CN114741684A - Account detection method, device, server and storage medium - Google Patents
Account detection method, device, server and storage medium Download PDFInfo
- Publication number
- CN114741684A CN114741684A CN202210650812.5A CN202210650812A CN114741684A CN 114741684 A CN114741684 A CN 114741684A CN 202210650812 A CN202210650812 A CN 202210650812A CN 114741684 A CN114741684 A CN 114741684A
- Authority
- CN
- China
- Prior art keywords
- authentication data
- period
- determining
- actual
- actual authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 77
- 238000000034 method Methods 0.000 claims abstract description 25
- 238000012545 processing Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 87
- 230000005484 gravity Effects 0.000 claims description 20
- 230000001932 seasonal effect Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008859 change Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 6
- 230000000737 periodic effect Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The disclosure relates to an account detection method, an account detection device, a server and a storage medium. The method comprises the following steps: acquiring actual authentication data of the account in the current time period and an actual authentication data sequence in a preset historical time period; processing the actual authentication data sequence by using a time sequence model to obtain the predicted authentication data of the current time period, wherein the time sequence model is obtained by modeling based on the actual authentication data sequence in the preset historical time period; and determining a risk detection result of the account according to the actual authentication data and the predicted authentication data. The time series model disclosed by the invention has higher flexibility and can adapt to the change of different application scenes, thereby having higher prediction precision.
Description
Technical Field
The present disclosure relates to the field of data security technologies, and in particular, to an account detection method, an account detection device, a server, and a storage medium.
Background
With the development of data security technology, account risk detection technology has emerged. In the authentication process of the user, besides the authentication of the user, some risk detection mechanisms are introduced to verify the risk of the user account so as to prove that the behavior of the user is credible.
In the related technology, a risk detection mechanism such as a risk policy rule or an expert scoring rule is adopted to detect the authentication behavior of the account, however, the method is mechanical, the listing rule is limited, and the detection is not accurate enough. In another related technology, an artificial intelligence model based on machine learning is adopted for risk prediction, and because the proportion of positive and negative samples in risk detection is unbalanced, the training complexity is high, and most training samples adopt data with long history time, the prediction accuracy of the model is low.
Disclosure of Invention
The disclosure provides an account detection method, an account detection device, a server and a storage medium, which are used for at least solving the problem of low prediction accuracy in the related technology. The technical scheme of the disclosure is as follows:
according to a first aspect of the embodiments of the present disclosure, an account detection method is provided, including:
acquiring actual authentication data of the account in the current time period and an actual authentication data sequence in a preset historical time period;
processing the actual authentication data sequence by using a time sequence model to obtain the predicted authentication data of the current time period, wherein the time sequence model is obtained by modeling based on the actual authentication data sequence in the preset historical time period;
and determining a risk detection result of the account according to the actual authentication data and the predicted authentication data.
In a possible implementation manner, the current time period includes a time period from a current time to a preset time in a current cycle, and the preset history time period includes a time period from a previous cycle of the current cycle to a preset history cycle; acquiring an actual authentication data sequence in a preset historical time period, wherein the actual authentication data sequence comprises the following steps:
acquiring actual authentication data of each period in a preset historical time period and a time period corresponding to the current time period to obtain a plurality of actual authentication data;
and arranging the plurality of actual authentication data according to a time sequence to obtain an actual authentication data sequence.
In a possible implementation manner, the determining a risk detection result of the account according to the actual authentication data and the predicted authentication data includes:
under the condition that the duration of the current time interval is not equal to the duration of a corresponding time interval, acquiring the proportion between the current time interval and the corresponding time interval, wherein the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval;
and determining a risk detection result of the account according to the specific gravity, the actual authentication data and the predicted authentication data.
In a possible implementation manner, the time series model includes a plurality of prediction functions, and the processing the actual authentication data sequence by using the time series model to obtain the predicted authentication data of the current time period includes:
predicting the authentication data of the current time period by using the prediction functions respectively to obtain a plurality of sub-authentication data, wherein the prediction functions are obtained by fitting the actual authentication data sequence;
and determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
In one possible implementation, the prediction function includes at least one of:
the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function.
In a possible implementation manner, the determining a risk detection result according to the actual authentication data and the predicted authentication data includes:
determining the data deviation between the actual authentication data and the predicted authentication data according to the actual authentication data and the predicted authentication data;
and determining a risk detection result of the account according to the data deviation.
In a possible implementation manner, the determining the risk detection result of the account according to the data deviation includes:
and determining the risk degree grade of the account according to the data deviation and a preset incidence relation between the data deviation and the risk degree grade.
