at least one processor, at least one memory, and a data bus; wherein: the processor and the memory complete mutual communication through a data bus; the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute a human behavior detection method.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement a human-machine behavior detection method.
Compared with the prior art, the embodiment of the invention has at least the following advantages or beneficial effects:
for the recognition of human and machine by means of verification codes in the prior art, the robot is difficult to be prevented from entering under the development of deep learning at present, so that in order to avoid the problem, the robot is screened by using different behaviors of the robot and human when data is acquired, and is screened by using abnormal downloads such as too fast data acquisition speed of the robot, so that the aim of preventing the robot is fulfilled.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a flow chart of a human-machine behavior detection method of the present invention;
FIG. 2 is a schematic diagram of a human-machine behavior detection system according to the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to the present invention.
Icon: 1. a model building module; 2. a daily detection module; 3. a user login detection module; 4. a first judgment module; 5. a second judgment module; 6. a processor; 7. a memory; 8. a data bus.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, it should be noted that the terms "upper", "lower", "inner", "outer", and the like indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings or orientations or positional relationships conventionally found in use of products of the application, and are used only for convenience in describing the present application and for simplification of description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present application.
In the description of the present application, it is also to be noted that, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" are to be interpreted broadly, e.g., as being either fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the individual features of the embodiments can be combined with one another without conflict.
Example 1
Referring to fig. 1, for a man-machine behavior detection method provided in the embodiment of the present application, it is very difficult to prevent a robot from entering a system that uses a verification code to identify a man-machine in the prior art under the development of deep learning, so that in order to avoid this problem, the design uses different behaviors of the robot and people when acquiring data to perform screening, and uses abnormal downloads, such as too fast data acquisition, of the robot to perform screening, so as to achieve the purpose of preventing the robot; the specific implementation mode is as follows:
s101: presetting a human-computer verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads the preset amount of information within second preset time according to the category, the user is judged to be the robot, the IP address of the robot is recorded, and all account numbers of the IP address are forbidden to log in;
the method mainly comprises the following steps that a large amount of information is rapidly collected to detect abnormal conditions of a robot, so that the most obvious problem is that the robot collects a large amount of information, when a man-machine verification model is set, the conditions are monitored, wherein the data collected by the robot can directly enter a website through a logged page in order to simplify the operation process as much as possible, and for a common person, the first page of the website is basically stored to click the logged page, so that the robot is primarily screened, only users are marked, and the problem that the professional person or the user who logs in the website in the field is mistakenly considered as the robot is avoided; then, the user is tracked in real time within a first time (the first time is assumed to be 10 minutes), when the user downloads 100 files (preset number) in one second (second preset time) at any time period within ten minutes, the files are obviously not normally available, so that the user is determined to be a robot, the IP address of the robot is recorded, and all accounts of the IP address are prohibited from logging in, in order to avoid inconvenience for other users caused by switching other accounts of the robot to log in again;
s102: checking the server logs within a preset time period every day;
if the host computer accessing the website leaves a record on the server, whether the trace of the network robot exists can be judged by analyzing the log record. Most of network robots regularly visit websites, and if the same IP address regularly appears for a plurality of times in a log, the network robots are quite possible. It can then be known whether the IP address is in the blacklist by querying the IP address, location information and hostname.
S103: when a user logs in an account, monitoring the login condition by checking a login log;
whether the system is attacked by the database crash in a short time can be judged by looking up the log.
S104: if the account number of the user is in the login log, the login failure times within the fourth preset time exceed the preset times, and the account number is determined to be an abnormal account number; acquiring an IP address of the abnormal account, and setting the IP address to prohibit access;
due to the mode of database collision attack, the password accounts input by login are mostly unmatched, so that the IP address of the abnormal account is acquired and the IP address is set to be prohibited to access if the login failure times exceed thirty times (preset times) within fifteen minutes (fourth preset time); the specific quantity setting of the fourth preset time and the preset times aims to distinguish the malicious database-impacting attack of the robot from the situation that an ordinary user forgets the password, and normal people can log in again in a password-replacing mode more than ten times after the password is mistaken, so that the purpose of preventing the robot from malicious database-impacting is achieved.
S105: if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in.
After successful login, in order to avoid the robot from acquiring information by using a registered account, a human-computer verification interaction popup window, such as a verification code and the like, is popped up to the user interface, secondary screening is performed, and monitoring is performed by matching with a human-computer verification model, so that the purpose of preventing the robot from acquiring information is achieved.
In some embodiments of the invention, the human-machine-verification model further comprises: and if the user is imported from the external website, monitoring the stay time of the user on the internal initial webpage, if the stay time is shorter than the third preset time of normal human response, judging that the robot is the robot, recording the IP address of the robot, and forbidding all account numbers of the IP address to log in.
