CN114448645A - Method, device, storage medium and program product for processing webpage access - Google Patents

Method, device, storage medium and program product for processing webpage access Download PDF

Info

Publication number
CN114448645A
CN114448645A CN202210233962.6A CN202210233962A CN114448645A CN 114448645 A CN114448645 A CN 114448645A CN 202210233962 A CN202210233962 A CN 202210233962A CN 114448645 A CN114448645 A CN 114448645A
Authority
CN
China
Prior art keywords
login
target
equipment
data
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210233962.6A
Other languages
Chinese (zh)
Inventor
赵雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Huya Technology Co Ltd
Original Assignee
Guangzhou Huya Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Huya Technology Co Ltd filed Critical Guangzhou Huya Technology Co Ltd
Priority to CN202210233962.6A priority Critical patent/CN114448645A/en
Publication of CN114448645A publication Critical patent/CN114448645A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The embodiment of the application provides a webpage access processing method, a webpage access processing device, a computer readable storage medium and a computer program product, and relates to the field of network security computing. The method comprises the following steps: receiving a login request initiated by a webpage aiming at a target account, and generating a login file aiming at target equipment initiating the login request; acquiring portrait data of the target account, and acquiring characteristic data for performing trust test from the login file; and when the target equipment is determined to be non-trusted equipment according to the portrait data and the characteristic data, executing verification operation of man-machine interaction to determine whether to respond to the login request. The method and the device for identifying the number stealing behavior of the webpage access improve the identification rate of the number stealing behavior of the webpage access.