According to a second aspect of the embodiments of the present disclosure, there is provided an account detection apparatus, including:
the acquisition module is used for acquiring actual authentication data of the account in the current time period and an actual authentication data sequence in a preset historical time period;
the prediction module is used for processing the actual authentication data sequence by utilizing a time sequence model to obtain the predicted authentication data of the current time period, wherein the time sequence model is obtained by modeling based on the actual authentication data sequence in the preset historical time period;
and the determining module is used for determining the risk detection result of the account according to the actual authentication data and the predicted authentication data.
In a possible implementation manner, the current time period includes a time period from a current time to a preset time in a current cycle, and the preset history time period includes a time period from a previous cycle of the current cycle to a preset history cycle; the acquisition module includes:
the first obtaining submodule is used for obtaining actual authentication data of each period in a preset historical time period and the time period corresponding to the current time period to obtain a plurality of actual authentication data;
and the arrangement submodule is used for arranging the plurality of actual authentication data according to a time sequence to obtain an actual authentication data sequence.
In one possible implementation, the determining module includes:
the second obtaining submodule is used for obtaining the proportion between the current time interval and the corresponding time interval under the condition that the duration of the current time interval is different from the duration of the corresponding time interval, and the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval;
and the first determining submodule is used for determining a risk detection result of the account according to the specific gravity, the actual authentication data and the predicted authentication data.
In one possible implementation, the time series model includes a plurality of prediction functions, and the prediction module includes:
the prediction submodule is used for predicting the authentication data of the current time interval by using the prediction functions respectively to obtain a plurality of sub-authentication data, wherein the prediction functions are obtained by fitting the actual authentication data sequence;
and the second determining submodule is used for determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
In one possible implementation, the prediction function includes at least one of:
the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function.
In one possible implementation, the determining module includes:
a third determining submodule, configured to determine a data deviation between the actual authentication data and the predicted authentication data according to the actual authentication data and the predicted authentication data;
and the fourth determining submodule is used for determining the risk detection result of the account according to the data deviation.
In a possible implementation manner, the risk detection result includes a risk degree level, and the fourth determining sub-module includes:
and the determining unit is used for determining the risk degree grade of the account according to the data deviation and the preset association relationship between the data deviation and the risk degree grade.
According to a third aspect of the embodiments of the present disclosure, there is provided a server, including:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the account detection method according to any one of the embodiments of the present disclosure.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, wherein instructions of the computer-readable storage medium, when executed by a processor of a server, enable the processor to perform an account detection method according to any one of the embodiments of the present disclosure.
According to a fifth aspect of the embodiments of the present disclosure, there is provided a computer program product, which includes instructions that, when executed by a processor of a server, enable the processor to execute the account detection method according to any one of the embodiments of the present disclosure.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects: according to the embodiment of the disclosure, a time series model is constructed based on an actual authentication data sequence in a preset historical time period. The actual authentication data sequence in the historical period is simple, and can be conveniently obtained in real time and modeled in real time. Compared with the prior art, the time series model has higher flexibility and can adapt to the change of different application scenes, so that the prediction precision is higher, the comparison between the subsequent prediction result and the actual authentication data is ensured, and the accuracy of the risk detection result of the account is determined.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
FIG. 1 is a flow diagram illustrating a method of account detection in accordance with an exemplary embodiment;
FIG. 2 is a diagram illustrating a fit of a trend function according to an exemplary embodiment;
FIG. 3 is a diagram illustrating a fit of a periodic function according to an exemplary embodiment;
FIG. 4 is a schematic diagram illustrating a fit of a holiday change function according to an exemplary embodiment;
FIG. 5 is a flow diagram illustrating a method of account detection in accordance with an exemplary embodiment;
FIG. 6 is a block diagram illustrating an account detection apparatus according to an exemplary embodiment;
FIG. 7 is a block diagram illustrating a server in accordance with an example embodiment.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
It should be further noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
Fig. 1 is a flowchart illustrating an account detection method according to an exemplary embodiment, where the method is used in a terminal or a server, as shown in fig. 1, and includes the following steps.
Step S101, acquiring actual authentication data of the account in the current time period and an actual authentication data sequence in a preset historical time period.
In the embodiment of the present disclosure, the authentication data may include the number of times of occurrence of the authentication behavior, and the authentication data may be obtained from the authentication log. The authentication log may include account name, authentication time, service object (access system) accessed or logged in, login area (city), etc. In one example, the current period may include a preset time period before the current authentication time and then an expiration time. For example, if the current login time is 3 pm and the preset time period is 30 minutes, the current time period is 2:30 to 3 pm. The preset history period may include a period (may be a date) from a period of the current authentication time to a preset history period, for example, the current authentication time is 3 pm on 6 months and 10 days, and the current period may include 2 pm and half to 3 pm on 6 months and 10 days; the preset historical period may include a total period of time between 2 pm and 3 pm for each day between 3 month 9 and 6 month 9, or may include individual periods of time between 2 pm and 3 pm for each day between 3 month 9 and 6 month 9. Each time period may correspond to an authentication data, together constituting an authentication data sequence. In another example, the current time period may also include a date on which the current authentication time is, for example, 8 months and 1 day. The preset historical period may include a cutoff from the day before the day to a preset number of days. For example, 31 days 4 months to 31 days 7 months. Each date may correspond to an authentication data, together forming an authentication data sequence.