In some embodiments of the present invention, for a user entering an initial page of a website from an external link, the robot still needs to be monitored, and after the user enters the initial page of the website from the external link, the user directly jumps to a login page within 0.1 second (third preset time), and can deduce that the user has exceeded the reaction time of a normal person, thereby determining that the user is a robot, recording an IP address of the robot, and prohibiting all accounts of the IP address from logging in.
In some embodiments of the invention, a prompt message that the account is stolen is sent to the account logged in by using the IP address.
In some embodiments of the invention, for the attack of the robot in the collision of the library, the situation that the acquisition of the account and the password is completed in the collision of the robot in thirty times may also exist, and in order to avoid the situation, the warning information is sent to the account logged in this time in the form of a mailbox, a short message and the like to remind the user to change the password.
In some embodiments of the invention, the step of monitoring the time a user dwells on the internal initial webpage comprises: when a user opens the internal initial webpage, the built-in timer starts timing, when the user clicks the link on the internal initial webpage, the internal initial webpage skips to the webpage corresponding to the link, and simultaneously sends a signal to the built-in timer, and the built-in timer stops timing and calculates the retention time.
In some embodiments of the present invention, after the user logs in, the mouse is tracked, and if it is detected that the mouse does not move above the download link after logging in, but the user displaying the IP address in the server is downloading information, it is determined that the user is a robot, the IP address of the robot is recorded, and all account login of the IP address is prohibited.
In some embodiments of the invention, the robot can be identified by monitoring the track of the mouse, normal people basically click the mouse for the mouse download link or information check, and the robot sets a program, finds a code needing to click the link and directly connects the code; therefore, the mouse does not need to move, and whether the robot is the robot or not is judged.
In some embodiments of the present invention, if the displacement of the mouse movement is not continuous, it is determined that the user is a robot, the IP address of the robot is recorded, and all account logins of the IP address are prohibited.
In some embodiments of the present invention, there is also a robot that simulates a mouse to click, and in order to avoid such a high-level robot, continuity of movement displacement of the mouse is used to determine whether the mouse is supposed to move to a required connection or jump directly, so as to determine whether the robot is a robot.
In some embodiments of the present invention, the human-machine-authentication interactive popup comprises a plurality of dynamic pictures containing text information and answer text corresponding to any of the dynamic pictures.
In some embodiments of the invention, meanwhile, due to the development of the existing AI deep learning technology, the image recognition technology is more and more precise, so that the common verification code cannot prevent the robot, and therefore, the design adopts dynamic pictures, and the images of all states which need to be captured by the robot can recognize the information by utilizing the changed pictures, thereby increasing the recognition difficulty and reducing the passing probability of the robot.
Example 2
Referring to fig. 2, a human-machine behavior detection system provided in the present invention includes:
the model establishing module 1 is used for presetting a man-machine verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads the preset amount of information within second preset time according to the category, the user is judged to be the robot, the IP address of the robot is recorded, and all account numbers of the IP address are forbidden to log in; the daily detection module 2 is used for checking the server logs within a preset time period every day; the user login detection module 3 is used for monitoring the login condition by checking a login log when a user logs in an account; the first judgment module 4 is used for determining the account as an abnormal account if the login failure times of the account of the user in the login log within the fourth preset time exceed the preset times; acquiring an IP address of the abnormal account, and setting the IP address to prohibit access; a second judgment module 5; if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in.
Example 3
Referring to fig. 3, an electronic device provided by the present invention includes at least one processor 6, at least one memory 7, and a data bus 8; wherein: the processor 6 and the memory 7 complete mutual communication through a data bus 8; the memory 7 stores program instructions executable by the processor 6, and the processor 6 calls the program instructions to perform a human behavior detection method. The method is concretely realized as follows:
presetting a human-computer verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads the preset amount of information within second preset time according to the category, the user is judged to be the robot, the IP address of the robot is recorded, and all account numbers of the IP address are forbidden to log in; checking the server logs within a preset time period every day; when a user logs in an account, monitoring the login condition by checking a login log; if the account number of the user is in the login log, the login failure times within the fourth preset time exceed the preset times, and the account number is determined to be an abnormal account number; acquiring an IP address of the abnormal account, and setting the IP address to prohibit access; if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in.
Example 4
In some embodiments of the present invention, a computer-readable storage medium is provided for the present invention, on which a computer program is stored, characterized in that the computer program, when being executed by the processor 6, implements a human behavior detection method. The method is concretely realized as follows:
presetting a human-computer verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads the preset amount of information within second preset time according to the category, the user is judged to be the robot, the IP address of the robot is recorded, and all account numbers of the IP address are forbidden to log in; checking the server logs within a preset time period every day; when a user logs in an account, monitoring the login condition by checking a login log; if the account number of the user is in the login log, the login failure times within the fourth preset time exceed the preset times, and the account number is determined to be an abnormal account number; acquiring an IP address of the abnormal account, and setting the IP address to prohibit access; if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using a human-computer verification model; logging in a webpage after the interactive popup window and the human-computer verification model are judged through verification; otherwise, the webpage is prevented from being logged in.