Description

Method, device, storage medium and program product for processing webpage access
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for processing web page access, a computer apparatus, a computer-readable storage medium, and a computer program product.
Background
With the development of internet services, the scale of users of network service platforms is greatly improved. In order to provide exclusive service for users and facilitate the retention of user data, many network service platforms all adopt an account registration mode. However, in order to achieve some purposes, some phenomena of number stealing gradually occur. In order to prevent the phenomenon of number stealing from damaging the benefits of users, the network service platform can adopt some means to identify the phenomenon of number stealing of user accounts, and currently, the identification is generally realized by adopting a mode of identifying login geographical positions.
When the problem of the phenomenon of stealing numbers is solved, a part of stealing numbers comes from webpage access. The login of the number stealing behavior is often carried out when the user frequently logs on the display or reveals the number stealing behavior, and corresponding number stealing violation behaviors are carried out. Particularly, on a live broadcast platform, after a user account is stolen, illegal and illegal behaviors such as stealing and brushing, broadcasting involved yellow and the like can be utilized, which causes troubles to normal activities of the user on a network service platform and greatly influences the running service of normal webpage access of the network service platform.
Disclosure of Invention
The embodiment of the application provides a processing method and device for webpage access, a computer device, a computer readable storage medium and a computer program product, which are used for solving the technical problem that the existing running service for webpage access is influenced by the phenomenon of number stealing.
According to a first aspect of the embodiments of the present application, there is provided a method for processing web page access, the method including the following steps:
receiving a login request initiated by a webpage aiming at a target account, and generating a login file aiming at target equipment initiating the login request;
acquiring portrait data of the target account, and acquiring characteristic data for performing trust test from the login file;
and when the target equipment is determined to be non-trusted equipment according to the portrait data and the characteristic data, executing verification operation of man-machine interaction to determine whether to respond to the login request.
In an optional embodiment of an aspect, the receiving a login request initiated for a target account through a web page, and generating a login file for a target device initiating the login request includes:
and detecting that the target account is the target equipment ID when the target equipment logs in for the first time, and adding a prefix to the target equipment ID to form the unique equipment ID of the target equipment.
In an optional embodiment of an aspect, the characteristic data comprises a first unique device ID;
the step of determining that the target device is an untrusted device based on the representation data and the feature data comprises:
and matching the first unique equipment ID with a second unique equipment ID of the historical login equipment of the image data, wherein if the matching is unsuccessful, the target equipment is very signed equipment, and the very signed equipment is determined to be non-trusted equipment.
In an optional embodiment of an aspect, the feature data further comprises a login IP and a login time;
the step of determining that the target device is an untrusted device based on the representation data and the feature data comprises:
acquiring the current login IP and login time of the target equipment, and respectively matching with a frequently-logged place and a frequently-logged time period in the portrait data of the corresponding target account;
obtaining the score of each feature data according to the matching result, and carrying out weighted average calculation on the scores of all the login feature data;
and when the result of the weighted average calculation does not meet a preset detection value, determining that the target equipment is non-trusted equipment.
In an optional embodiment of an aspect, the step of obtaining the portrait data of the target account includes:
collecting login files in a historical preset time period, acquiring characteristic data of each historical login request, and forming a historical message queue;
and performing data cleaning on the historical message queue to obtain the portrait data of the target account.
In an optional embodiment of an aspect, the step of obtaining the representation data of the target account by cleansing according to the historical message queue includes:
acquiring the login place and login time of each historical login from the image data to form a corresponding login place-time distribution map; wherein, the value of the login place and the login time of each login is represented by a numerical point in the place-time distribution diagram;
and determining the range of the frequent login place and the frequent login time of the target account in the historical login based on the distribution of the numerical points in the location-time distribution diagram.
In an optional embodiment of an aspect, the method for processing web page access further includes:
acquiring a unique device ID of the untrusted device;
obtaining a related user account which is logged in by the untrusted device once based on the unique device ID of the untrusted device;
acquiring characteristic data of a corresponding historical login request of each associated user account to form a historical message queue;
confirming whether the last login place and/or login time of each associated user account corresponds to a constant login place and/or constant login time; the associated user account is other user accounts logged in by the untrusted device;
and if not, the corresponding associated user account performs temporary forbidding operation.
According to another aspect of the embodiments of the present application, there is provided a web page access processing apparatus, including:
the login file generation module is used for receiving a login request initiated by a webpage aiming at a target account and generating a login file aiming at target equipment initiating the login request;
the equipment trust test module is used for acquiring the portrait data of the target account and acquiring the characteristic data for performing trust test from the login file;
and the login request verification module is used for executing human-computer interaction verification operation to determine whether to respond to the login request when the target equipment is determined to be the non-trusted equipment according to the portrait data and the characteristic data.
According to another aspect of the embodiments of the present application, there is provided a computer apparatus including a memory, a processor and a computer program stored on the memory, wherein the processor executes the steps of the method for processing web page access according to any one of the foregoing computer programs.
According to another aspect of embodiments of the present application, there is provided a computer-readable storage medium, on which a computer program is stored, wherein the computer program is characterized in that when being executed by a processor, the computer program performs the steps of the method for processing web page access according to any one of the preceding claims.
According to another aspect of embodiments of the present application, there is provided a computer program product, including a computer program, wherein the computer program is characterized in that, when being executed by a processor, the computer program performs the steps of the method for processing web page access according to any one of the preceding claims.
The technical scheme provided by the embodiment of the application has the following beneficial effects:
according to the webpage access processing scheme, when the server receives a login request of a target account sent by target equipment through a webpage, a corresponding login file is formed, and characteristic data are obtained from the login file. And determining whether the target equipment is non-trusted equipment or not according to the characteristic data and the portrait data of the target account. And when the target equipment is determined to be the non-trusted equipment, determining whether to respond to the login request of the target equipment according to the confirmed result. Based on the technical scheme provided by the application, the technical problem that the frequently-landing number stealing behavior of the target account cannot be identified by the original identification means of the number stealing behavior by logging in the geographic position is solved, so that the identification rate of the number stealing behavior of webpage access is improved, the security guarantee level of the user account is facilitated, and the normal operation of the network service platform is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
FIG. 1 is a schematic diagram of a live broadcast room interface caused by a user account of a current live broadcast webpage being stolen and utilized for violation;
fig. 2 is a schematic flowchart of a method for processing web page access according to an embodiment of the disclosure;
fig. 3 is a display diagram of a verification interface for a login request on a live broadcast platform according to an embodiment of the present disclosure;
FIG. 4 is a log-in location-time profile provided by embodiments of the present disclosure;
FIG. 5 is a schematic structural diagram of a processing apparatus for web page access according to an embodiment of the disclosure;
fig. 6 is a schematic structural diagram of another processing apparatus for web page access provided in an embodiment of the disclosure;
fig. 7 is a schematic structural diagram of a computer device for processing web page access according to an embodiment of the disclosure.
Detailed Description