Step S103, processing the actual authentication data sequence by using a time sequence model to obtain the predicted authentication data of the current time period, wherein the time sequence model is obtained by modeling based on the actual authentication data sequence in the preset historical time period.
In the embodiment of the disclosure, the time series model reflects the dynamic dependency relationship contained in the time series by constructing the model, and predicts the future change. The time series model may include an autoregressive model (AR), a moving average Model (MA), an autoregressive moving average model (ARMA), and an autoregressive differential moving average model (ARIMA), among others. And inputting the actual authentication data sequence in the preset historical time period into a time sequence model, and fitting the actual authentication data sequence by using the time sequence model to obtain the preset authentication data in the current time period.
Step S105, determining a risk detection result of the account according to the actual authentication data and the predicted authentication data.
In an example, the risk detection result may include at-risk and no-risk in the disclosed embodiments. A deviation between the actual authentication data and the predicted authentication data may be determined based on the two. If the deviation is larger than a preset range, determining that the account has a risk; and if the deviation is within the preset range, determining that the account is risk-free. In another example, the risk detection result may include a risk level, for example, an association relationship between a deviation between the actual authentication data and the preset authentication data and the risk level is established, and the risk level corresponding to the range is determined according to the range in which the deviation exists. The association relationship between the deviation and the risk level may include a positive association relationship, for example, the larger the deviation, the higher the risk level.
According to the embodiment of the disclosure, a time series model is constructed based on an actual authentication data sequence in a preset historical time period. The actual authentication data sequence in the historical period is simple, and can be conveniently obtained in real time and modeled in real time. Compared with the prior art, the time series model has higher flexibility and can adapt to the change of different application scenes, so that the prediction precision is higher, the comparison between the subsequent prediction result and the actual authentication data is ensured, and the accuracy of the risk detection result of the account is determined.
In a possible implementation manner, the current time period includes a time period from a current time to a preset time in a current cycle, and the preset history time period includes a time period from a previous cycle of the current cycle to a preset history cycle; acquiring an actual authentication data sequence in a preset historical time period, wherein the actual authentication data sequence comprises the following steps:
acquiring actual authentication data of each period in a preset historical time period and a time period corresponding to the current time period to obtain a plurality of actual authentication data;
and arranging the plurality of actual authentication data according to a time sequence to obtain an actual authentication data sequence.
In the embodiment of the present disclosure, the period may include one day or preset days. Taking the cycle as an example, the current period includes a period from a current time (current authentication time) to a preset time, for example, the authentication time is t1, and the current period is the first half hour of t 1. The preset history period may include a period from a previous period of the current cycle to the preset history period, for example, a period from 1 day to 90 days before the current cycle. In one example, the period of time within the preset history period corresponding to the current period of time may include the same period of time as the current period of time, for example, the current period of time is the first half hour of the authentication time t 1. The corresponding time period may include the first half hour at time t1 for each of the first 1 to first 90 days, and the resulting authentication data may include 3, 5, 6, 4 … 5, 3. In another example, the period corresponding to the current period in the preset history period may also include a period similar to the current period, for example, the current period is the first half hour of the authentication time t 1. The corresponding time periods may include the first half hour at time t1 and the second half hour at time t1 for each of the first 1 to first 90 days.
In the embodiment of the present disclosure, the plurality of actual authentication data are arranged in time sequence, for example, the authentication data of the first 90 days is 3, the authentication data of the first 89 days is 5, the authentication data of the first 87 days is 6, the authentication data of the first 86 days is 4, the authentication data of the first 2 days of … is 5, and the authentication data of the first 1 day is 3. The actual authentication data sequence may include 3, 5, 6, 4 … 5, 3 in order of time from far to near.
In the embodiment of the present disclosure, actual authentication data of a period corresponding to the current period in each cycle in the preset historical period is preset, where the corresponding period includes a period the same as or similar to the current period, and compared with the case of using authentication data in one complete cycle, the embodiment of the present disclosure uses authentication data in the corresponding period, and the data has more regularity. Therefore, the established time series model has higher prediction accuracy.
In a possible implementation manner, the determining a risk detection result of the account according to the actual authentication data and the predicted authentication data includes:
under the condition that the duration of the current time interval is not equal to the duration of a corresponding time interval, acquiring the proportion between the current time interval and the corresponding time interval, wherein the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval;
and determining a risk detection result of the account according to the specific gravity, the actual authentication data and the predicted authentication data.
In the embodiment of the present disclosure, the duration of the current time period is different from the duration of the corresponding time period, for example, the current time period is the first half hour of the authentication time t 1. The corresponding time period may include the first half hour at time t1 and the second half hour at time t1 for each of the first 1 day to the first 90 days. And acquiring the specific gravity between the current time period and the corresponding time period, wherein in the above example, the current time period is half an hour, the corresponding time period is 1 hour, and the specific gravity between the current time period and the corresponding time period is 0.5.
And determining a risk detection result of the account according to the proportion, the actual authentication data and the predicted authentication data. For example, the actual authentication data of the current period is 2 times and the predicted authentication data is 3 times, and in one example, the predicted authentication data may be multiplied by a specific gravity, that is, 3 × 0.5=1.5, and the deviation of 2 from 1.5 may be compared using a preset deviation formula. In another example, the actual authentication data may be divided by a specific gravity, that is, 2/0.5=4, and the deviation between 4 and 3 is compared using a preset deviation formula, so as to determine the risk detection result of the account.
In the embodiment of the disclosure, by determining the specific gravity between the current time interval and the corresponding time interval, according to the specific gravity, the actual authentication data or the predicted authentication data can be corrected to conform to the consistency of the time interval lengths, so that the accuracy of the risk detection result is improved.
In a possible implementation manner, the time series model includes a plurality of prediction functions, and the processing the actual authentication data sequence by using the time series model to obtain the predicted authentication data of the current time period includes:
predicting the authentication data of the current time period by using the prediction functions respectively to obtain a plurality of sub-authentication data, wherein the prediction functions are obtained by fitting the actual authentication data sequence;
and determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
In an embodiment of the present disclosure, the prediction function may include at least one of: the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function. It should be noted that the prediction function is not limited to the above examples, such as a periodic function, and other modifications are possible by those skilled in the art in light of the technical spirit of the present application, but the present application is intended to cover the protection scope of the present application as long as the functions and effects achieved by the prediction function are the same as or similar to those of the present application. In one example, the time series model may include the following formula (1) or (2):
y_t=S_t+T_t+R_t (1)
ln(y_t)=ln(S_t)+ln(T_t)+ln(R_t) (2)
wherein y _ T represents a time series prediction term, S _ T represents a seasonal variation function, T _ T represents a trend function, and R _ T represents a residual term. In the formula (2), ln (x) is a logarithmic function of x with a base of a natural logarithm e. There may be an equivalent multiplication form for equation (2), such as equation (3) below.
y_t=S_t×T_t×R_t (3)
In one example, the time series model may further include a holiday change function, such as the following equation (4), in addition to the seasonal change function, the trend function, and the remaining term.
y_t=g_t+S_t+h_t+e_t (4)
Wherein g _ t represents a trend function and represents the variation trend of the time series on the non-period, S _ t represents a periodic function or a seasonal variation function, and can be taken in the unit of week or year, h _ t represents a holiday variation function, and e _ t represents an error term or a residual term. Referring to fig. 2, a curve 201 represents an actual authentication data sequence within a preset history period, a straight line 202 represents a trend function, an abscissa represents a period, and an ordinate represents the number of authentications. By the trend function, authentication data at the time point of prediction 1, prediction 2, prediction 3, and the like can be predicted. Referring to fig. 3, a curve 301 represents an actual authentication data sequence of a preset history period periodicity, i.e., the abscissa represents the period. Referring to fig. 4, a curve 401 represents an actual authentication data sequence of holidays of a preset history period. The holidays can include legal holidays and also custom holidays. Similarly, curve 301 and curve 401 may be fitted to obtain a corresponding periodic function and a holiday change function.
In the embodiment of the present disclosure, the sub-authentication data may include a prediction value of each prediction function. And determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data. Optionally, determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data may include performing summation processing or weighted summation processing on the plurality of sub-authentication data to obtain the predicted authentication data of the current time interval.
The time series model comprises a plurality of prediction functions, wherein the prediction functions can be set from different dimensions, such as periodicity, seasonality, holiday, trend and the like, so that personalized prediction requirements are met, and the prediction accuracy is improved.
In a possible implementation manner, the determining a risk detection result according to the actual authentication data and the predicted authentication data includes:
determining the data deviation between the actual authentication data and the predicted authentication data according to the actual authentication data and the predicted authentication data;
and determining a risk detection result of the account according to the data deviation.
In an example, in an embodiment of the present disclosure, the data deviation between the actual authentication data and the predicted authentication data may include an absolute deviation, e.g., the actual authentication data is n1, the predicted authentication data is n2, and the absolute deviation may include n1-n 2. In another example, the data deviation between the actual authentication data and the predicted authentication data may also include a relative deviation, e.g., the actual authentication data is n1, the predicted authentication data is n2, and the relative deviation may include n2/n 1-1. It should be noted that the arrangement of the deviation is not limited to the above example, and for example, other modifications are possible by those skilled in the art in light of the technical spirit of the present application, and the present application is intended to cover the scope of the present application as long as the functions and effects achieved by the present application are the same or similar.
In the embodiment of the present disclosure, the actual authentication data and the predicted authentication data may be modified according to any one of the methods in the embodiments. For example, the actual authentication data of the current period is 2 times and the predicted authentication data is 3 times, and in one example, the predicted authentication data may be multiplied by a specific gravity, that is, 3 × 0.5=1.5, and the deviation of 2 from 1.5 may be compared using a preset deviation formula. In another example, the actual authentication data may be divided by a specific gravity, that is, 2/0.5=4, and the deviation between 4 and 3 is compared using a preset deviation formula, so as to determine the risk detection result of the account.
According to the embodiment of the disclosure, the difference between the actual authentication data and the predicted authentication data can be effectively embodied in a specific quantitative manner by establishing the data deviation between the actual authentication data and the predicted authentication data, so that the risk detection result of the account can be accurately determined according to the difference.
In a possible implementation manner, the determining the risk detection result of the account according to the data deviation includes:
and determining the risk degree grade of the account according to the data deviation and a preset incidence relation between the data deviation and the risk degree grade.
In the embodiment of the present disclosure, the preset association relationship between the data deviation and the risk level may include an association relationship with a positive correlation, that is, the greater the data deviation, the higher the risk level. In one example, if the data deviation is expressed by ratio, the preset association relationship may include: when ratio < = 0.30 (parameter "0.30" can be modified by configuration file), the output risk is 1; otherwise, when ratio < = 0.50 (parameter "0.50" can be modified by configuration file), the output risk is 2; otherwise, when ratio < = 0.80 (parameter "0.80" can be modified by configuration file), the output risk is 3; otherwise, when ratio < = 1.00 (parameter "1.00" can be modified by configuration file), the output risk is 4; otherwise, the output risk is 5. A higher degree of risk means a higher risk.
According to the method and the device, the preset incidence relation between the data deviation and the risk degree grade is established, the risk detection result of the account is subjected to ladder, the risk degree of the risk detection result can be more accurately described, and the prediction precision of the risk detection result is improved.
Fig. 5 is a flowchart illustrating an account detection method according to an exemplary embodiment. Referring to fig. 5, an account detection method includes:
step S501, acquiring actual authentication data of the current time period of the account, and presetting the actual authentication data of the time period corresponding to the current time period in each period in the historical time period to obtain a plurality of actual authentication data.
In the embodiment of the present disclosure, the current time period may include a period from a current authentication time to a preset time before the current authentication time to an ending time. For example, if the current login time is 3 pm and the preset time period is 30 minutes, the current time period is 2:30 to 3 pm. The current time period may also include the date on which the current authentication time is, for example, 8 months and 1 day. The preset history period may include a period (may be a date) from a period of the current authentication time to a preset history period, for example, the current authentication time is 3 pm on day 10 on month 6, and the current period may include 2 pm and half to 3 pm on day 10 on month 6. The preset historical period may include a cutoff from the day before the day to a preset number of days. For example, 31 days 4 months to 31 days 7 months.
Step S503, arranging the plurality of actual authentication data in time sequence to obtain an actual authentication data sequence.
In the embodiment of the present disclosure, the period may include one day or preset days. Taking the cycle as an example, the current period includes a period from a current time (current authentication time) to a preset time, for example, the authentication time is t1, and the current period is the first half hour of t 1. The current period is the first half hour of the authentication time t 1. The corresponding time period may include the first half hour at time t1 for each of the first 1 day to the first 90 days. The plurality of actual authentication data are arranged in chronological order, for example, the authentication data of the previous 90 days is 3, the authentication data of the previous 89 days is 5, the authentication data of the previous 87 days is 6, the authentication data of the previous 86 days is 4, the authentication data of the previous 2 days of … is 5, and the authentication data of the previous 1 day is 3. The actual authentication data sequence may include 3, 5, 6, 4 … 5, 3 in order of time from far to near.
Step S505, predicting the authentication data of the current time interval by using the plurality of prediction functions, respectively, to obtain a plurality of sub-authentication data, where the prediction functions are obtained by fitting the actual authentication data sequence.
In an embodiment of the present disclosure, the prediction function may include at least one of: the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function.
Step S507, determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
In an embodiment of the present disclosure, the determining, according to the plurality of sub-authentication data, the predicted authentication data of the current time interval. The method may include performing summation processing or weighted summation processing on the plurality of sub-authentication data to obtain the predicted authentication data of the current time interval.
Step S509, acquiring a specific gravity between the current time interval and the corresponding time interval when the current time interval and the corresponding time interval are not equal in duration, where the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval.
In the embodiment of the present disclosure, the duration of the current time period is different from the duration of the corresponding time period, for example, the current time period is the first half hour of the authentication time t 1. The corresponding time period may include the first half hour at time t1 and the second half hour at time t1 for each of the first 1 to first 90 days.
Step S511 determines a data deviation between the two data according to the specific gravity, the actual authentication data, and the predicted authentication data.
In the embodiment of the present disclosure, the specific gravity between the current time period and the corresponding time period is obtained, in the above example, the current time period is half an hour, the corresponding time period is 1 hour, and the specific gravity between the current time period and the corresponding time period is 0.5. In the embodiment of the present disclosure, for example, the actual authentication data of the current period is 2 times, and the predicted authentication data is 3 times, and in one example, the predicted authentication data may be multiplied by a specific gravity, that is, 3 × 0.5=1.5, and a preset deviation formula may be used to compare the deviation between 2 and 1.5. In another example, the actual authentication data may be divided by a specific gravity, that is, 2/0.5=4, and a preset deviation formula is used to compare the deviation between 4 and 3, so as to determine the risk detection result of the account.
Step S513, determining a risk detection result of the account according to the data deviation and a preset association relationship between the data deviation and the risk level.
In the embodiment of the present disclosure, the preset association relationship between the data deviation and the risk level may include an association relationship with a positive correlation, that is, the greater the data deviation, the higher the risk level.
It should be understood that, although the steps in the flowchart are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in the figures may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution of the steps or stages is not necessarily sequential, but may be performed alternately or in alternation with other steps or at least some of the other steps or stages.
It is understood that the same/similar parts between the embodiments of the method described above in this specification can be referred to each other, and each embodiment focuses on the differences from the other embodiments, and it is sufficient that the relevant points are referred to the descriptions of the other method embodiments.
Fig. 6 is a block diagram illustrating an account detection apparatus according to an exemplary embodiment. Referring to fig. 6, the apparatus 600 includes:
an obtaining module 601, configured to obtain actual authentication data of an account at a current time period and an actual authentication data sequence within a preset history time period;
the prediction module 603 is configured to process the actual authentication data sequence by using a time series model to obtain the predicted authentication data of the current time period, where the time series model is obtained by modeling based on the actual authentication data sequence in the preset historical time period;
a determining module 605, configured to determine a risk detection result of the account according to the actual authentication data and the predicted authentication data.
In a possible implementation manner, the current time period includes a time period from a current time to a preset time in a current cycle, and the preset history time period includes a time period from a previous cycle of the current cycle to a preset history cycle; the acquisition module includes:
the first obtaining submodule is used for obtaining actual authentication data of each period in a preset historical time period and the time period corresponding to the current time period to obtain a plurality of actual authentication data;
and the arrangement submodule is used for arranging the plurality of actual authentication data according to the time sequence to obtain an actual authentication data sequence.
In one possible implementation, the determining module includes:
the second obtaining submodule is used for obtaining the proportion between the current time interval and the corresponding time interval under the condition that the duration of the current time interval is different from the duration of the corresponding time interval, and the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval;
and the first determining submodule is used for determining a risk detection result of the account according to the specific gravity, the actual authentication data and the predicted authentication data.
In one possible implementation, the time series model includes a plurality of prediction functions, and the prediction module includes:
the prediction sub-module is used for predicting the authentication data of the current time interval by using the plurality of prediction functions respectively to obtain a plurality of sub-authentication data, wherein the prediction functions are obtained by fitting the actual authentication data sequence;
and the second determining submodule is used for determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
In one possible implementation, the prediction function includes at least one of:
the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function.
In one possible implementation, the determining module includes:
a third determining submodule, configured to determine a data deviation between the actual authentication data and the predicted authentication data according to the actual authentication data and the predicted authentication data;
and the fourth determining submodule is used for determining a risk detection result of the account according to the data deviation.
In a possible implementation manner, the risk detection result includes a risk degree grade, and the fourth determining sub-module includes:
and the determining unit is used for determining the risk detection result of the account according to the data deviation and the preset incidence relation between the data deviation and the risk degree grade.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 7 is a block diagram illustrating a server 700 in accordance with an example embodiment. For example, server 700 may be a server. Referring to fig. 7, server 700 includes a processing component 720 that further includes one or more processors, and memory resources, represented by memory 722, for storing instructions, such as applications, that are executable by processing component 720. The application programs stored in memory 722 may include one or more modules that each correspond to a set of instructions. Further, the processing component 720 is configured to execute instructions to perform the above-described methods.
The server 700 may further include: a power component 724 is configured to perform power management for the server 700, a wired or wireless network interface 726 is configured to connect the server 700 to a network, and an input/output (I/O) interface 728. The Server 700 may operate based on an operating system stored in the memory 722, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, or the like.
In an exemplary embodiment, a computer-readable storage medium comprising instructions, such as the memory 722 comprising instructions, executable by the processor of the server 700 to perform the method described above is also provided. The storage medium may be a computer-readable storage medium, which may be, for example, a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, a computer program product is also provided, which includes instructions executable by a processor of the server 700 to perform the above-described method.
It should be noted that the descriptions of the above apparatus, the server, the computer-readable storage medium, the computer program product, and the like according to the method embodiments may also include other embodiments, and specific implementation manners may refer to the descriptions of the related method embodiments, which are not described in detail herein.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (17)
1. An account detection method is characterized by comprising the following steps:
acquiring actual authentication data of the account in the current time period and an actual authentication data sequence in a preset historical time period;
processing the actual authentication data sequence by using a time sequence model to obtain the predicted authentication data of the current time period, wherein the time sequence model is obtained by modeling based on the actual authentication data sequence in the preset historical time period;
and determining a risk detection result of the account according to the actual authentication data and the predicted authentication data.
2. The method according to claim 1, wherein the current period comprises a period from a current time to a preset time in a current cycle, and the preset history period comprises a period from a previous cycle of the current cycle to a preset history cycle; acquiring an actual authentication data sequence in a preset historical time period, wherein the actual authentication data sequence comprises the following steps:
acquiring actual authentication data of each period in a preset historical time period and a time period corresponding to the current time period to obtain a plurality of actual authentication data;
and arranging the plurality of actual authentication data according to a time sequence to obtain an actual authentication data sequence.
3. The method of claim 2, wherein determining the risk detection result for the account based on the actual authentication data and the predicted authentication data comprises:
under the condition that the duration of the current time interval is not equal to the duration of a corresponding time interval, acquiring the proportion between the current time interval and the corresponding time interval, wherein the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval;
and determining a risk detection result of the account according to the specific gravity, the actual authentication data and the predicted authentication data.
4. The method of claim 1, wherein the time series model comprises a plurality of prediction functions, and wherein the processing the actual authentication data series using the time series model to obtain the predicted authentication data for the current time period comprises:
predicting the authentication data of the current time period by using the prediction functions respectively to obtain a plurality of sub-authentication data, wherein the prediction functions are obtained by fitting the actual authentication data sequence;
and determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
5. The method of claim 4, wherein the prediction function comprises at least one of:
the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function.
6. The method according to any one of claims 1 to 5, wherein said determining a risk detection result from said actual authentication data and said predicted authentication data comprises:
determining the data deviation between the actual authentication data and the predicted authentication data according to the actual authentication data and the predicted authentication data;
and determining a risk detection result of the account according to the data deviation.
7. The method of claim 6, wherein the risk detection result comprises a risk level, and wherein determining the risk detection result for the account based on the data deviation comprises:
and determining the risk degree grade of the account according to the data deviation and a preset incidence relation between the data deviation and the risk degree grade.
8. An account detection apparatus, comprising:
the acquisition module is used for acquiring actual authentication data of the account in the current time period and an actual authentication data sequence in a preset historical time period;
the prediction module is used for processing the actual authentication data sequence by utilizing a time sequence model to obtain the predicted authentication data of the current time period, wherein the time sequence model is obtained by modeling based on the actual authentication data sequence in the preset historical time period;
and the determining module is used for determining the risk detection result of the account according to the actual authentication data and the predicted authentication data.
9. The apparatus of claim 8, wherein the current period comprises a period from a current time to a preset time in a current cycle, and the preset history period comprises a period from a previous cycle of the current cycle to a preset history cycle; the acquisition module includes:
the first obtaining submodule is used for obtaining actual authentication data of each period in a preset historical time period and the time period corresponding to the current time period to obtain a plurality of actual authentication data;
and the arrangement submodule is used for arranging the plurality of actual authentication data according to the time sequence to obtain an actual authentication data sequence.
10. The apparatus of claim 9, wherein the determining means comprises:
the second obtaining submodule is used for obtaining the proportion between the current time interval and the corresponding time interval under the condition that the duration of the current time interval is different from the duration of the corresponding time interval, and the corresponding time interval is a time interval corresponding to the current time interval in each cycle in a preset historical time interval;
and the first determining submodule is used for determining a risk detection result of the account according to the specific gravity, the actual authentication data and the predicted authentication data.
11. The apparatus of claim 8, wherein the time series model comprises a plurality of prediction functions, and wherein the prediction module comprises:
the prediction sub-module is used for predicting the authentication data of the current time interval by using the plurality of prediction functions respectively to obtain a plurality of sub-authentication data, wherein the prediction functions are obtained by fitting the actual authentication data sequence;
and the second determining submodule is used for determining the predicted authentication data of the current time interval according to the plurality of sub-authentication data.
12. The apparatus of claim 11, wherein the prediction function comprises at least one of:
the prediction functions include a trend function, a seasonal variation function, a holiday variation function, and a random function.
13. The apparatus of any of claims 8-12, wherein the determining module comprises:
a third determining submodule, configured to determine a data deviation between the actual authentication data and the predicted authentication data according to the actual authentication data and the predicted authentication data;
and the fourth determining submodule is used for determining the risk detection result of the account according to the data deviation.
14. The apparatus of claim 13, wherein the risk detection result comprises a risk level, and wherein the fourth determination submodule comprises:
and the determining unit is used for determining the risk level of the account according to the data deviation and the preset incidence relation between the data deviation and the risk level.
15. A server, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the account detection method of any of claims 1 to 7.
16. A computer-readable storage medium, wherein instructions in the computer-readable storage medium, when executed by a processor of a server, enable the processor to perform the account detection method of any of claims 1 to 7.
17. A computer program product comprising instructions that, when executed by a processor of a server, enable the processor to perform an account detection method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210650812.5A CN114741684A (en) | 2022-06-10 | 2022-06-10 | Account detection method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210650812.5A CN114741684A (en) | 2022-06-10 | 2022-06-10 | Account detection method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114741684A true CN114741684A (en) | 2022-07-12 |
Family
ID=82287498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210650812.5A Pending CN114741684A (en) | 2022-06-10 | 2022-06-10 | Account detection method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114741684A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109818942A (en) * | 2019-01-07 | 2019-05-28 | 微梦创科网络科技(中国)有限公司 | A kind of user account number method for detecting abnormality and device based on temporal aspect |
| CN111552933A (en) * | 2020-03-30 | 2020-08-18 | 西安交大捷普网络科技有限公司 | Method and device for identifying abnormal login of account |
| CN112417439A (en) * | 2019-08-21 | 2021-02-26 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
| CN112714093A (en) * | 2019-10-25 | 2021-04-27 | 深信服科技股份有限公司 | Account abnormity detection method, device and system and storage medium |
-
2022
- 2022-06-10 CN CN202210650812.5A patent/CN114741684A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109818942A (en) * | 2019-01-07 | 2019-05-28 | 微梦创科网络科技(中国)有限公司 | A kind of user account number method for detecting abnormality and device based on temporal aspect |
| CN112417439A (en) * | 2019-08-21 | 2021-02-26 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
| CN112714093A (en) * | 2019-10-25 | 2021-04-27 | 深信服科技股份有限公司 | Account abnormity detection method, device and system and storage medium |
| CN111552933A (en) * | 2020-03-30 | 2020-08-18 | 西安交大捷普网络科技有限公司 | Method and device for identifying abnormal login of account |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11645293B2 (en) | Anomaly detection in big data time series analysis | |
| CN106097043B (en) | The processing method and server of a kind of credit data | |
| CN108470233A (en) | A kind of the demand response capability assessment method and computing device of intelligent grid | |
| CN105719033A (en) | Method and device for identifying risk in object | |
| CN111523084A (en) | Service data prediction method and device, electronic equipment and computer readable storage medium | |
| CN111898247B (en) | Landslide displacement prediction method, landslide displacement prediction equipment and storage medium | |
| CN109598052B (en) | Intelligent ammeter life cycle prediction method and device based on correlation coefficient analysis | |
| CN111062486A (en) | Method and device for evaluating feature distribution and confidence coefficient of data | |
| CN112445699A (en) | Strategy matching method and device, electronic equipment and storage medium | |
| Salk et al. | Limitations of majority agreement in crowdsourced image interpretation | |
| CN111080417A (en) | Processing method for improving booking smoothness rate, model training method and system | |
| CN112468312A (en) | Network flow prediction method, communication equipment and storage medium | |
| CN114548756A (en) | Comprehensive benefit evaluation method and device for comprehensive energy project based on principal component analysis | |
| WO2019165692A1 (en) | Carbon futures price prediction method, apparatus, computer device and storage medium | |
| CN113689270A (en) | Method for determining black product device, electronic device, storage medium, and program product | |
| Leonard | Promotional analysis and forecasting for demand planning: a practical time series approach | |
| CN114741684A (en) | Account detection method, device, server and storage medium | |
| CN117495544A (en) | Sandbox-based wind control evaluation method, sandbox-based wind control evaluation system, sandbox-based wind control evaluation terminal and storage medium | |
| CN110443451B (en) | Event grading method and device, computer equipment and storage medium | |
| CN110619408B (en) | Information acquisition method, equipment and computer storage medium | |
| CN116225958A (en) | Fault prediction method and device, storage medium and electronic equipment | |
| US20220138552A1 (en) | Adapting ai models from one domain to another | |
| CN115688984A (en) | Method and device for analyzing and predicting power consumption of subareas and electronic equipment | |
| CN114358186A (en) | Data processing method and device and computer readable storage medium | |
| CN116341696A (en) | Information prediction method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220712 |