The MEMORY 7 may be, but is not limited to, RANDOM ACCESS MEMORY (RAM), READ ONLY MEMORY (READ ONLY MEMORY, ROM), PROGRAMMABLE READ ONLY MEMORY (PROM), ERASABLE READ ONLY MEMORY (EPROM), electrically ERASABLE READ ONLY MEMORY (EEPROM), and the like.
The processor 6 may be an integrated circuit chip having signal processing capabilities. The PROCESSOR 6 may be a general-purpose PROCESSOR, including a CENTRAL PROCESSING UNIT (CPU), a NETWORK PROCESSOR (NP), etc.; it may also be a digital signal processor (DIGITAL SIGNAL PROCESSING, DSP), an APPLICATION Specific Integrated CIRCUIT (ASIC), a FIELD PROGRAMMABLE gate array (FIELD-PROGRAMMABLE GATE ARRAY, FPGA) or other PROGRAMMABLE logic device, discrete gate or transistor logic device, discrete hardware component.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a READ-ONLY MEMORY (ROM), a RANDOM ACCESS MEMORY (RAM), a magnetic disk or an optical disk, and various media capable of storing program codes.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A human-machine behavior detection method is characterized by comprising the following steps:
presetting a human-computer verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads a preset amount of information within a second preset time according to the category, the user is judged to be a robot, the IP address of the robot is recorded, and all account numbers of the IP address are prohibited from logging in;
checking the server logs within a preset time period every day;
when a user logs in an account, monitoring the login condition by checking a login log;
if the number of login failures of the account of the user in the login log in the fourth preset time exceeds the preset number, determining the account as an abnormal account; acquiring an IP address of the abnormal account, and setting the IP address to forbid access;
if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using the human-computer verification model; logging in a webpage after passing the judgment of the verification interactive popup window and the man-machine verification model; otherwise, the webpage is prevented from being logged in.
2. A human-machine behavior detection method as claimed in claim 1, wherein the human-machine verification model further comprises:
and if the user is imported from an external website, monitoring the stay time of the user on an internal initial webpage, if the stay time is lower than a third preset time for normal human response, judging that the robot is a robot, recording the IP address of the robot, and forbidding all account numbers of the IP address to log in.
3. The human-machine behavior detection method according to claim 2, wherein a prompt message indicating that an account is stolen is sent to an account registered by using the IP address.
4. A human-machine behavior detection method as claimed in claim 2, wherein the step of monitoring the time that the user stays on the internal initial web page comprises:
when a user opens the internal initial webpage, the built-in timer starts timing, when the user clicks the link on the internal initial webpage, the internal initial webpage skips to the webpage corresponding to the link, and simultaneously sends a signal to the built-in timer, and the built-in timer stops timing and calculates the retention time.
5. The human-computer behavior detection method as claimed in claim 1, wherein after the user logs in, the mouse is tracked, and if the mouse is detected not to move above the download link after logging in, but the user displaying the IP address in the server is downloading information, the user is determined to be a robot, the IP address of the robot is recorded, and all account numbers of the IP address are prohibited from logging in.
6. The human-machine behavior detection method according to claim 5, wherein if the displacement of the mouse movement is discontinuous, it is determined that the user is a robot, the IP address of the robot is recorded, and all account logins of the IP address are prohibited.
7. The method as claimed in claim 1, wherein the interactive pop-up window comprises a plurality of motion pictures containing text information and answer text corresponding to any of the motion pictures.
8. A human-machine behavior detection system, comprising:
the model establishing module is used for presetting a man-machine verification model; the man-machine verification model comprises the steps that a server log is used for inquiring an external webpage address entered by a user, if the user is not imported from an external website and directly jumps to a login interface, the user is judged as a risk user, and real-time tracking is carried out within first preset time; if the user downloads a preset amount of information within a second preset time according to the category, the user is judged to be a robot, the IP address of the robot is recorded, and all account numbers of the IP address are prohibited from logging in;
the daily detection module is used for checking the server logs within a preset time period every day;
the user login detection module is used for monitoring the login condition by checking the login log when the user logs in the account;
the first judgment module is used for determining the account number of the user as an abnormal account number if the login failure times within the fourth preset time in the login log exceed the preset times; acquiring an IP address of the abnormal account, and setting the IP address to forbid access;
a second judgment module; if the account number of the user is in the login log, the login failure times within four preset times are lower than the preset times, and the account number and the corresponding account number password are input successfully; popping a human-computer verification interactive popup window to a user interface, and monitoring by using the human-computer verification model; logging in a webpage after passing the judgment of the verification interactive popup window and the man-machine verification model; otherwise, the webpage is prevented from being logged in.
9. An electronic device comprising at least one processor, at least one memory, and a data bus; wherein: the processor and the memory complete mutual communication through the data bus; the memory stores program instructions executable by the processor, the processor calling the program instructions to perform the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111493000.6A CN114154147A (en) | 2021-12-08 | 2021-12-08 | Man-machine behavior detection method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111493000.6A CN114154147A (en) | 2021-12-08 | 2021-12-08 | Man-machine behavior detection method, system, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114154147A true CN114154147A (en) | 2022-03-08 |
Family
ID=80454036
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111493000.6A Withdrawn CN114154147A (en) | 2021-12-08 | 2021-12-08 | Man-machine behavior detection method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114154147A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115630373A (en) * | 2022-12-21 | 2023-01-20 | 四川知行志成科技有限公司 | Cloud service security analysis method, monitoring equipment and analysis system |
| CN115688147A (en) * | 2022-12-29 | 2023-02-03 | 亿海蓝(北京)数据技术股份公司 | Method, system, device, medium and chip for protecting geographic information system data |
| CN116541815A (en) * | 2023-07-06 | 2023-08-04 | 深圳市柏英特电子科技有限公司 | Computer equipment operation and maintenance data safety management system |
| CN117033742A (en) * | 2023-08-18 | 2023-11-10 | 广东轻工职业技术学院 | Data security acquisition method based on artificial intelligence |
-
2021
- 2021-12-08 CN CN202111493000.6A patent/CN114154147A/en not_active Withdrawn
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115630373A (en) * | 2022-12-21 | 2023-01-20 | 四川知行志成科技有限公司 | Cloud service security analysis method, monitoring equipment and analysis system |
| CN115688147A (en) * | 2022-12-29 | 2023-02-03 | 亿海蓝(北京)数据技术股份公司 | Method, system, device, medium and chip for protecting geographic information system data |
| CN115688147B (en) * | 2022-12-29 | 2023-02-28 | 亿海蓝(北京)数据技术股份公司 | Method, system, device, medium and chip for protecting geographic information system data |
| CN116541815A (en) * | 2023-07-06 | 2023-08-04 | 深圳市柏英特电子科技有限公司 | Computer equipment operation and maintenance data safety management system |
| CN116541815B (en) * | 2023-07-06 | 2024-04-05 | 深圳市柏英特电子科技有限公司 | Computer equipment operation and maintenance data safety management system |
| CN117033742A (en) * | 2023-08-18 | 2023-11-10 | 广东轻工职业技术学院 | Data security acquisition method based on artificial intelligence |
| CN117033742B (en) * | 2023-08-18 | 2024-02-20 | 广东轻工职业技术学院 | Data security acquisition method based on artificial intelligence |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114154147A (en) | Man-machine behavior detection method, system, equipment and medium | |
| KR101547999B1 (en) | Apparatus and method for automatically detecting malicious links | |
| CN108377241B (en) | Monitoring method, device and equipment based on access frequency and computer storage medium | |
| US10721245B2 (en) | Method and device for automatically verifying security event | |
| KR101743269B1 (en) | Method and apparatus of fraud detection by analysis of PC information and modeling of behavior pattern | |
| CN108924118B (en) | Method and system for detecting database collision behavior | |
| EP2069993A2 (en) | Security system and method for detecting intrusion in a computerized system | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN108600162B (en) | User authentication method and device, computing equipment and computer storage medium | |
| CN111641588A (en) | Webpage analog input detection method and device, computer equipment and storage medium | |
| JP2016033690A (en) | Illegal intrusion detection device, illegal intrusion detection method, illegal intrusion detection program, and recording medium | |
| CN114154990B (en) | Big data anti-attack method based on online payment and storage medium | |
| Singh et al. | Sql injection detection and correction using machine learning techniques | |
| CN114268452A (en) | Network security protection method and system | |
| CN115190108B (en) | Method, device, medium and electronic equipment for detecting monitored equipment | |
| CN114866296B (en) | Intrusion detection method, intrusion detection device, intrusion detection equipment and readable storage medium | |
| CN115706669A (en) | Network security situation prediction method and system | |
| CN115618283B (en) | Cross-site scripting attack detection method, device, equipment and storage medium | |
| CN114389875B (en) | Man-machine behavior detection method, system, equipment and medium | |
| CN111625700A (en) | Anti-grabbing method, device, equipment and computer storage medium | |
| CN115051867B (en) | Illegal external connection behavior detection method and device, electronic equipment and medium | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| CN113923039B (en) | Attack equipment identification method and device, electronic equipment and readable storage medium | |
| CN115442109A (en) | Method, device, equipment and storage medium for determining network attack result | |
| CN112702349B (en) | Network attack defense method and device and electronic bidding transaction platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220308 |