Embodiments of the present application are described below in conjunction with the drawings in the present application. It should be understood that the embodiments set forth below in connection with the drawings are exemplary descriptions for explaining technical solutions of the embodiments of the present application, and do not limit the technical solutions of the embodiments of the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should be further understood that the terms "comprises" and "comprising," when used in this specification, specify the presence of stated features, information, data, steps, operations, but do not preclude the presence or addition of other features, information, data, steps, operations, elements, components, and/or groups thereof, as supported by the present technology. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein indicates at least one of the items defined by the term, e.g., "a and/or B" indicates either an implementation as "a", or an implementation as "a and B".
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In addition to access using an application program, in order to realize better experience of web services, services of a conventional web service platform are particularly accessed by logging in using a web page in a fixed place such as a residence or an office. However, in the background of the enhanced management of the network service platform on the user account, in order to achieve an illegal purpose, some number stealing phenomena occur on the network service platform. The number stealing phenomenon generally includes acquiring a user account and user login information by means of collection or network capture, and performing illegal operation by using the acquired information. Furthermore, in order to avoid the existing means for identifying the stolen number by using the login geographical position, the web page access is performed according to the frequently-signed place displayed or leaked when the user account normally logs in, so that a new challenge is provided for the identification of the stolen number phenomenon by the network service platform.
Fig. 1 is a schematic diagram of a live broadcast room interface caused by a user account of a current live broadcast web page being stolen and utilized for violation. As shown in fig. 1, a number thief may steal a number by collecting, grabbing, or stealing a frequently-registered location of a user account, and then perform a number-stealing violation, such as stealing, starting to read a yellow account, or sending a barrage content disturbing a main broadcast in a live broadcast room.
Fig. 2 is a schematic flowchart of a processing method for web page access according to an embodiment of the disclosure.
In order to solve the technical problem, the application provides a processing method for web page access.
Referring to fig. 2, the method comprises at least the following steps:
s110, receiving a login request initiated by a webpage aiming at a target account, and generating a login file aiming at target equipment initiating the login request;
s120, acquiring portrait data of the target account, and acquiring characteristic data for performing trust test from the login file;
s140, when the target device is determined to be an untrusted device according to the portrait data and the feature data, performing verification operation of human-computer interaction to determine whether to respond to the login request.
The embodiments corresponding to the above steps S110 to S140 may occur between a server and a terminal device that currently sends a login request, where the server and the terminal device establish a communication connection, and data interaction can be implemented according to an instruction or a response instruction. In the embodiment corresponding to the above steps, the execution subject is a server. The following is a detailed description of how the above steps are performed between the server and the terminal device.
The terminal device can utilize the user account of a specific network service platform to send a login request instruction to the network service platform through the browser. In this embodiment, the user account is set as a target account, and the terminal device that issues the login request is the target device. In the subsequent processing execution process, whether the target device is an untrusted device or not is determined for the target account. The login request command may be input by controlling the terminal device, or may be input according to a login program setting of a user account which is obtained in advance and carries a target account.
And the target equipment sends a login request to the server according to the login request instruction. In this embodiment, the target device may input the login link of the network service platform through the browser according to the login request instruction, so that the browser interface jumps to the login page of the network service platform, inputs the account information of the target account into the account control of the login page, and sends a login request to the network service platform for the target account, so that the target device may enter the login page corresponding to the login website of the network service platform according to the response packet fed back by the server.
After receiving the login request, the server acquires the ID of the target device according to the login request and generates a login file. Wherein the login file carries the target device ID.
In this embodiment, the server feeds back the login file of the target site from the network service platform to the target device. The target device extracts information including the target device ID and cookie setting data established under the domain name of the input login link from the received login file, and according to the cookie setting data, the target device defaults to carry a cookie established under the domain name of the input login link in a login interface of the target device. With the above-described embodiment, the cookie setting data includes the login address of the web service platform requested to be logged in. Based on the target device ID and the cookie setting data carried in the login file, the target device can re-initiate the target device ID corresponding to the current login request of the target account through the web page, so as to subsequently confirm whether the target device is an untrusted device.
The server feeds back a login file of a target site from the network service platform to the target equipment, and records feature data capable of judging whether the target equipment is untrusted equipment in the login file. Based on the characteristic data, the server can perform trust test on the target device of which the target account sends the login request.
The server obtains image data of the registration history of the target account based on the history registration record of the target account. The image data comprises a history record formed by at least one kind of data formed by the target account in each history login request, and/or processing data obtained by further processing the history record. The image data may also represent attribute information of the target account, history registration tracks, and the like. For example, in the live platform, whether the corresponding registered user is the anchor user or the audience user, a geographical track and a time track of historical login of the user, and the like can be obtained through the target account.
And when the server determines that the target equipment is the non-trusted equipment according to the image data and the characteristic data, the server further executes verification operation of man-machine interaction. Specifically, the server may determine whether to respond to the login request sent by the target device based on the authentication result obtained by the authentication operation. If the target equipment is obtained as the non-trusted equipment according to the verification result, the login request sent by the target equipment currently is not responded; otherwise, responding to the login request so that the target device performs login access aiming at the target account.
In this embodiment, the verification operation of the human-computer interaction may be that, according to a verification result of the untrusted device, the server obtains a user number corresponding to the target account, sends verification information of the current login request to the terminal device using the user number, and determines whether to respond to the login request according to a detection result of whether the user confirms the verification information. If the operation of confirming the verification information is detected, responding the login request when the confirmation information is correct; and if the operation of confirming the verification information is not detected or the confirmation information is wrong, forbidding the login request to be executed.
Fig. 3 is a display diagram of a verification interface of a login request on a live broadcast platform according to an embodiment of the present disclosure.
Referring to fig. 3, in an embodiment of the live broadcast platform, the verification operation of the human-computer interaction may be a submission control that, according to a login request, the server sends verification information to a terminal device of a user number registered in the target account, and at the same time, also pushes the verification information to an operation interface of the target device that sent the login request. And determining whether to respond to the login request by detecting the matching condition of the authentication information and the authentication information of the terminal equipment sent to the user number within the set time.
According to the analysis, the processing method for web page access provided by the application, when the server receives a login request of a target account sent by the target device through a web page, a corresponding login file is formed, and the characteristic data is obtained from the login file. And determining whether the target equipment is non-trusted equipment or not according to the characteristic data and the portrait data of the target account. And when the target equipment is determined to be the non-trusted equipment, determining whether to respond to the login request of the target equipment according to the confirmed result. Based on the technical scheme provided by the application, the technical problem that the frequently-landing number stealing behavior of the target account cannot be identified by the original identification means of the number stealing behavior by logging in the geographic position is solved, so that the identification rate of the number stealing behavior of webpage access is improved, the security guarantee level of the user account is facilitated, and the normal operation of the network service platform is ensured.
Based on the above provided embodiments, the step of generating a login file for the target device initiating the request in step S120 includes:
and detecting that the target account is the target equipment ID when the target equipment logs in for the first time, and adding a prefix to the target equipment ID to form the unique equipment ID of the target equipment.
In this embodiment, the server obtains the ID of the target device from the login file carrying the target device. The server can determine whether the target device logs in for the first time of the target account from the historical login record of the target account corresponding to the login request according to the ID of the target device. And if so, acquiring the ID of the target equipment, and adding a prefix to the ID to obtain the unique equipment ID of the target equipment for the target account.
And the prefix may be added according to a preset setting. For example, the following steps are carried out: in this embodiment, according to the case of logging in through a web page, the prefix is denoted by "w", and the corresponding unique device ID is obtained as: w _482599900584255488, and the "482599900584255488" is the target device ID of the target device to which the target account first logs in. Logging in other ways than through a web page walk, such as an application, can be distinguished based on the prefix being in "w".
In this embodiment, the target device ID may generate a globally unique ID for the target device through a snowflake algorithm. And acquiring a current login time frame of a target account logged in by the target equipment and the content of equipment information and the like of the target equipment by using a snowflake algorithm, and forming the global unique ID according to a preset rule. Besides, the globally unique ID of the target device ID can be obtained by using other methods such as database self-increment and UUID.
The unique device ID obtained in the above embodiments may be used to detect whether the target device is an untrusted test. And the characteristic data comprises a first unique device ID. That is, the login manner, the login IP, the device information of the target device, and the like of the target account for logging in the target device for the first time can be obtained according to the first unique device ID. The login IP is an internet protocol address indicating that the terminal device can represent a login geographical location when issuing a login request.
On this basis, the determining that the target device is an untrusted device according to the portrait data and the feature data in step S140 includes:
and matching the first unique equipment ID with a second unique equipment ID of the historical login equipment of the image data, wherein if the matching is unsuccessful, the target equipment is very signed equipment, and the very signed equipment is determined to be non-trusted equipment.
Recording the history registration condition of the target account in the image data, including the history registration terminal device ID and the history registration IP; statistical data of historical login conditions, such as the frequency of occurrence of historical login IPs corresponding to respective terminal devices, may also be included. According to the statistical data of the occurrence frequency of the historical login IP, the frequently-logged-in place of the corresponding target account can be obtained. If the log-in IP of the current log-in obtained by analyzing the first unique device ID is matched with the history log-in IP in the second unique device ID of the image data or the regular log-in place obtained by counting the appearance frequency of the history log-in IP. And if the matching fails, determining the target device as a very registered device, and determining the very registered device as an untrusted device. In this embodiment, the login place may be confirmed according to the frequency of occurrence of the second unique device ID of the corresponding target account, and the login place may be represented by a login IP from which a login request is issued in the history login record.
The method may further include marking the non-trusted device before determining that the non-trusted device is a non-trusted device. And according to the label of the non-signed device, the server directly confirms the corresponding target device as the non-trusted device. Or when the target device is determined to be the non-trusted device, determining whether the current target device is the non-trusted device according to the type of the logged-in webpage. For example, the type of the logged-in web page is a service page of a government service website, and the historical login corresponding to the portrait data of the target account may be at other government service websites or addresses. Therefore, for the service page of the current login webpage, which is confirmed to be the government affair service network point, the target account is normally logged in by replacing different terminal devices at different login time, and at the moment, the current target device cannot be used as an untrusted device.
For the characteristic data referred to in the above embodiments, a login IP and a login time may be further included.
On this basis, the step of determining that the target device is an untrusted device according to the portrait data and the feature data in step S140 includes:
acquiring the current login IP and login time of the target equipment, and respectively matching with a frequently-logged place and a frequently-logged time period in the portrait data of the corresponding target account;
obtaining the score of each feature data according to the matching result, and carrying out weighted average calculation on the scores of all the login feature data;
and when the result of the weighted average calculation does not meet a preset detection value, determining that the target equipment is non-trusted equipment.
In this embodiment, the login IP and login time of the target device, which are acquired by the current login of the target device, are matched item by item with the frequently-logged place and the frequently-logged time in the portrait data of the corresponding target account. And scoring the feature data of each item according to the matching result.
For the content of the login IP in the feature data, the specific login position of the current login of the target device can be embodied, such as the D street E house number in the C district of B city, A province. Such as a score range of 0-10 points for that particular login location. If the specific registered position of the current registration is consistent with the specific position of the current registration place in the image data, the score is the highest and is 10 points.
And if the specific login position of the current login is not consistent with the specific position of the frequently-logged place in the image data, setting a corresponding score ratio according to the geographical level corresponding to each geographical information in the specific position. The specific login location includes 5 geographical levels, which are province, city, district, street and house number, and the levels are arranged from high to low according to the size of the corresponding geographical range, and the geographical levels from high to low are obtained as: province, city, district, street and house number. The higher the geographical level, the greater the fraction of the score occupied. In this embodiment, the score ratios of province, city, district, street and house number are: 4. 3, 2, 1 and 0.
And if the specific login position of the current login is compared with the specific location of the frequently-logged place in the image data, deducting the corresponding score according to different geographic levels to obtain the score corresponding to the specific login position of the current login. If the specific login position of the current login is D1 street E1 house number in C1 area of city B, province A, the corresponding score is 7. According to the score, the specific login position of the current login of the target equipment can be embodied in a data form, so that a data base is provided for the trust test more conveniently.
In addition, for the content of the login IP in the feature data, a score value may be preset for each area on the map. Specifically, on the map with the regional score set, the login IP is confirmed to obtain the position corresponding to the current login address of the target device, and the score corresponding to the current login IP of the target device is obtained.
For the content of the login time in the feature data, the login time of the target device is divided into time periods according to the similarity degree of the time periods corresponding to the general living habits of the user. And giving a score to the specific login time according to the similarity of the life habits and the frequent login time.
For example, the frequent login time of the target account is 19: 40PM, and according to general living habits, the time is generally the time period for learning and entertainment after eating rice. For general living habits, the time period for learning and entertainment after eating rice is generally 19-22 PM. If the specific login time of the target device is 21PM, the corresponding score can obtain the highest score of 10. And if the time range of the time period 19-22PM is exceeded, determining a corresponding score according to the specific login time of the target equipment and the size of the time interval of the target equipment.
After each item of feature data currently logged in by the target device is obtained, the weighting proportion of each item of feature data can be determined according to the type corresponding to the logged webpage.
And comparing the total score obtained by the weighted average with a preset detection value aiming at the type corresponding to the webpage, and determining that the target equipment is non-trusted equipment when the total score does not meet the preset detection value. The preset detection value may be a numerical value or may relate to a range with respect to the preset detection value.
In order to clearly illustrate how to determine whether the target device is an untrusted device, the above embodiment of the live platform is used, and the implementation of the scheme is further described in different cases.
In the case that the web page is a web page of a live platform, the weighted ratio of the login time is higher than that of the login IP, such as 6: 4. the total score corresponding to the current login of the target device can be obtained according to the specific score corresponding to the current login time and the login IP of the target device obtained in the above specific example or other manners, and according to the weighting proportion of the type corresponding to the login webpage.
Further, according to the embodiment of the live broadcast platform, the weighted ratio of the feature data may also be based on the type of the live broadcast room and/or the live broadcast history data. For example, the type of the live broadcast room a is domestic travel, the target account is a main broadcast account, and the main broadcast generally needs to convert different live broadcast scenes, so in this embodiment, the login time is much higher than the weighted ratio of the login IP.
If the target account is the audience account, the historical login information is obtained according to the image data, the geographical position range corresponding to the login IP of the audience account is determined according to the historical login information, such as office workers, the geographical position range corresponding to the login IP of the audience account is basically in the address of an office or a house of the owner, and the historical login address is relatively stable. For this situation, the weighting ratio of the login IP of the target device may be adjusted up to be higher than the login time, so that the total score corresponding to the current login of the target device may more easily determine whether the target device is an untrusted device.
If the type of the live broadcast room B is knowledge sharing, the target account is a primary account, and since a historical login IP obtained from the acquired portrait information of the primary account is generally stable in one place, the weighted proportion of the login IP is much higher than the login time. When the login IP can be matched with the historical login IP, the corresponding sub-score related to the login IP is low, the final total score cannot meet the preset detection value, and the server can determine the target device to be the non-trusted device more easily.
In the above embodiment, the image data is obtained by the operation of acquiring the image data of the target account in step S120, and the operation may further include:
collecting login files in a historical preset time period, acquiring the characteristic data of each login request, and forming a historical message queue;
and performing data cleaning on the historical message queue to obtain the portrait data of the target account.
In the server, each time a login request for the target account is received, a corresponding login file is generated, and the feature data is acquired from the generated login file. For the collected characteristic data, the characteristic data can be stored in terms to form a historical message queue in a historical preset time period based on the target account.
The partial content of the collected characteristic data at least comprises partial content of statistics required by formed portrait data, so that partial content of statistics required by portrait data is formed in the historical message queue for statistics.
After the historical message queue is obtained, according to the statistical requirement of the itemized content of the image data of the target account or the preset of itemized statistics, data cleaning is carried out on the itemized content which is not met by the feature data corresponding to each login. The historical message queue can also delete the whole feature data corresponding to the preset itemized content, so as to avoid the waste of data operation resources caused by the increase of data volume in the subsequent trust test.
For the above steps: according to the historical message queue, data cleaning is performed to obtain the portrait data of the target account, and the method may further include:
obtaining the login place and login time of each historical login from the historical message queue to form a login place-time distribution map; wherein, the value of the login place and the login time of each login is represented by a numerical point in the place-time distribution diagram;
determining the range of the frequent login place and the frequent login time of the target account in the historical login based on the density of the numerical points in the location-time distribution diagram.
Fig. 4 is a log-in location-time profile provided by embodiments of the present disclosure.
Referring to fig. 4, in the present embodiment, the horizontal axis and the vertical axis of the login location-time distribution diagram are respectively the login time score and the login location score, and the numerical values of the scores obtained for the login location and the login time of the feature data corresponding to each historical login are recorded in a dotted manner on the login location-time distribution diagram, so as to obtain the login image of the target account.
In the registration image in the location-time distribution diagram, the range of the constant login location and the constant login time of the target account in the history registration is determined according to the distribution of a plurality of data points which represent scores corresponding to the registration location and the registration time of the history registration.
The distribution may include a density of the data points, or at least one of a closed-loop embodiment formed by a line or a plurality of lines of the data points. And, a concentrated region of the plurality of data points can be obtained from the distribution. And directly acquiring a corresponding constant login place and constant login time of the target account in the historical login by using a concentrated area embodied by a plurality of data points of the place-time distribution diagram. If the login IP and the login time corresponding to the current login are simultaneously in the range of the constant login place and the constant login time represented on the place-time distribution diagram, the target device of the current login target account is the trust device; otherwise, it is an untrusted device.
As shown in fig. 4, there is a closed loop H formed by a plurality of data points distributed in a certain area of the distribution diagram as the basis of the corresponding frequent login location and frequent login time of the target account in the history login. In this embodiment, the geometric center point of the closed loop H is obtained from the closed loop H, and the login location and the login time corresponding to the data point corresponding to the history record closest to the geometric center point are used as the constant login location and the constant login time.
In the above implementation, if it is determined that the target device is an untrusted device, the unique device ID of the untrusted device is obtained.
Based on the unique device ID of the untrusted device, the method for processing web page access provided by the present application further includes:
obtaining a related user account which is logged in by the untrusted device once based on the unique device ID of the untrusted device;
acquiring characteristic data of a corresponding historical login request of each associated user account to form a historical message queue;
confirming whether the last login place and/or login time of each associated user account corresponds to a constant login place and/or constant login time; the associated user account is other user accounts logged in by the untrusted device;
and if not, the corresponding associated user account performs temporary forbidding operation.
In this embodiment, according to the unique device ID of the untrusted device, the other user accounts involved in the historical login record of the untrusted device are obtained, where the record of the other user accounts is obtained from the login file generated by the target device sending the login request. In this embodiment, the other user account is defined as: the target device is used as an associated user account in the case of an untrusted device.
Each associated user account generates a piece of feature data each time the associated user account logs in the target device, and a corresponding historical message queue is formed for the feature data generated by one associated user account. Each historical message queue includes: the login location and/or login time generated by logging in the target device for the same associated user account.
And acquiring whether the corresponding target account is the corresponding constant login place and/or constant login time at the last login place and/or login time of the target equipment from the history message queue, and judging whether the constant login place and/or constant login time is the constant login place and/or constant login time which can be embodied by the portrait data of the target account.
If not, confirming that the associated user account is an untrusted account, performing temporary disabling operation on the associated user account, and confirming the target device as untrusted device.
In the above process, the sub-item content of the image data statistics may be determined according to the type of the webpage logged by the associated user account. For example, if the web page is a web service web page of a government office, the corresponding weighting ratio of the login location is small, and even does not need to be considered, at this time, the login time is mainly used as one of the main consideration factors of the image data, and the trust test is performed on the associated user account. If the login time exceeds the normal government affair service time, the associated user account can be directly confirmed to be an untrusted account, and the target device is confirmed to be untrusted.
Fig. 5 is a schematic structural diagram of a processing apparatus for web page access according to an embodiment of the disclosure.
An embodiment of the present application provides a processing apparatus for web page access, and as shown in fig. 5, the processing apparatus 200 for web page access may include:
a login file generation module 210, configured to receive a login request initiated for a target account through a web page, and generate a login file for a target device initiating the login request;
the device trust test module 220 is used for acquiring the portrait data of the target account and acquiring feature data for performing trust test from the login file;
a login request verification module 240, configured to perform a verification operation of human-computer interaction to determine whether to respond to the login request when the target device is determined to be an untrusted device according to the portrait data and the feature data.
The web page access processing apparatus 200 of this embodiment can execute the web page access processing method shown in the above embodiments of this application, and the implementation principles thereof are similar, and are not described herein again.
In the processing apparatus 200 for web page access provided by the present application, when a server receives a login request sent by a target device through a web page for a target account, a corresponding login file is formed, and feature data is obtained from the login file. And determining whether the target equipment is non-trusted equipment or not according to the characteristic data and the portrait data of the target account. And when the target equipment is determined to be the non-trusted equipment, determining whether to respond to the login request of the target equipment according to the confirmed result. Based on the technical scheme provided by the application, the technical problem that the frequently-landing number stealing behavior of the target account cannot be identified by the original identification means of the number stealing behavior by logging in the geographic position is solved, so that the identification rate of the number stealing behavior of webpage access is improved, the security guarantee level of the user account is facilitated, and the normal operation of the network service platform is ensured.
The login file generating module 210 is further configured to detect that the target account is obtained when the target device logs in for the first time, and add a prefix to the target device ID to form a unique device ID of the target device.
The feature data includes a first unique device ID, and the login request verification module 240 is further configured to match the first unique device ID with a second unique device ID of the historical login device of the image data, and if the matching is unsuccessful, the target device is a very logged-in device, and it is determined that the very logged-in device is an untrusted device.
The characteristic data further comprises a login IP and login time, and a login request verification module 240 is further used for obtaining the current login IP and login time of the target device and respectively matching with a frequently-logged place and a frequently-logged time period in the portrait data of the corresponding target account;
obtaining the score of each feature data according to the matching result, and carrying out weighted average calculation on the scores of all the login feature data;
and when the result of the weighted average calculation does not meet a preset detection value, determining that the target equipment is non-trusted equipment.
The device trust test module 220 is configured to collect login files in a historical preset time period, obtain characteristic data of each historical login request, and form a historical message queue;
and performing data cleaning on the historical message queue to obtain the portrait data of the target account.
The device trust test module 220 is further configured to obtain a login location and login time of each historical login from the portrait data to form a corresponding login location-time distribution map; wherein, the value of the login place and the login time of each login is represented by a numerical point in the place-time distribution diagram;
and determining the range of the frequent login place and the frequent login time of the target account in the historical login based on the distribution of the numerical points in the location-time distribution diagram.
Fig. 6 is a schematic structural diagram of another processing apparatus for web page access according to an embodiment of the disclosure.
As shown in fig. 6, the apparatus of the present embodiment further includes: an account trust test module 240 associated with the user account.
The account trust testing module 240 of the associated user account is configured to obtain a unique device ID of the untrusted device;
obtaining a related user account which is logged in by the untrusted device once based on the unique device ID of the untrusted device;
acquiring characteristic data of a corresponding historical login request of each associated user account to form a historical message queue;
confirming whether the last login place and/or login time of each associated user account corresponds to a constant login place and/or constant login time; the associated user account is other user accounts logged in by the untrusted device;
and if not, the corresponding associated user account performs temporary forbidding operation.
Corresponding description of another apparatus and method:
the apparatus of the embodiment of the present application may execute the method provided by the embodiment of the present application, and the implementation principle is similar, the actions executed by the modules in the apparatus of the embodiments of the present application correspond to the steps in the method of the embodiments of the present application, and for the detailed functional description of the modules of the apparatus, reference may be specifically made to the description in the corresponding method shown in the foregoing, and details are not repeated here.
The embodiment of the present application provides a computer apparatus, including a memory, a processor and a computer program stored on the memory, where the processor executes the computer program to implement the steps of the processing method for web page access, and compared with the prior art, the method can implement: when the server receives a login request of a target account sent by target equipment through a webpage, a corresponding login file is formed, and characteristic data are obtained from the login file. And determining whether the target equipment is non-trusted equipment or not according to the characteristic data and the portrait data of the target account. And when the target equipment is determined to be the non-trusted equipment, determining whether to respond to the login request of the target equipment according to the confirmation result. Based on the technical scheme provided by the application, the technical problem that the frequently-landing number stealing behavior of the target account cannot be identified by the original identification means of the number stealing behavior by logging in the geographic position is solved, so that the identification rate of the number stealing behavior of webpage access is improved, the security guarantee level of the user account is facilitated, and the normal operation of the network service platform is ensured.
In an alternative embodiment, a computer apparatus is provided, as shown in fig. 7, the computer apparatus 4000 shown in fig. 7 comprising: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the computer apparatus 4000 may further include a transceiver 4004, and the transceiver 4004 may be used for data interaction between the computer apparatus and other computer apparatuses, such as transmission of data and/or reception of data. In addition, the transceiver 4004 is not limited to one in practical applications, and the structure of the computer device 4000 is not limited to the embodiment of the present application.
The Processor 4001 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Bus 4002 may include a path that carries information between the aforementioned components. The bus 4002 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 4002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
The Memory 4003 may be a ROM (Read Only Memory) or other types of static storage devices that can store static information and instructions, a RAM (Random Access Memory) or other types of dynamic storage devices that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium, other magnetic storage devices, or any other medium that can be used to carry or store a computer program and that can be Read by a computer, without limitation.
The memory 4003 is used for storing computer programs for executing the embodiments of the present application, and is controlled by the processor 4001 to execute. The processor 4001 is used to execute computer programs stored in the memory 4003 to implement the steps shown in the foregoing method embodiments.
Among these, computer devices include but are not limited to: desktop computer devices, mobile computers or portable mobile terminals such as mobile phones, tablet computers, etc.
The embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps and corresponding contents of the foregoing embodiment of the processing method for web page access may be implemented.
The embodiment of the present application further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the steps and corresponding contents of the foregoing processing method for web page access may be implemented.
It should be understood that, although each operation step is indicated by an arrow in the flowchart of the embodiment of the present application, the implementation order of the steps is not limited to the order indicated by the arrow. In some implementation scenarios of the embodiments of the present application, the implementation steps in the flowcharts may be performed in other sequences as desired, unless explicitly stated otherwise herein. In addition, some or all of the steps in each flowchart may include multiple sub-steps or multiple stages based on an actual implementation scenario. Some or all of these sub-steps or stages may be performed at the same time, or each of these sub-steps or stages may be performed at different times, respectively. In a scenario where execution times are different, an execution sequence of the sub-steps or the phases may be flexibly configured according to requirements, which is not limited in the embodiment of the present application.
The foregoing is only an optional implementation manner of a part of implementation scenarios in this application, and it should be noted that, for those skilled in the art, other similar implementation means based on the technical idea of this application are also within the protection scope of the embodiments of this application without departing from the technical idea of this application.

Claims (11)

1. A method for processing web page access is characterized by comprising the following steps:
receiving a login request initiated by a webpage aiming at a target account, and generating a login file aiming at target equipment initiating the login request;
acquiring portrait data of the target account, and acquiring characteristic data for performing trust test from the login file;
and when the target equipment is determined to be non-trusted equipment according to the portrait data and the characteristic data, executing verification operation of man-machine interaction to determine whether to respond to the login request.
2. The method for processing web page access according to claim 1, wherein:
the step of receiving a login request initiated by a webpage aiming at a target account and generating a login file aiming at target equipment initiating the request comprises the following steps:
and detecting that the target account is the target equipment ID when the target equipment logs in for the first time, and adding a prefix to the target equipment ID to form the unique equipment ID of the target equipment.
3. The method for processing webpage access according to claim 2, wherein:
the characteristic data comprises a first unique device ID;
the step of determining that the target device is an untrusted device based on the representation data and the feature data comprises:
and matching the first unique equipment ID with a second unique equipment ID of the historical login equipment of the image data, wherein if the matching is unsuccessful, the target equipment is very signed equipment, and the very signed equipment is determined to be non-trusted equipment.
4. The method for processing webpage access according to one of claims 1 or 3, wherein:
the characteristic data also comprises a login IP and login time;
the step of determining that the target device is an untrusted device based on the representation data and the feature data comprises:
acquiring the current login IP and login time of the target equipment, and respectively matching with a frequently-logged place and a frequently-logged time period in the portrait data of the corresponding target account;
obtaining the score of each feature data according to the matching result, and carrying out weighted average calculation on the scores of all the login feature data;
and when the result of the weighted average calculation does not meet a preset detection value, determining that the target equipment is non-trusted equipment.
5. The method for processing webpage access according to claim 4, wherein the step of obtaining the portrait data of the target account includes:
collecting login files in a historical preset time period, acquiring characteristic data of each historical login request, and forming a historical message queue;
and performing data cleaning on the historical message queue to obtain the portrait data of the target account.
6. The method for processing webpage access according to claim 5, wherein:
the step of obtaining the portrait data of the target account by cleaning according to the historical message queue comprises the following steps:
acquiring the login place and login time of each historical login from the image data to form a corresponding login place-time distribution map; wherein, the value of the login place and the login time of each login is represented by a numerical point in the place-time distribution diagram;
and determining the frequently-registered places and the frequently-registered time ranges of the target account in the historical login based on the distribution of the numerical points in the place-time distribution diagram.
7. The method for processing webpage access according to claim 6, further comprising:
acquiring a unique device ID of the untrusted device;
obtaining a related user account which is logged in by the untrusted device once based on the unique device ID of the untrusted device;
acquiring characteristic data of a corresponding historical login request of each associated user account to form a historical message queue;
confirming whether the last login place and/or login time of each associated user account corresponds to a constant login place and/or constant login time; the associated user account is other user accounts logged in by the untrusted device;
and if not, the corresponding associated user account performs temporary forbidding operation.
8. A web page access processing apparatus, comprising:
the login file generation module is used for receiving a login request initiated by a webpage aiming at a target account and generating a login file aiming at target equipment initiating the login request;
the equipment trust test module is used for acquiring the portrait data of the target account and acquiring the characteristic data for performing trust test from the login file;
and the login request verification module is used for executing human-computer interaction verification operation to determine whether to respond to the login request when the target equipment is determined to be the non-trusted equipment according to the portrait data and the characteristic data.
9. A computer arrangement comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to implement the steps of the method for handling web page access according to any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for processing web page accesses of any one of claims 1 to 7.
11. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method for processing web page access according to any one of claims 1 to 7 when executed by a processor.
CN202210233962.6A 2022-03-10 2022-03-10 Method, device, storage medium and program product for processing webpage access Pending CN114448645A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210233962.6A CN114448645A (en) 2022-03-10 2022-03-10 Method, device, storage medium and program product for processing webpage access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210233962.6A CN114448645A (en) 2022-03-10 2022-03-10 Method, device, storage medium and program product for processing webpage access

Publications (1)

Publication Number Publication Date
CN114448645A true CN114448645A (en) 2022-05-06

Family

ID=81359589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210233962.6A Pending CN114448645A (en) 2022-03-10 2022-03-10 Method, device, storage medium and program product for processing webpage access

Country Status (1)

Country Link
CN (1) CN114448645A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180124037A1 (en) * 2015-07-02 2018-05-03 Alibaba Group Holding Limited Identification of a related computing device for automatic account login
CN109039987A (en) * 2017-06-08 2018-12-18 北京京东尚科信息技术有限公司 A kind of user account login method, device, electronic equipment and storage medium
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
CN111865885A (en) * 2019-04-30 2020-10-30 中移(苏州)软件技术有限公司 Access control method, device, equipment and storage medium
US20210004807A1 (en) * 2019-07-01 2021-01-07 Raymond Anthony Joao Apparatus and method for providing transaction security and/or account security

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180124037A1 (en) * 2015-07-02 2018-05-03 Alibaba Group Holding Limited Identification of a related computing device for automatic account login
CN109039987A (en) * 2017-06-08 2018-12-18 北京京东尚科信息技术有限公司 A kind of user account login method, device, electronic equipment and storage medium
CN111865885A (en) * 2019-04-30 2020-10-30 中移(苏州)软件技术有限公司 Access control method, device, equipment and storage medium
CN110138791A (en) * 2019-05-20 2019-08-16 四川长虹电器股份有限公司 Web service account takeover method of real-time and system based on Flink
US20210004807A1 (en) * 2019-07-01 2021-01-07 Raymond Anthony Joao Apparatus and method for providing transaction security and/or account security

Similar Documents

Publication Publication Date Title
CN108768943B (en) Method and device for detecting abnormal account and server
KR101743269B1 (en) Method and apparatus of fraud detection by analysis of PC information and modeling of behavior pattern
EP2691848B1 (en) Determining machine behavior
CN111274583A (en) Big data computer network safety protection device and control method thereof
CN108183900B (en) Method, server, system, terminal device and storage medium for detecting mining script
KR20180082504A (en) Methods and equipment for application information risk management
CN110035075A (en) Detection method, device, computer equipment and the storage medium of fishing website
CN106878108B (en) Network flow playback test method and device
US20130185645A1 (en) Determining repeat website users via browser uniqueness tracking
CN110677384B (en) Phishing website detection method and device, storage medium and electronic device
CN111885007B (en) Information tracing method, device, system and storage medium
KR102110642B1 (en) Password protection question setting method and device
CN107241292B (en) Vulnerability detection method and device
CN103973635A (en) Page access control method, and related device and system
CN112565226A (en) Request processing method, device, equipment and system and user portrait generation method
CN113497807A (en) Method and device for detecting user login risk and computer readable storage medium
CN109688099B (en) Server-side database collision identification method, device, equipment and readable storage medium
CN112087455B (en) WAF site protection rule generation method, system, equipment and medium
CN104573486A (en) Vulnerability detection method and device
CN115051867B (en) Illegal external connection behavior detection method and device, electronic equipment and medium
CN113794731B (en) Method, device, equipment and medium for identifying CDN (content delivery network) -based traffic masquerading attack
CN114448645A (en) Method, device, storage medium and program product for processing webpage access
CN110955890A (en) Method and device for detecting malicious batch access behaviors and computer storage medium
CN115643044A (en) Data processing method, device, server and storage medium
CN108683670B (en) Malicious traffic identification method and system based on website application system access

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination