CN115102873B - Data processing method and system based on IP address analysis - Google Patents

Data processing method and system based on IP address analysis Download PDF

Info

Publication number
CN115102873B
CN115102873B CN202211013563.5A CN202211013563A CN115102873B CN 115102873 B CN115102873 B CN 115102873B CN 202211013563 A CN202211013563 A CN 202211013563A CN 115102873 B CN115102873 B CN 115102873B
Authority
CN
China
Prior art keywords
behavior
user
parameters
user behavior
transaction operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211013563.5A
Other languages
Chinese (zh)
Other versions
CN115102873A (en
Inventor
张纯兵
周泳
高华辰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yichen Shenzhen Technology Co ltd
Original Assignee
Yichen Shenzhen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yichen Shenzhen Technology Co ltd filed Critical Yichen Shenzhen Technology Co ltd
Priority to CN202211013563.5A priority Critical patent/CN115102873B/en
Publication of CN115102873A publication Critical patent/CN115102873A/en
Application granted granted Critical
Publication of CN115102873B publication Critical patent/CN115102873B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Data Mining & Analysis (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a data processing method and a system based on IP address analysis, comprising the following steps: firstly, acquiring a user behavior data set of a user with an IP address to be processed in a first service environment; then, based on the behavior sequence vector and the behavior environment parameters determined from the user behavior data set, generating user behavior evaluation parameters; then generating an initial user behavior evaluation result based on a generation node sequence among the user behavior parameters in the rest user behavior parameters; and finally, generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.

Description

Data processing method and system based on IP address analysis
Technical Field
The invention relates to the field of network security, in particular to a data processing method and a data processing system based on IP address analysis.
Background
Currently, in a network security scenario, in order to perform security monitoring on an operation behavior of a user, monitoring is generally performed from an IP address initiated by a user operation, a user authority corresponding to the user operation, and the like. However, no matter what kind of monitoring is adopted, each monitoring index is independent, a plurality of related indexes are not considered cooperatively, the obtained safety data processing result is often a judgment result of a certain index, however, the judgment result is not always accurate, so that not only the monitoring of network safety cannot be achieved, but also trouble may be brought to normal business operation of a user.
Disclosure of Invention
The invention aims to provide a data processing method and a data processing system based on IP address analysis.
In a first aspect, an embodiment of the present invention provides a data processing method based on IP address analysis, including:
acquiring a user behavior data set of an IP address user to be processed in a first service environment, wherein the user behavior data set comprises a user behavior vector to be processed for representing the behavior characteristics of the user to be processed, a behavior sequence vector for representing the behavior sequence characteristics linked with the behavior characteristics of the user to be processed, and behavior environment parameters for representing the behavior environment characteristics linked with the behavior characteristics of the user to be processed, the user behavior vector to be processed comprises initial user behavior parameters and residual user behavior parameters, the residual user behavior parameters comprise user behavior parameters except the initial user behavior parameters in the user behavior vector to be processed, and initial behavior generation nodes corresponding to the initial user behavior parameters are positioned behind residual behavior generation nodes corresponding to the residual user behavior parameters;
generating user behavior evaluation parameters based on the behavior sequence vectors and the behavior environment parameters, wherein the user behavior evaluation parameters are used for representing behavior sequence characteristics and legal confidence degrees among the behavior environment characteristics;
generating an initial user behavior evaluation result for representing initial behavior generation nodes based on a generation node sequence among the user behavior parameters in the rest user behavior parameters;
and generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.
In one possible embodiment, the first business environment comprises an online trading platform;
the method for acquiring the user behavior data group of the IP address user to be processed in the first service environment comprises the following steps:
determining the transaction operation number of a user of the IP address to be processed in a preset time range of an online transaction platform, and comparing the transaction operation number in the preset time range with the preset safe transaction operation number;
if the transaction operation number exceeds the preset safe transaction operation number within the preset time range, adding the transaction operation time sequence parameters respectively corresponding to each transaction operation to the initial transaction operation time sequence parameter group;
obtaining a comparison transaction operation time sequence parameter group from the initial transaction operation time sequence parameter group, wherein the number of the transaction operation time sequence parameters in the comparison transaction operation time sequence parameter group is equal to the preset safe transaction operation number, each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group is positioned behind the rest transaction operation time sequence parameters, the rest transaction operation time sequence parameters comprise the transaction operation time sequence parameters except the comparison transaction operation time sequence parameter group in the initial transaction operation time sequence parameter group, and the comparison transaction operation time sequence parameter group comprises a first transaction operation time sequence parameter;
acquiring first transaction operation data of an IP address user to be processed in a transaction operation corresponding to a first transaction operation time sequence parameter, wherein the first transaction operation data comprise first user behavior parameters for representing behavior characteristics of the user to be processed and first behavior sequence characteristic values for representing behavior sequence characteristics, the behavior characteristics of the user to be processed comprise user behavior attention characteristics, and the behavior sequence characteristics comprise behavior persistence characteristics, behavior repetition characteristics, behavior starting characteristics and key behavior characteristics;
according to the sequence of the transaction operation time sequence parameters from front to back, user behavior attention parameters corresponding to each transaction operation time sequence parameter in the comparative transaction operation time sequence parameter set are fused to obtain a user behavior vector to be processed for representing the user behavior attention characteristics;
fusing the user continuous behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group to obtain a user continuous behavior vector for representing the behavior continuous characteristic;
fusing the user repetitive behavior parameters respectively corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group to obtain a user repetitive behavior vector for representing behavior repetitive characteristics;
fusing user initial behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user initial behavior vector for representing behavior initial characteristics;
fusing user key behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user key behavior vector for representing key behavior characteristics;
determining a user continuous behavior vector, a user repeated behavior vector, a user initial behavior vector and a user key behavior vector as behavior sequence vectors;
determining the transaction operation time sequence parameter which is the last node in the comparison transaction operation time sequence parameter group as a last transaction operation time sequence parameter;
acquiring behavior environment parameters which are linked with the last transaction operation time sequence parameters and used for representing behavior environment characteristics;
and determining the user behavior vector to be processed, the behavior sequence vector and the behavior environment parameter as a user behavior data set.
In one possible implementation, the behavior environment characteristics comprise online transaction platform characteristics, user behavior type characteristics, user login historical time period characteristics, user historical login platform geographic position characteristics and user behavior operation node matching characteristics;
acquiring the behavioral environment parameters which are linked with the last transaction operation time sequence parameters and used for characterizing the behavioral environment characteristics, wherein the behavioral environment parameters comprise:
acquiring online trading platform parameters which are linked with the last-order trading operation time sequence parameters and used for representing characteristics of the online trading platform;
acquiring a user behavior type parameter which is linked with a last transaction operation time sequence parameter and is used for representing a user behavior type characteristic;
acquiring a user login historical time period parameter which is linked with the last transaction operation time sequence parameter and is used for representing the user login historical time period characteristic;
acquiring a user history login platform geographical position parameter which is linked with the last transaction operation time sequence parameter and used for representing the geographical position characteristic of the user history login platform;
acquiring user behavior operation node matching parameters which are linked with the last transaction operation time sequence parameters and used for representing the matching characteristics of the user behavior operation nodes;
and determining parameters of the online transaction platform, parameters of user behavior types, parameters of user login historical time periods, parameters of user historical login platform geographic positions and parameters of user behavior operation node matching as behavior environment parameters.
In one possible implementation, the generating of the user behavior evaluation parameter based on the behavior sequence vector and the behavior environment parameter comprises:
acquiring a user behavior evaluation model, wherein the user behavior evaluation model comprises a behavior sequence evaluation model framework and a behavior comprehensive evaluation model framework;
inputting the behavior sequence vector into a behavior sequence evaluation model architecture, and generating behavior sequence parameters for representing behavior sequence characteristics based on a generation node sequence between user behavior time sequence parameters in the behavior sequence vector in the behavior sequence evaluation model architecture;
and respectively inputting the behavior sequence parameters and the behavior environment parameters into a behavior comprehensive evaluation model framework, and performing weighted average processing on the behavior sequence parameters and the behavior environment parameters in the behavior comprehensive evaluation model framework to generate user behavior evaluation parameters.
In a possible implementation manner, the user behavior evaluation model further includes a user behavior definition model architecture, the remaining user behavior parameters include first remaining user behavior parameters and second remaining user behavior parameters, and the remaining behavior generation nodes include first remaining behavior generation nodes corresponding to the first remaining user behavior parameters and second remaining behavior generation nodes corresponding to the second remaining user behavior parameters;
generating an initial user behavior evaluation result for characterizing an initial behavior generation node based on a generation node sequence among the user behavior parameters in the remaining user behavior parameters, including:
inputting a user behavior vector to be processed into a user behavior definition model architecture, performing weighted average processing on input parameters for representing a first residual behavior generation node in the user behavior definition model architecture to obtain a second initial user behavior evaluation result for representing a second residual behavior generation node, wherein if the first residual behavior generation node is a head node in the residual behavior generation nodes, the input parameters for representing the first residual behavior generation node are first residual user behavior parameters, and if the first residual behavior generation node is not the head node in the residual behavior generation nodes, the input parameters for representing the first residual behavior generation node are the first residual user behavior parameters and the first initial user behavior evaluation result for representing the first residual behavior generation node;
determining the second initial user behavior evaluation result and the second residual user behavior parameters as input parameters for representing a second residual behavior generation node, performing weighted average processing on the input parameters for representing the second residual behavior generation node to obtain a third initial user behavior evaluation result, and determining the third initial user behavior evaluation result as the input parameters of the next residual behavior generation node if the second residual behavior generation node is not the last node in the residual behavior generation nodes;
and if the second residual behavior generation node is the last node in the residual behavior generation nodes, determining the third initial user behavior evaluation result as the initial user behavior evaluation result used for representing the initial behavior generation nodes.
In a possible implementation manner, the target user behavior evaluation result comprises a first target user behavior evaluation result and a second target user behavior evaluation result, wherein a node sequence occurs between the first target user behavior evaluation result and the second target user behavior evaluation result;
generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters, wherein the target user behavior evaluation result comprises the following steps:
in a user behavior definition model framework, carrying out weighted average processing on an initial user behavior evaluation result, initial user behavior parameters and user behavior evaluation parameters to obtain a first target user behavior evaluation result for representing the behavior characteristics of a user to be processed;
and performing weighted average processing on the first target user behavior evaluation result and the user behavior evaluation parameters to obtain a second target user behavior evaluation result for representing the behavior characteristics of the user to be processed.
In one possible implementation manner, the first service environment comprises an online transaction platform, the user behavior characteristics to be processed comprise user behavior attention characteristics, the user behavior vectors to be processed comprise user behavior attention vectors used for representing the user behavior attention characteristics, and the target user behavior evaluation result comprises a plurality of user behavior attention evaluation parameters used for representing the user behavior attention characteristics;
the method further comprises the following steps:
performing fusion operation on the user behavior attention parameters in the user behavior attention vector to obtain a user behavior total attention parameter, and performing averaging operation on the user behavior total attention parameter based on the number of the user behavior attention parameters in the user behavior attention vector to obtain a user behavior reference attention parameter;
performing fusion operation on the plurality of user behavior attention degree evaluation parameters to obtain a user behavior total attention degree evaluation parameter, and performing averaging operation on the user behavior total attention degree evaluation parameter to obtain a user behavior reference attention degree evaluation parameter;
averaging the user behavior reference attention degree evaluation parameter and the user behavior reference attention degree parameter to obtain a target attention degree;
and performing an attention strategy in connection with the online transaction platform based on the target attention.
In one possible implementation, the performing of the attention policy associated with the online transaction platform based on the target attention comprises:
if the target attention degree exceeds the preset attention degree, performing a real-time attention strategy of the online transaction platform with contact;
determining the number of transaction operations of a user of the IP address to be processed in a preset time range of an online transaction platform, and comparing the number of transaction operations in the preset time range with a threshold value of the number of transaction operations in the preset time range;
and if the number of the transaction operations in the preset time range exceeds the threshold value of the number of the transaction operations in the preset time range, marking the IP address user to be processed as a risk address.
In a possible implementation manner, before obtaining the user behavior data set of the to-be-processed IP address user in the first service environment, the method further includes:
after receiving a verification instruction for verifying a user behavior data set sent by an IP address user to be processed, storing the verification instruction into a temporary storage isolation space;
receiving a verification vector corresponding to a verification instruction distributed by a third-party security server; the verification vector is obtained after the third-party security server performs security processing on a verification license certificate corresponding to the verification instruction after judging the verification instruction in the temporary storage isolation space; receiving a current encryption strategy corresponding to a verification vector distributed by a third-party security server; the current encryption strategy is obtained by converting a local encryption strategy by using a preset encryption strategy, and the local encryption strategy is an encryption strategy used when security processing is performed on a verification license certificate; receiving a user authority code sent by a user of the IP address to be processed; the user authority code is distributed to the IP address user to be processed by the third-party security server;
the safety check of the IP address user to be processed is carried out based on the user authority code, and the safety check of the IP address user to be processed is confirmed to be passed;
after receiving a preset encryption strategy sent by a user of an IP address to be processed, processing the current encryption strategy by using the preset encryption strategy to obtain a local encryption strategy; processing the verification vector by using the obtained local encryption strategy to obtain a verification permission certificate, and sending the obtained verification permission certificate to the IP address user to be processed; and the preset encryption policy sent by the IP address user to be processed is distributed to the IP address user to be processed by the third-party security server.
In a second aspect, an embodiment of the present invention provides a data processing system based on IP address analysis, including:
the system comprises an acquisition module, a first service module and a second service module, wherein the acquisition module is used for acquiring a user behavior data set of an IP address user to be processed in a first service environment, the user behavior data set comprises a user behavior vector to be processed for representing the behavior characteristics of the user to be processed, a behavior sequence vector for representing the behavior sequence characteristics linked with the behavior characteristics of the user to be processed, and behavior environment parameters for representing the behavior environment characteristics linked with the behavior characteristics of the user to be processed, the user behavior vector to be processed comprises initial user behavior parameters and residual user behavior parameters, the residual user behavior parameters comprise user behavior parameters except the initial user behavior parameters in the user behavior vector to be processed, and initial behavior generation nodes corresponding to the initial user behavior parameters are positioned behind residual behavior generation nodes corresponding to the residual user behavior parameters;
the analysis module is used for generating user behavior evaluation parameters based on the behavior sequence vectors and the behavior environment parameters, and the user behavior evaluation parameters are used for representing behavior sequence characteristics and legal confidence degrees among the behavior environment characteristics; generating an initial user behavior evaluation result for representing initial behavior generation nodes based on a generation node sequence among the user behavior parameters in the rest user behavior parameters; and generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.
Compared with the prior art, the beneficial effects provided by the invention comprise: by adopting the data processing method and the system based on the IP address analysis, disclosed by the invention, a user behavior data group of a user with the IP address to be processed in a first service environment is obtained; then, based on the behavior sequence vector and the behavior environment parameters determined from the user behavior data set, generating user behavior evaluation parameters; then, based on the generation node sequence among the user behavior parameters in the rest user behavior parameters, generating an initial user behavior evaluation result; and finally, generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the embodiments will be briefly described below. It is appreciated that the following drawings depict only certain embodiments of the invention and are therefore not to be considered limiting of its scope. For a person skilled in the art, it is possible to derive other relevant figures based on these figures without inventive effort.
Fig. 1 is a schematic block diagram illustrating a flow of steps of a data processing method based on IP address analysis according to an embodiment of the present invention;
FIG. 2 is a block diagram illustrating an example of a data processing system based on IP address analysis according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of a structure of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.
Further, referring to fig. 1, fig. 1 is a schematic block diagram illustrating a flow of steps of a data processing method based on IP address analysis according to an embodiment of the present invention.
Step S101, a user behavior data set of the IP address user to be processed in the first service environment is obtained, the user behavior data set comprises a user behavior vector to be processed for representing the behavior characteristics of the user to be processed, a behavior sequence vector for representing the behavior sequence characteristics linked with the behavior characteristics of the user to be processed, and behavior environment parameters for representing the behavior environment characteristics linked with the behavior characteristics of the user to be processed, the user behavior vector to be processed comprises initial user behavior parameters and residual user behavior parameters, the residual user behavior parameters comprise user behavior parameters except the initial user behavior parameters in the user behavior vector to be processed, and initial behavior generation nodes corresponding to the initial user behavior parameters are located behind residual behavior generation nodes corresponding to the residual user behavior parameters.
Specifically, the first service environment comprises an online transaction platform; determining the transaction operation number of a user of the IP address to be processed in a preset time range of an online transaction platform, and comparing the transaction operation number in the preset time range with the preset safe transaction operation number; if the transaction operation number exceeds the preset safe transaction operation number within the preset time range, adding the transaction operation time sequence parameters respectively corresponding to each transaction operation to the initial transaction operation time sequence parameter group; acquiring a comparison transaction operation time sequence parameter group from the initial transaction operation time sequence parameter group, wherein the number of the transaction operation time sequence parameters in the comparison transaction operation time sequence parameter group is equal to the preset safe transaction operation number, each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group is positioned behind the rest transaction operation time sequence parameters, and the rest transaction operation time sequence parameters comprise the transaction operation time sequence parameters except the comparison transaction operation time sequence parameter group in the initial transaction operation time sequence parameter group; a user behavior data set is obtained based on the comparative transaction operation timing parameter set.
The comparison transaction operation time sequence parameter group comprises a first transaction operation time sequence parameter; the specific process of obtaining the user behavior data set based on the comparative transaction operation timing parameter group may include: acquiring first transaction operation data of a user of the IP address to be processed in a transaction operation corresponding to the first transaction operation time sequence parameter, wherein the first transaction operation data comprises a first user behavior parameter used for representing behavior characteristics of the user to be processed and a first behavior sequence characteristic value used for representing behavior sequence characteristics; according to the sequence of the transaction operation time sequence parameters from front to back, fusing user behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user behavior vector to be processed, and fusing user behavior time sequence parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a behavior sequence vector; determining the transaction operation time sequence parameter which is the last node in the comparison transaction operation time sequence parameter group as a last transaction operation time sequence parameter; acquiring behavior environment parameters which are linked with the last transaction operation time sequence parameters and used for representing behavior environment characteristics; and determining the user behavior vector to be processed, the behavior sequence vector and the behavior environment parameter as a user behavior data set.
The computer device determines the number of transaction operations within a preset time range of an online transaction platform by a user (which can be understood as an address initiated by the user) of the IP address to be processed. In the embodiment of the present invention, the number of transaction operations in the example preset time range is equal to 6, that is, the user of the to-be-processed IP address has already transacted 6 times on the online transaction platform, and the computer device obtains the preset number of secure transaction operations preset by the system, in the embodiment of the present invention, the example preset number of secure transaction operations is 5. Obviously, the transaction operation number in the preset time range is larger than the preset safe transaction operation number, and the computer equipment can predict future related transaction services of the IP address user to be processed in the online transaction platform based on the user behavior data set.
When the number of transaction operations exceeds the preset number of secure transaction operations within the preset time range, the computer device may add the transaction operation timing parameter corresponding to each transaction operation to the initial transaction operation timing parameter set, where the transaction operation timing parameter of the first transaction (which may be understood as the one farthest from the present) is 9 of 2022-03-01, the transaction operation timing parameter of the second transaction (which may be understood as the one farthest from the present) is 9 of 2022-03-02, the transaction operation timing parameter of the third transaction is 18 of 2022-03-03, the transaction operation timing parameter of the fourth transaction is 18 of 2022-03-04, the transaction operation timing parameter of the fifth transaction is 18 of 2022-03-05, and the transaction operation timing parameter of the sixth transaction (which may be understood as the one farthest from the present) is 18 of 2022-20200-03-06. It can be understood that the transaction operation timing parameters may be a transaction start time stamp, a transaction end time stamp, and the like, and the transaction operation timing parameters are not limited in the present invention, and may be set based on a scene in practical application.
The computer device obtains a comparison transaction operation timing parameter group from the initial transaction operation timing parameter group based on the early and late sequence of the 6 transaction operation timing parameters, wherein the number of the transaction operation timing parameters in the comparison transaction operation timing parameter group is equal to the preset safe transaction operation number, obviously, the comparison transaction operation timing parameter group comprises the following 5 transaction operation timing parameters, namely, the transaction operation timing parameters corresponding to the first transaction are not included.
The computer device acquires transaction operation data N1 of a user of the IP address to be processed in a transaction operation (i.e. a second transaction) corresponding to a transaction operation timing parameter M1 (equivalent to 9; acquiring transaction operation data N2 of a user of an IP address to be processed in a transaction operation (i.e., a third transaction) corresponding to a transaction operation timing parameter M2 (which is equal to 18 of 2022-03-03, 00 described above), where the transaction operation data N2 may include a user behavior parameter Q2 for characterizing a behavior feature of the user to be processed, a user behavior timing parameter P2 for characterizing a behavior sequence feature, and a behavior environment parameter Z2 for characterizing a behavior environment feature; similarly, the computer device obtains the transaction operation data corresponding to the remaining 3 transaction operation timing sequence parameters, which is not described herein one by one.
According to the sequence of the transaction operation time sequence parameters from front to back, the computer equipment fuses the user behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group to obtain a user behavior vector to be processed, namely, the user behavior parameter Q1, the user behavior parameter Q2, the user behavior parameter Q3, the user behavior parameter Q4 and the user behavior parameter Q5 are fused to obtain the user behavior vector to be processed according to the sequence of the transaction operation time sequence parameters from front to back.
Similarly, the computer device fuses user behavior time sequence parameters corresponding to each transaction operation time sequence parameter in the transaction operation time sequence parameter group to obtain a behavior sequence vector, that is, the user behavior time sequence parameter P1, the user behavior time sequence parameter P2, the user behavior time sequence parameter P3, the user behavior time sequence parameter P4 and the user behavior time sequence parameter P5 are fused to obtain a behavior sequence vector according to the sequence of the transaction operation time sequence parameters from front to back.
In an embodiment of the present invention, the characteristic for characterizing the behavioral environment characteristic is a fixed characteristic, and is fixed to the behavioral environment parameter corresponding to the last transaction operation timing parameter, such as the behavioral environment parameter Z5, wherein the last transaction operation timing parameter is a comparison result between a last node in the transaction operation timing parameter set, such as the transaction operation timing parameter corresponding to the sixth transaction, i.e. 18 to 00 of 2022-03-06.
And the computer equipment determines the user behavior vector to be processed, the behavior sequence vector and the behavior environment parameter as a user behavior data set.
Based on the foregoing description, the initial user behavior parameter is the user behavior parameter Q5, and the remaining user behavior parameters include the user behavior parameter Q1, the user behavior parameter Q2, the user behavior parameter Q3, and the user behavior parameter Q4.
It is to be understood that the behavior sequence feature may include one or more, and correspondingly, the behavior sequence vector may include one (when the behavior sequence feature is one), or multiple (when the behavior sequence feature is multiple), and the number of the behavior sequence features is not limited in the embodiments of the present invention, and may vary based on the actual application scenario. Similarly, the behavioral environment characteristics may include one or more, and correspondingly, the behavioral environment parameters may include one (when the behavioral environment characteristics are one), or more (when the behavioral environment characteristics are multiple).
It is to be understood that the above numbers, such as the number of transaction operations 6 within the preset time range and the number of preset safe transaction operations 5, are assumed for convenience of description and understanding, and in an actual application scenario, the number of transaction operations within the preset time range and the like may be set based on the scenario.
Step S102, generating user behavior evaluation parameters based on the behavior sequence vectors and the behavior environment parameters, wherein the user behavior evaluation parameters are used for representing behavior sequence characteristics and legal confidence degrees among the behavior environment characteristics.
Specifically, a user behavior evaluation model is obtained, wherein the user behavior evaluation model comprises a behavior sequence evaluation model framework and a behavior comprehensive evaluation model framework; inputting the behavior sequence vector into a behavior sequence evaluation model architecture, and generating behavior sequence parameters for representing behavior sequence characteristics based on a generation node sequence between user behavior time sequence parameters in the behavior sequence vector in the behavior sequence evaluation model architecture; and respectively inputting the behavior sequence parameters and the behavior environment parameters into a behavior comprehensive evaluation model framework, and performing weighted average processing on the behavior sequence parameters and the behavior environment parameters in the behavior comprehensive evaluation model framework to generate user behavior evaluation parameters.
In the embodiment of the present invention, the behavior sequence vector may include y behavior sequence vectors, y is a positive integer, and y is less than or equal to the number of the behavior sequence vectors, it may be understood that each behavior sequence vector corresponds to different behavior sequence features, such as a key behavior feature, a behavior repetition feature, and the like, and the behavior sequence features may be set based on an actual application scenario.
In the embodiment of the present invention, the behavior environment parameters may include z behavior environment parameters, where z is a positive integer and is less than or equal to the number of the behavior environment parameters, and it can be understood that each behavior environment parameter corresponds to different behavior environment characteristics, such as an online transaction platform characteristic, a user behavior type characteristic, and the like, and the behavior environment characteristics may be set based on an actual application scenario. With reference to step S101, the behavior environment parameter Z1 includes a behavior environment parameter corresponding to the kth transaction operation timing parameter (i.e., the transaction operation timing parameter corresponding to the last transaction operation) and used for characterizing a first behavior environment characteristic; the behavior environment parameters Z2 comprise behavior environment parameters which are corresponding to the kth transaction operation time sequence parameter and are used for representing the 2 nd behavior environment characteristic; similarly, the behavioral environment parameter ZZ includes a behavioral environment parameter corresponding to the kth transaction operation timing parameter and used for characterizing the z-th behavioral environment characteristic. Wherein, the superscript serial numbers (1, \8230;, z) respectively represent serial numbers corresponding to the z-th behavior environment characteristics.
The computer device obtains a user behavior evaluation model, which may include a behavior sequence evaluation model architecture and a behavior synthesis evaluation model architecture. Further, the computer device inputs the behavior sequence vectors P1, \8230, and the behavior sequence vector Py into the behavior sequence evaluation model architecture, respectively, for convenience of description and understanding, the behavior sequence vector P1 is taken as an example to describe and generate a behavior sequence parameter for characterizing a first behavior sequence feature, and based on the remaining behavior sequence vectors, a process of generating a corresponding behavior sequence parameter may refer to the following description, which is not repeated herein.
It is understood that the behavior sequence evaluation model architecture in the embodiment of the present invention may be a time-series Neural network, such as a Recurrent Neural Network (RNN); the behavior comprehensive evaluation model architecture may be a deep Neural network, such as a Convolutional Neural Network (CNN) or a full Convolutional Neural network (FCN), and the embodiments of the present invention do not limit the network types of the behavior sequence evaluation model architecture and the behavior comprehensive evaluation model architecture, and may be set based on an actual application scenario.
Step S103, based on the generation node sequence among the user behavior parameters in the rest user behavior parameters, generating an initial user behavior evaluation result for representing the initial behavior generation node.
Specifically, the user behavior evaluation model further includes a user behavior definition model architecture, the remaining user behavior parameters include first remaining user behavior parameters and second remaining user behavior parameters, and the remaining behavior generation nodes include first remaining behavior generation nodes corresponding to the first remaining user behavior parameters and second remaining behavior generation nodes corresponding to the second remaining user behavior parameters.
Inputting a user behavior vector to be processed into a user behavior definition model framework, performing weighted average processing on input parameters for representing first residual behavior generation nodes in the user behavior definition model framework to obtain second initial user behavior evaluation results for representing second residual behavior generation nodes, wherein if the first residual behavior generation nodes are head nodes in the residual behavior generation nodes, the input parameters for representing the first residual behavior generation nodes are first residual user behavior parameters, and if the first residual behavior generation nodes are not the head nodes in the residual behavior generation nodes, the input parameters for representing the first residual behavior generation nodes are first residual user behavior parameters and first initial user behavior evaluation results for representing the first residual behavior generation nodes; determining the second initial user behavior evaluation result and the second residual user behavior parameters as input parameters for representing a second residual behavior generation node, performing weighted average processing on the input parameters for representing the second residual behavior generation node to obtain a third initial user behavior evaluation result, and determining the third initial user behavior evaluation result as the input parameters of the next residual behavior generation node if the second residual behavior generation node is not the last node in the residual behavior generation nodes; and if the second residual behavior generation node is the last node in the residual behavior generation nodes, determining the third initial user behavior evaluation result as the initial user behavior evaluation result used for representing the initial behavior generation nodes.
Illustratively, the to-be-processed user behavior vector D includes k transaction operation timing parameters (i.e., the transaction operation timing parameters corresponding to the last k transaction operations, respectively), i.e., (Q1, Q2, Q3, \ 8230;, db); the remaining user behavior parameters may include a user behavior parameter Q1 (which may be understood as a first user behavior parameter), a user behavior parameter Q2 (which may be understood as a second user behavior parameter), a user behavior parameter Q3 (which may be understood as a third user behavior parameter), \ 8230;, and a first user behavior parameter-1 (which may be understood as a b-1 th user behavior parameter), where the initial user behavior parameter is equal to the first user behavior parameter (which may be understood as a kth user behavior parameter).
With reference to step S101 and step S102, it is known that the initial behavior generation node in step S103 may be equal to the last transaction operation timing parameter in the comparison transaction operation timing parameter set, that is, the transaction operation timing parameter corresponding to the latest transaction operation is also equal to the transaction operation timing parameter corresponding to the first user behavior parameter, and the remaining behavior generation nodes in step S103 may include the transaction operation timing parameters except the last transaction operation timing parameter in the comparison transaction operation timing parameter set. Illustratively, the initial behavior-occurring node may be equal to 18 00 of 2022-03-06, and the remaining behavior-occurring nodes may include 9 00 of 2022-03-02, 18 00 of 2022-03-03, 18 00 of 2022-03-04, and 18 00 of 2022-03-05.
The user behavior evaluation model may include a user behavior definition model architecture, the computer device inputs a to-be-processed user behavior vector into the user behavior definition model architecture, and in the user behavior definition model architecture, a first user behavior evaluation result D for characterizing an initial behavior generation node is generated based on a sequence of generation nodes between user behavior parameters in the to-be-processed user behavior vector, where a specific process may be as follows: firstly, the computer device takes a target historical characteristic Q1 as an input parameter of a first time stamp node (which can be understood as a 1 st transaction operation time stamp in a comparison transaction operation time sequence parameter group), and generates a user behavior evaluation result A (which is equivalent to the output characteristic of the first time stamp node) for representing a second time stamp node (which can be understood as a 2 nd transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group); then, the user behavior parameter Q2 and the user behavior evaluation result A are used as input parameters of a 2 nd time stamp node, and a user behavior evaluation result B (equivalent to the output characteristic of the 2 nd time stamp node) for representing the 3 rd time stamp node is generated; the computer equipment takes the user behavior parameter Q3 and the user behavior evaluation result B as input parameters of a 3 rd time stamp node, and generates a user behavior evaluation result C (equivalent to the output characteristic of the 3 rd time stamp node) for representing a 4 th time stamp node; by analogy, in the user behavior definition model architecture, an initial user behavior evaluation result D for characterizing an initial behavior generation node is generated. Optionally, the user behavior evaluation result (e.g., the user behavior evaluation result a, the user behavior evaluation result B, the target prediction feature C, \ 8230;, the user behavior evaluation result D, and the user behavior evaluation result E and the user behavior evaluation result F mentioned later) may be represented by a certain functional relationship that the last 1 transaction operation timing parameter is expanded into the last 1 transaction operation timing parameter and the previous transaction operation timing parameters, e.g., the target prediction feature C used for characterizing the 3 rd transaction operation timing parameter in the comparison transaction operation timing parameter set may be generated based on the user behavior parameter Q3, the user behavior evaluation result a and the user behavior evaluation result B, at this time, it is considered that the user behavior evaluation results corresponding to the previous two transaction operation timing parameters respectively have an influence on the target prediction feature of the current transaction operation timing parameter, and a connection line crossing a neuron is added to the user behavior definition model architecture.
It can be understood that the user behavior definition model architecture in the embodiment of the present invention may be a time-series Neural network, such as a Recurrent Neural Network (RNN); the embodiment of the invention does not limit the network type of the user behavior definition model architecture, and can set based on the actual application scene.
With reference to step S102 and step S103, it can be seen that the network structures of the behavior sequence evaluation model architecture and the user behavior definition model architecture are recursive network structures, and the recursive summary is: the predicted characteristics of a certain timestamp (including the user behavior evaluation result and the behavior sequence parameter) can be represented by the combination of the actual value (i.e. the historical characteristics) of the last 1 timestamp and the predicted value (i.e. the predicted characteristics) of the last 1 timestamp.
And step S104, generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.
Specifically, the target user behavior evaluation result includes a first target user behavior evaluation result and a second target user behavior evaluation result, where a node sequence occurs between the first target user behavior evaluation result and the second target user behavior evaluation result.
In a user behavior definition model framework, carrying out weighted average processing on an initial user behavior evaluation result, initial user behavior parameters and user behavior evaluation parameters to obtain a first target user behavior evaluation result for representing the behavior characteristics of a user to be processed; and carrying out weighted average processing on the first target user behavior evaluation result and the user behavior evaluation parameters to obtain a second target user behavior evaluation result for representing the behavior characteristics of the user to be processed.
It can be understood that, in the embodiment of the present invention, the behavior feature of the user to be processed is not limited, and may be any index in the transaction service, for example, the user behavior attention feature, and similarly, the embodiment of the present invention does not limit the behavior sequence feature and the behavior environment feature that are linked to the behavior feature of the user to be processed, and may be any index in the transaction service, for example, when the behavior feature of the user to be processed is the user behavior attention feature, the behavior sequence feature may be a service index that is linked to the user behavior attention feature, and the behavior environment feature may be a service index that is linked to the user behavior attention feature. Further, the behavior sequence features may be converted into behavior environment features, for example, the key behavior features may belong to the behavior sequence features or the behavior environment features, and when the key behavior features belong to the behavior sequence features, behavior sequence vectors are formed based on the history features respectively corresponding to the aforementioned k transaction operations (k is equal to the number of transaction operations within the target preset time range); and when the key behavior characteristics belong to behavior environment characteristics, forming behavior environment parameters based on the historical characteristics corresponding to the latest transaction operation.
In the embodiment of the present invention, the input data input into the user behavior evaluation model not only includes the to-be-processed user behavior vector for characterizing the to-be-processed user behavior feature, but also includes the behavior sequence vector for characterizing the behavior sequence feature linked with the to-be-processed user behavior feature, and the behavior environment parameter for characterizing the behavior environment feature linked with the to-be-processed user behavior feature. The output of the user behavior evaluation model is one or more user behavior evaluation results (equivalent to the target user behavior evaluation result) belonging to the future and used for characterizing the behavior characteristics of the user to be processed.
In the embodiment of the invention, the user behavior evaluation parameters can be obtained through the behavior sequence vector and the behavior environment parameters; obtaining an initial user behavior evaluation result for representing an initial behavior generation node through a generation node sequence among the user behavior parameters in the rest of user behavior parameters; when a target user behavior evaluation result for representing the behavior characteristics of the user to be processed is generated, the initial user behavior evaluation result and the initial user behavior parameters for representing the initial behavior generation node are utilized, and user behavior evaluation parameters are also utilized, wherein although the service indexes corresponding to the user behavior evaluation parameters are different from the behavior characteristics of the user to be processed, the user behavior evaluation parameters can enrich the target user behavior evaluation result belonging to the behavior characteristics of the user to be processed. Therefore, the target user behavior evaluation result can cover the characteristics for representing the behavior characteristics of the user to be processed and the characteristics respectively corresponding to the behavior sequence characteristics and the behavior environment characteristics, namely the target user behavior evaluation result comprises the multi-information characteristics, so that the accuracy of the target user behavior evaluation result can be improved by sampling the target user behavior evaluation result in an actual application scene.
Further, the embodiments of the present invention also provide the following embodiments.
Step S201, a user behavior data set of the to-be-processed IP address user in the first service environment is obtained, where the user behavior data set includes a to-be-processed user behavior vector for characterizing a to-be-processed user behavior feature, a behavior sequence vector for characterizing a behavior sequence feature linked with the to-be-processed user behavior feature, and a behavior environment parameter for characterizing a behavior environment feature linked with the to-be-processed user behavior feature, the to-be-processed user behavior vector includes an initial user behavior parameter and a remaining user behavior parameter, the remaining user behavior parameter includes a user behavior parameter other than the initial user behavior parameter in the to-be-processed user behavior vector, and an initial behavior generation node corresponding to the initial user behavior parameter is located behind a remaining behavior generation node corresponding to the remaining user behavior parameter.
Specifically, the first service environment comprises an online transaction platform; the user behavior features to be processed comprise user behavior attention degree features, and the behavior sequence features comprise behavior persistence features, behavior repetition features, behavior starting features and key behavior features; the specific process of combining the to-be-processed user behavior vectors and the combined behavior sequence vector may include: fusing user behavior attention parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user behavior vector to be processed for representing the user behavior attention characteristics; fusing the user continuous behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group to obtain a user continuous behavior vector for representing the behavior continuous characteristic; fusing the user repetitive behavior parameters respectively corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter group to obtain a user repetitive behavior vector for representing behavior repetitive characteristics; fusing user initial behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user initial behavior vector for representing behavior initial characteristics; fusing the user key behavior parameters corresponding to each transaction operation time sequence parameter in the comparative transaction operation time sequence parameter set to obtain a user key behavior vector for representing key behavior characteristics; and determining the user continuous behavior vector, the user repeated behavior vector, the user initial behavior vector and the user key behavior vector as behavior sequence vectors.
Specifically, the behavior environment characteristics comprise online transaction platform characteristics, user behavior type characteristics, user login historical time period characteristics, user historical login platform geographic position characteristics and user behavior operation node matching characteristics; the specific process of acquiring the behavioral environment parameters for characterizing the behavioral environment characteristics, which are linked with the last transaction operation timing parameters, can comprise the following steps: acquiring online trading platform parameters which are linked with the last-order trading operation time sequence parameters and used for representing characteristics of the online trading platform; acquiring a user behavior type parameter which is linked with a last transaction operation time sequence parameter and is used for representing a user behavior type characteristic; acquiring a user login historical time period parameter which is linked with the last transaction operation time sequence parameter and is used for representing the user login historical time period characteristic; acquiring a user history login platform geographical position parameter which is linked with the last transaction operation time sequence parameter and used for representing the geographical position characteristic of the user history login platform; acquiring a user behavior operation node matching parameter which is linked with the last transaction operation time sequence parameter and used for representing the matching characteristic of the user behavior operation node; determining parameters of an online transaction platform, user behavior type parameters, user login historical time period parameters, user historical login platform geographic position parameters and user behavior operation node matching parameters as behavior environment parameters
It can be understood that, the user behavior attention feature is taken as an example to describe the behavior feature of the user to be processed, and in an actual application scenario, other service indexes may be determined as the behavior feature of the user to be processed.
Step S202, based on the behavior sequence vector and the behavior environment parameters, generating user behavior evaluation parameters, wherein the user behavior evaluation parameters are used for representing behavior sequence characteristics and legal confidence degrees between the behavior environment characteristics.
Step S203, based on the generation node sequence among the user behavior parameters in the remaining user behavior parameters, generating an initial user behavior evaluation result for representing the initial behavior generation node.
And step S204, generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.
The specific processes of step S202 to step S204 may refer to the descriptions in the foregoing corresponding embodiments, and are not described herein again.
Step S205, performing fusion operation on the user behavior attention parameters in the user behavior attention vector to obtain a user behavior total attention parameter, and performing averaging operation on the user behavior total attention parameter based on the number of the user behavior attention parameters in the user behavior attention vector to obtain a user behavior reference attention parameter.
And S206, performing fusion operation on the plurality of user behavior attention degree evaluation parameters to obtain a user behavior total attention degree evaluation parameter, and performing averaging operation on the user behavior total attention degree evaluation parameter based on m to obtain a user behavior reference attention degree evaluation parameter.
Step S207, performing an averaging operation on the user behavior reference attention degree evaluation parameter and the user behavior reference attention degree parameter to obtain a target attention degree.
And step S208, performing an attention strategy in contact with the online transaction platform based on the target attention.
Specifically, the first service environment comprises an online trading platform; the user behavior features to be processed comprise user behavior attention features, the user behavior vectors to be processed comprise user behavior attention vectors used for representing the user behavior attention features, and the target user behavior evaluation result comprises a plurality of user behavior attention evaluation parameters used for representing the user behavior attention features. If the target attention degree exceeds the preset attention degree, performing a real-time attention strategy of the online transaction platform with contact; determining the number of transaction operations of a user with an IP address to be processed in a preset time range of an online transaction platform, and comparing the number of transaction operations in the preset time range with a threshold value of the number of transaction operations in the preset time range; and if the number of the transaction operations in the preset time range exceeds the threshold value of the number of the transaction operations in the preset time range, marking the IP address user to be processed as a risk address.
Further, the computer device counts the transaction operation numbers in the preset time range respectively corresponding to the 4 online transaction platforms, and when the transaction operation numbers in the preset time range exceed the transaction operation number threshold in the preset time range, the user with the IP address to be processed can be marked as a risk address (i.e., a risk account exists), for example, the transaction operation number in the preset time range of the user with the IP address to be processed Ta is 50 times, the transaction operation number in the preset time range of the user with the IP address to be processed Tb is 60 times, the transaction operation number in the preset time range of the user with the IP address to be processed Tc is 30 times, the transaction operation number in the preset time range of the user with the IP address to be processed Te is 10 times, and the transaction operation number threshold in the preset time range is 30, so that the user with the IP address to be processed Ta, the user with the IP address to be processed, and the user with the IP address to be processed Tc can be determined as having a risk account.
After the computer device determines the 3 risk-existing accounts based on the transaction operation number threshold in the preset time range, further acquiring a recent transaction trend of each risk-existing account, and if the recent transaction trend of the risk-existing account is an increasing trend and the increasing value is greater than a first increasing threshold, determining that the risk-existing account is at a high risk; if the recent transaction trend of the account with risk is an average trend, or an increasing trend occurs and the increasing value is smaller than a second increasing threshold (the second increasing threshold is smaller than the first increasing threshold), but the target attention degree corresponding to the account with risk is larger than the target attention degree threshold, the potential risk of the account with risk can be determined, and the account with risk can be labeled as a potential risk account.
In the embodiment of the invention, the user behavior evaluation parameters can be obtained through the behavior sequence vector and the behavior environment parameters; obtaining an initial user behavior evaluation result for representing an initial behavior generation node through a generation node sequence among the user behavior parameters in the rest of user behavior parameters; when a target user behavior evaluation result for representing the behavior characteristics of the user to be processed is generated, the initial user behavior evaluation result and the initial user behavior parameters for representing the initial behavior generation node are utilized, and user behavior evaluation parameters are also utilized, wherein although the service indexes corresponding to the user behavior evaluation parameters are different from the behavior characteristics of the user to be processed, the user behavior evaluation parameters can enrich the target user behavior evaluation result belonging to the behavior characteristics of the user to be processed. Therefore, the target user behavior evaluation result can cover the characteristics for representing the behavior characteristics of the user to be processed and the characteristics respectively corresponding to the behavior sequence characteristics and the behavior environment characteristics, namely the target user behavior evaluation result comprises the multi-information characteristics, so that the accuracy of the target user behavior evaluation result can be improved by sampling the target user behavior evaluation result in an actual application scene.
In order to further improve the security of the solution provided by the present invention, before the aforementioned step S101 is executed, the following example may also exist.
Step S301, receiving a verification instruction for verifying a user behavior data set sent by a user of an IP address to be processed;
in the embodiment of the invention, the user of the IP address to be processed can send a verification instruction to the computer equipment through the client installed on the user terminal; in implementation, the pending IP address user may trigger a validation indication in a display interface of the client.
Step S302, storing the received verification instruction in a temporary storage isolation space;
the temporary storage isolation space of the embodiment of the invention can be a preset safe memory, and after receiving the verification instruction, the computer equipment stores the received verification instruction in the preset safe memory; and the third-party security server judges the preset security memory.
Step S303, after the third-party security server judges the verification instruction in the temporary storage isolation space, determining a verification permission certificate corresponding to the verification instruction, and performing security processing on the verification permission certificate to obtain a verification vector;
in implementation, the third-party security server determines the temporary isolation space.
When the temporary storage isolation space is a preset secure memory, after judging that a verification instruction is newly added in the preset secure memory, the third-party secure server acquires an operation behavior type identifier contained in the verification instruction, and determines a verification permission certificate corresponding to the verification instruction based on operation behavior type information;
when the to-be-processed IP address user triggers the verification indication, the verification indication carries the operation behavior category of the user behavior data group required by the to-be-processed IP address user. For example, when the user of the IP address to be processed needs to obtain data of the historical transaction record, the verification instruction carries the operation behavior category identifier T, and after obtaining the operation behavior category identifier T carried in the verification instruction, the third-party security server determines that the user of the IP address to be processed needs to obtain the verification permission certificate of the historical transaction record. For another example, when the user of the IP address to be processed needs to obtain the data of the historical login record, the verification instruction carries the operation behavior class identifier D, and after obtaining the operation behavior class identifier D carried in the verification instruction, the third-party security server determines that the user of the IP address to be processed needs to obtain the verification permission certificate of the historical login record.
In the implementation, the third-party security server acquires the identity information of the IP address user to be processed from the verification instruction, performs authority authentication on the IP address user to be processed based on the identity information of the IP address user to be processed, and determines that the validity authentication of the verification instruction passes after the authentication passes.
After the third-party security server determines the verification license corresponding to the verification instruction, the third-party security server encrypts the verification license by using a local encryption strategy to obtain a verification vector.
Step S304, the third-party security server distributes the verification vector to the computer equipment;
it should be noted that, when the third-party security server in the embodiment of the present invention distributes the verification vector to the computer device, the third-party security server also needs to distribute the current encryption policy, which is obtained by performing security processing on the local encryption policy, to the computer device;
an optional implementation manner is that the third-party security server generates a preset encryption policy, and encrypts the local encryption policy by using the generated preset encryption policy to obtain the current encryption policy.
S305, a third-party security server presets an encryption strategy to be distributed to a user of the IP address to be processed;
in implementation, when the third-party security server generates a preset encryption strategy, a user authority code for performing security verification on a user of the IP address to be processed is generated; and the third-party security server distributes the preset encryption strategy and the user authority code to the IP address user to be processed.
When the third-party security server allocates the preset encryption policy and the user permission code to the user of the IP address to be processed, an optional implementation manner is as follows:
the third-party security server distributes the preset encryption strategy and the user authority code to the exchange equipment in communication connection with the IP address user to be processed, and the exchange equipment distributes the preset encryption strategy and the user authority code to the IP address user to be processed;
it should be noted that when the user with the IP address to be processed accesses the computer device and triggers the verification instruction for verifying the user behavior data set, the computer device may obtain the receiving address of the user terminal of the user with the IP address to be processed.
Step S306, receiving a preset encryption strategy sent by a user of the IP address to be processed;
it should be noted that, when the third-party security server simultaneously pushes the preset encryption policy and the user permission code to the user of the to-be-processed IP address, the computer device receives the preset encryption policy and the user permission code sent by the user of the to-be-processed IP address;
in the implementation, a user of the IP address to be processed accesses the computer equipment through the client, and the user of the IP address to be processed inputs a preset encryption strategy and a user permission code in a display interface of the client; and acquiring a preset encryption strategy and a user permission code input by a user of the IP address to be processed in a display interface of the client.
Step S307, processing the verification vector based on a preset encryption strategy to obtain a verification license;
after receiving a preset encryption strategy and a user authority code sent by a user of an IP address to be processed, carrying out security verification on the user of the IP address to be processed based on the user authority code sent by the user of the IP address to be processed, and after the security verification is passed, processing a verification vector based on the preset encryption strategy to obtain a verification license;
in implementation, a preset encryption strategy is used for processing a current encryption strategy distributed by a third-party security server to obtain a local encryption strategy;
and after the local encryption strategy is obtained, processing the verification vector by using the local encryption strategy to obtain a verification license certificate.
Step S308, the verification permission certificate obtained by processing is issued to the IP address user to be processed;
after the computer equipment processes the verification license certificate, the verification license certificate is issued to a client used by the IP address user to be processed; and displaying the authentication permission certificate to the IP address user to be processed in a display interface of the client.
In the embodiment of the invention, after the verification instruction of the IP address user to be processed is received, the third-party security server judges the verification instruction in a preset security memory mode, and encrypts the verification license corresponding to the verification instruction by using the local encryption strategy to obtain the verification vector. Meanwhile, the third-party security server generates a preset encryption strategy and a user permission code, encrypts the local encryption strategy through the preset encryption strategy to obtain a current encryption strategy, and distributes the current encryption strategy to the computer equipment when the verification vector is distributed to the computer equipment, so that the problem of data leakage caused by leakage of the local encryption strategy due to the fact that the local encryption strategy is directly distributed to the computer equipment is avoided. Then, the third-party security server distributes the generated preset encryption strategy and the user permission code to the IP address user to be processed, the IP address user to be processed sends the preset encryption strategy and the user permission code to the computer equipment, the computer equipment conducts security verification on the IP address user to be processed based on the user permission code, the preset encryption strategy is used for processing the current encryption strategy to obtain a local encryption strategy after the security verification is confirmed to be passed, and the local encryption strategy is used for processing the verification vector to obtain a verification permission certificate. In the data transmission mode of the embodiment of the invention, the verification vector and the preset encryption strategy are sent separately, so that data leakage caused by interception of the verification vector and the preset encryption strategy by a malicious third party can be avoided, and the third party security server sends the preset encryption strategy to the IP address user to be processed, and encrypts the verification permission certificate by using the local encryption strategy, thereby further improving the security of data transmission.
In order to more clearly describe the scheme provided by the embodiment of the present invention, a more detailed example is provided below.
Step S401, responding to a verification instruction for verifying a user behavior data set triggered by a user of the IP address to be processed, and sending the verification instruction to computer equipment;
step S402, storing the verification instruction in a preset safe memory;
step S403, the third-party security server judges a verification instruction in the preset security memory;
step S404, the third party security server determines a verification permission certificate corresponding to the verification instruction, and obtains a verification vector after the verification permission certificate is subjected to security processing by using a local encryption strategy;
step S405, the third party security server generates a preset encryption strategy and a user authority code, and encrypts the local encryption strategy by using the preset encryption strategy to obtain a current encryption strategy;
step S406, the third-party security server distributes the verification vector and the current encryption strategy to the computer equipment;
step S407, the third party security server distributes the preset encryption strategy and the user authority code to the exchange equipment in the computer equipment;
step S408, the exchange equipment in the computer equipment distributes the preset encryption strategy and the user authority code to the IP address user to be processed;
step S409, the client acquires a preset encryption strategy and a user authority code input by a user of the IP address to be processed;
step S410, the client sends a preset encryption strategy and a user authority code to the computer equipment;
step S411, the safety of the IP address user to be processed is verified and passed based on the user authority code;
step S412, processing the current encryption strategy by using a preset encryption strategy to obtain a local encryption strategy, and processing the verification vector by using the local encryption strategy to obtain a verification license certificate;
step S413, issuing the verification license to the client;
and step S414, the client displays the verification permission certificate to the IP address user to be processed in the display interface.
In order to more clearly describe the scheme provided by the embodiment of the present invention, please refer to the following detailed examples.
Step S501, after receiving a verification instruction for verifying a user behavior data set sent by a user of an IP address to be processed, storing the verification instruction in a temporary storage isolation space;
step S502, receiving a verification vector corresponding to a verification instruction distributed by a third-party security server; the verification vector is obtained by performing security processing on a verification license certificate corresponding to the verification instruction after the third-party security server judges the verification instruction in the temporary storage isolation space;
step S503, after receiving the preset encryption strategy sent by the IP address user to be processed, processing the verification vector based on the preset encryption strategy to obtain a verification permission certificate, and sending the obtained verification permission certificate to the IP address user to be processed; and the preset encryption policy sent by the IP address user to be processed is distributed to the IP address user to be processed by the third-party security server.
Optionally, when receiving a verification vector corresponding to the verification indication distributed by the third-party security server, the method further includes:
receiving a current encryption strategy corresponding to a verification vector distributed by a third-party security server; the current encryption strategy is obtained by converting a local encryption strategy by using a preset encryption strategy, and the local encryption strategy is an encryption strategy used when a license certificate is encrypted and verified;
the method for processing the verification vector based on the preset encryption strategy to obtain the verification license certificate comprises the following steps:
processing the current encryption strategy by using a preset encryption strategy to obtain a local encryption strategy; and processing the verification vector by using the obtained local encryption strategy to obtain a verification license certificate.
Optionally, before processing the verification vector based on the preset encryption policy to obtain the verification license, the method further includes:
receiving a user authority code sent by an IP address user to be processed; the user authority code is distributed to the IP address user to be processed by the third-party security server;
and carrying out safety verification on the IP address user to be processed based on the user permission code, and determining that the safety verification of the IP address user to be processed passes.
In order to more clearly describe the scheme provided by the embodiment of the present invention, the third-party secure server is used as an execution subject for description below.
Step S601, after judging the verification instruction in the temporary storage isolation space, the third party security server determines a verification license corresponding to the verification instruction, and encrypts the determined verification license to obtain a verification vector; the verification instruction is stored in the temporary storage isolation space after receiving the verification instruction of the verification user behavior data set sent by the IP address user to be processed;
step S602, the third party security server allocates the verification vector to the computer device, and allocates the generated preset encryption policy to the to-be-processed IP address user, so that the to-be-processed IP address user sends the preset encryption policy to the computer device, the computer device processes the verification vector based on the preset encryption policy to obtain a verification license, and sends the verification license to the to-be-processed IP address user.
Optionally, the encrypting, by the third party security server, the determined verification license to obtain a verification vector includes:
and the third party security server encrypts the determined verification license certificate by using a local encryption strategy to obtain a verification vector.
Optionally, before the third-party secure server distributes the verification vector to the computer device, the method further includes:
the third-party security server generates a preset encryption strategy, and encrypts the local encryption strategy by using the preset encryption strategy to obtain a current encryption strategy;
when the third party security server distributes the verification vector to the computer equipment, the method further comprises the following steps:
and the third-party security server distributes the current encryption strategy to the computer equipment so that the computer equipment processes the current encryption strategy by using the preset encryption strategy to obtain a local encryption strategy, and processes the verification vector by using the local encryption strategy to obtain a verification permission certificate.
Optionally, when the third-party security server allocates the generated preset encryption policy to the user with the to-be-processed IP address, the method further includes:
and the third-party security server distributes the generated user authority code to the IP address user to be processed so that the IP address user to be processed sends the preset encryption strategy and the user authority code to the computer equipment, and the computer equipment processes the current encryption strategy by using the preset encryption strategy to obtain the local encryption strategy after passing the security verification of the IP address user to be processed based on the user authority code.
Optionally, the third-party security server allocates a preset encryption policy and the generated user permission code to the user with the to-be-processed IP address based on the following manner:
the third-party security server distributes the preset encryption strategy and the user authority code to the exchange equipment in the computer equipment, and the exchange equipment in the computer equipment forwards the preset encryption strategy and the user authority code to the IP address user to be processed.
Based on the same inventive concept, the embodiment of the present invention further provides a data transmission apparatus, and as the principle of the apparatus for solving the problem is similar to the data transmission method, the implementation of the apparatus can refer to the implementation of the method, and repeated details are not repeated.
Referring to fig. 2, fig. 2 is a schematic block diagram illustrating a data processing system 110 based on IP address analysis according to an embodiment of the present invention.
An obtaining module 1101, configured to obtain a user behavior data set of a to-be-processed IP address user in a first service environment, where the user behavior data set includes a to-be-processed user behavior vector for characterizing a to-be-processed user behavior feature, a behavior sequence vector for characterizing a behavior sequence feature linked with the to-be-processed user behavior feature, and a behavior environment parameter for characterizing a behavior environment feature linked with the to-be-processed user behavior feature, the to-be-processed user behavior vector includes an initial user behavior parameter and a remaining user behavior parameter, the remaining user behavior parameter includes a user behavior parameter other than the initial user behavior parameter in the to-be-processed user behavior vector, and an initial behavior generating node corresponding to the initial user behavior parameter is located behind a remaining behavior generating node corresponding to the remaining user behavior parameter.
The analysis module 1102 is configured to generate a user behavior evaluation parameter based on the behavior sequence vector and the behavior environment parameter, where the user behavior evaluation parameter is used to characterize behavior sequence characteristics and legal confidence between the behavior environment characteristics; generating an initial user behavior evaluation result for representing an initial behavior generation node based on a generation node sequence among the user behavior parameters in the rest of user behavior parameters; and generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters.
It should be noted that, for the implementation principle of the data processing system 110 based on IP address analysis, reference may be made to the implementation principle of the data processing method based on IP address analysis, and details are not described herein again.
The embodiment of the present invention provides a computer device 100, where the computer device 100 includes a processor and a non-volatile memory storing computer instructions, and when the computer instructions are executed by the processor, the computer device 100 executes the data processing system 110 based on IP address analysis. As shown in fig. 3, fig. 3 is a block diagram of a computer device 100 according to an embodiment of the present invention. The computer device 100 includes a data processing system 110 based on IP address analysis, a memory 111, a processor 112, and a communication unit 113.
The readable storage medium comprises a computer program, and when the computer program runs, the computer device where the readable storage medium is located is controlled to execute the aforementioned data processing method based on the IP address analysis.
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated. The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated.

Claims (9)

1. A data processing method based on IP address analysis is characterized by comprising the following steps:
acquiring a user behavior data set of a user of an IP address to be processed in a first service environment, wherein the user behavior data set comprises a user behavior vector to be processed for representing the behavior characteristics of the user to be processed, a behavior sequence vector for representing the behavior sequence characteristics linked with the user behavior characteristics to be processed, and behavior environment parameters for representing the behavior environment characteristics linked with the user behavior characteristics to be processed, the user behavior vector to be processed comprises initial user behavior parameters and residual user behavior parameters, the residual user behavior parameters comprise user behavior parameters except the initial user behavior parameters in the user behavior vector to be processed, and initial behavior generation nodes corresponding to the initial user behavior parameters are positioned behind residual behavior generation nodes corresponding to the residual user behavior parameters;
generating a user behavior evaluation parameter based on the behavior sequence vector and the behavior environment parameter, wherein the user behavior evaluation parameter is used for representing legal confidence degrees between the behavior sequence characteristics and the behavior environment characteristics;
generating an initial user behavior evaluation result for representing the initial behavior generation node based on a generation node sequence among the user behavior parameters in the residual user behavior parameters;
generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters;
the first business environment comprises an online trading platform;
the acquiring of the user behavior data group of the to-be-processed IP address user in the first service environment comprises:
determining the transaction operation number of the IP address user to be processed in a preset time range of the online transaction platform, and comparing the transaction operation number in the preset time range with a preset safe transaction operation number;
if the transaction operation number exceeds the preset safe transaction operation number within the preset time range, adding the transaction operation time sequence parameters respectively corresponding to each transaction operation to the initial transaction operation time sequence parameter group;
obtaining a comparative transaction operation timing parameter group from the initial transaction operation timing parameter group, wherein the number of the transaction operation timing parameters in the comparative transaction operation timing parameter group is equal to the preset safe transaction operation number, and each transaction operation timing parameter in the comparative transaction operation timing parameter group is positioned behind the rest transaction operation timing parameters, the rest transaction operation timing parameters comprise the transaction operation timing parameters except the comparative transaction operation timing parameter group in the initial transaction operation timing parameter group, and the comparative transaction operation timing parameter group comprises a first transaction operation timing parameter;
acquiring first transaction operation data of the IP address user to be processed in a transaction operation corresponding to a first transaction operation time sequence parameter, wherein the first transaction operation data comprises a first user behavior parameter used for representing behavior characteristics of the user to be processed and a first behavior sequence characteristic value used for representing the behavior sequence characteristic, the behavior characteristics of the user to be processed comprise user behavior attention characteristics, and the behavior sequence characteristic comprises behavior persistence characteristics, behavior repetition characteristics, behavior starting characteristics and key behavior characteristics;
according to the sequence of transaction operation time sequence parameters from front to back, user behavior attention degree parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set are fused to obtain the user behavior vector to be processed for representing the user behavior attention degree characteristics;
fusing user continuous behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user continuous behavior vector for representing the behavior continuous characteristic;
fusing user repeated behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user repeated behavior vector for representing the behavior repeated characteristics;
fusing user initial behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user initial behavior vector for representing the behavior initial characteristics;
fusing user key behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user key behavior vector for representing the key behavior characteristics;
determining the user continuous behavior vector, the user repeated behavior vector, the user initial behavior vector and the user key behavior vector as the behavior sequence vector;
determining the transaction operation time sequence parameter of the last node in the comparison transaction operation time sequence parameter group as a last transaction operation time sequence parameter;
acquiring the behavioral environment parameters which are related to the last transaction operation time sequence parameters and used for representing the behavioral environment characteristics;
and determining the user behavior vector to be processed, the behavior sequence vector and the behavior environment parameter as the user behavior data set.
2. The method of claim 1, wherein the behavioral environment characteristics include online trading platform characteristics, user behavior type characteristics, user login history time period characteristics, user history login platform geographic location characteristics, and user behavior operation node matching characteristics;
the obtaining the behavioral environment parameters which are related to the last transaction operation timing sequence parameters and used for characterizing the behavioral environment characteristics comprises the following steps:
acquiring online trading platform parameters which are linked with the last-order trading operation time sequence parameters and used for representing the characteristics of the online trading platform;
acquiring a user behavior type parameter which is linked with the last transaction operation time sequence parameter and is used for representing the user behavior type characteristic;
acquiring a user login historical time period parameter which is linked with the last transaction operation time sequence parameter and is used for representing the user login historical time period characteristic;
acquiring a user history login platform geographical position parameter which is linked with the last transaction operation time sequence parameter and is used for representing the geographical position characteristic of the user history login platform;
acquiring user behavior operation node matching parameters which are related to the last transaction operation time sequence parameters and used for representing the matching characteristics of the user behavior operation nodes;
and determining the parameters of the online transaction platform, the user behavior type parameters, the time period parameters of the user login history, the geographic position parameters of the user history login platform and the matching parameters of the user behavior operation nodes as the behavior environment parameters.
3. The method of claim 1, wherein generating user behavior assessment parameters based on the behavior sequence vector and the behavior environment parameters comprises:
acquiring a user behavior evaluation model, wherein the user behavior evaluation model comprises a behavior sequence evaluation model framework and a behavior comprehensive evaluation model framework;
inputting the behavior sequence vector into a behavior sequence evaluation model architecture, and generating behavior sequence parameters for representing the behavior sequence characteristics based on an occurrence node sequence between the user behavior time sequence parameters in the behavior sequence vector in the behavior sequence evaluation model architecture;
and respectively inputting the behavior sequence parameters and the behavior environment parameters into a behavior comprehensive evaluation model architecture, and performing weighted average processing on the behavior sequence parameters and the behavior environment parameters in the behavior comprehensive evaluation model architecture to generate the user behavior evaluation parameters.
4. The method of claim 3, wherein the user behavior assessment model further comprises a user behavior definition model architecture, wherein the remaining user behavior parameters comprise a first remaining user behavior parameter and a second remaining user behavior parameter, and wherein the remaining behavior generation nodes comprise a first remaining behavior generation node corresponding to the first remaining user behavior parameter and a second remaining behavior generation node corresponding to the second remaining user behavior parameter;
generating an initial user behavior evaluation result for characterizing the initial behavior generation node based on the generation node sequence among the user behavior parameters in the remaining user behavior parameters, including:
inputting the user behavior vector to be processed into the user behavior definition model architecture, performing weighted average processing on input parameters for representing the first remaining behavior generation node in the user behavior definition model architecture to obtain a second initial user behavior evaluation result for representing the second remaining behavior generation node, if the first remaining behavior generation node is a first node in the remaining behavior generation nodes, then the input parameters for representing the first remaining behavior generation node are the first remaining user behavior parameters, and if the first remaining behavior generation node is not the first node in the remaining behavior generation nodes, then the input parameters for representing the first remaining behavior generation node are the first remaining user behavior parameters and the first initial user behavior evaluation result for representing the first remaining behavior generation node;
determining the second initial user behavior evaluation result and the second residual user behavior parameters as input parameters for representing the second residual behavior generation node, performing weighted average processing on the input parameters for representing the second residual behavior generation node to obtain a third initial user behavior evaluation result, and determining the third initial user behavior evaluation result as the input parameters of the next residual behavior generation node if the second residual behavior generation node is not the last node in the residual behavior generation nodes;
and if the second remaining behavior generation node is a last node in the remaining behavior generation nodes, determining the third initial user behavior evaluation result as the initial user behavior evaluation result used for representing the initial behavior generation node.
5. The method according to claim 4, wherein the target user behavior evaluation result comprises a first target user behavior evaluation result and a second target user behavior evaluation result, wherein a sequence of occurrence nodes exists between the first target user behavior evaluation result and the second target user behavior evaluation result;
generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters, including:
in the user behavior definition model architecture, performing weighted average processing on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters to obtain a first target user behavior evaluation result for representing the behavior characteristics of the user to be processed;
and performing weighted average processing on the first target user behavior evaluation result and the user behavior evaluation parameters to obtain a second target user behavior evaluation result for representing the behavior characteristics of the user to be processed.
6. The method according to claim 1, wherein the first business environment comprises an online trading platform, the to-be-processed user behavior feature comprises a user behavior attention feature, the to-be-processed user behavior vector comprises a user behavior attention vector for characterizing the user behavior attention feature, and the target user behavior evaluation result comprises a plurality of user behavior attention evaluation parameters for characterizing the user behavior attention feature;
the method further comprises the following steps:
performing fusion operation on the user behavior attention parameters in the user behavior attention vector to obtain a user behavior total attention parameter, and performing average operation on the user behavior total attention parameter based on the number of the user behavior attention parameters in the user behavior attention vector to obtain a user behavior reference attention parameter;
performing fusion operation on the plurality of user behavior attention degree evaluation parameters to obtain a user behavior total attention degree evaluation parameter, and performing averaging operation on the user behavior total attention degree evaluation parameter to obtain a user behavior reference attention degree evaluation parameter;
averaging the user behavior reference attention degree evaluation parameter and the user behavior reference attention degree parameter to obtain a target attention degree;
and performing an attention strategy in connection with the online trading platform based on the target attention.
7. The method of claim 6, wherein performing an attention strategy for contacting the online trading platform based on the target attention comprises:
if the target attention degree exceeds the preset attention degree, performing a real-time attention strategy of the existing contact on the online trading platform;
determining the transaction operation number of the IP address user to be processed in a preset time range of the online transaction platform, and comparing the transaction operation number in the preset time range with a transaction operation number threshold in the preset time range;
and if the transaction operation number in the preset time range exceeds the transaction operation number threshold in the preset time range, marking the IP address user to be processed as a risk address.
8. The method according to claim 1, wherein before the obtaining the user behavior data set of the pending IP address user in the first service environment, the method further comprises:
after receiving a verification instruction for verifying a user behavior data set sent by an IP address user to be processed, storing the verification instruction to a temporary storage isolation space;
receiving a verification vector corresponding to the verification indication distributed by a third-party security server; the verification vector is obtained after the third-party security server performs security processing on a verification license certificate corresponding to the verification instruction after determining the verification instruction in the temporary storage isolation space; receiving a current encryption strategy corresponding to the verification vector distributed by the third-party security server; the current encryption strategy is obtained by converting a local encryption strategy by using a preset encryption strategy, and the local encryption strategy is an encryption strategy used when the verification license certificate is subjected to security processing; receiving a user authority code sent by the IP address user to be processed; the user authority code is distributed to the IP address user to be processed by the third-party security server;
carrying out security verification on the IP address user to be processed based on the user permission code, and determining that the security verification on the IP address user to be processed is passed;
after receiving a preset encryption strategy sent by the IP address user to be processed, processing the current encryption strategy by using the preset encryption strategy to obtain a local encryption strategy; processing the verification vector by using the obtained local encryption strategy to obtain the verification license certificate, and issuing the obtained verification license certificate to the IP address user to be processed; the preset encryption strategy sent by the IP address user to be processed is distributed to the IP address user to be processed by the third-party security server.
9. A data processing system based on IP address analysis, comprising:
an obtaining module, configured to obtain a user behavior data set of a to-be-processed IP address user in a first service environment, where the user behavior data set includes a to-be-processed user behavior vector for characterizing a to-be-processed user behavior feature, a behavior sequence vector for characterizing a behavior sequence feature linked with the to-be-processed user behavior feature, and a behavior environment parameter for characterizing a behavior environment feature linked with the to-be-processed user behavior feature, the to-be-processed user behavior vector includes an initial user behavior parameter and a remaining user behavior parameter, the remaining user behavior parameter includes a user behavior parameter in the to-be-processed user behavior vector except the initial user behavior parameter, and an initial behavior generating node corresponding to the initial user behavior parameter is located behind a remaining behavior generating node corresponding to the remaining user behavior parameter;
the analysis module is used for generating a user behavior evaluation parameter based on the behavior sequence vector and the behavior environment parameter, wherein the user behavior evaluation parameter is used for representing the behavior sequence characteristic and the legal confidence coefficient between the behavior environment characteristics; generating an initial user behavior evaluation result for representing the initial behavior generation node based on a generation node sequence among the user behavior parameters in the residual user behavior parameters; generating a target user behavior evaluation result for representing the behavior characteristics of the user to be processed based on the initial user behavior evaluation result, the initial user behavior parameters and the user behavior evaluation parameters;
the first business environment comprises an online trading platform;
the acquisition module is specifically configured to:
determining the transaction operation number of the IP address user to be processed in a preset time range of the online transaction platform, and comparing the transaction operation number in the preset time range with a preset safe transaction operation number; if the transaction operation number exceeds the preset safe transaction operation number within the preset time range, adding the transaction operation time sequence parameters respectively corresponding to each transaction operation to the initial transaction operation time sequence parameter group; obtaining a comparison transaction operation timing parameter group from the initial transaction operation timing parameter group, wherein the number of the transaction operation timing parameters in the comparison transaction operation timing parameter group is equal to the preset safe transaction operation number, each transaction operation timing parameter in the comparison transaction operation timing parameter group is positioned behind the rest transaction operation timing parameters, the rest transaction operation timing parameters comprise the transaction operation timing parameters except the comparison transaction operation timing parameter group in the initial transaction operation timing parameter group, and the comparison transaction operation timing parameter group comprises a first transaction operation timing parameter; acquiring first transaction operation data of the IP address user to be processed in a transaction operation corresponding to a first transaction operation time sequence parameter, wherein the first transaction operation data comprises a first user behavior parameter for representing behavior characteristics of the user to be processed and a first behavior sequence characteristic value for representing the behavior sequence characteristic, the behavior characteristics of the user to be processed comprise a user behavior attention characteristic, and the behavior sequence characteristic comprises a behavior continuation characteristic, a behavior repetition characteristic, a behavior initiation characteristic and a key behavior characteristic; according to the sequence of the transaction operation time sequence parameters from front to back, fusing the user behavior attention degree parameters corresponding to each transaction operation time sequence parameter in the comparative transaction operation time sequence parameter set to obtain the user behavior vector to be processed for representing the user behavior attention degree characteristics; fusing user continuous behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user continuous behavior vector for representing the behavior continuous characteristics; fusing user repeated behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user repeated behavior vector for representing the behavior repeated characteristics; fusing user initial behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user initial behavior vector for representing the behavior initial characteristics; fusing user key behavior parameters corresponding to each transaction operation time sequence parameter in the comparison transaction operation time sequence parameter set to obtain a user key behavior vector for representing the key behavior characteristics; determining the user continuous behavior vector, the user repeated behavior vector, the user initial behavior vector and the user key behavior vector as the behavior sequence vector; determining the transaction operation time sequence parameter of the last node in the comparison transaction operation time sequence parameter group as a last transaction operation time sequence parameter; acquiring the behavioral environment parameters which are linked with the last transaction operation time sequence parameters and used for representing the behavioral environment characteristics; and determining the user behavior vector to be processed, the behavior sequence vector and the behavior environment parameter as the user behavior data set.
CN202211013563.5A 2022-08-23 2022-08-23 Data processing method and system based on IP address analysis Active CN115102873B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211013563.5A CN115102873B (en) 2022-08-23 2022-08-23 Data processing method and system based on IP address analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211013563.5A CN115102873B (en) 2022-08-23 2022-08-23 Data processing method and system based on IP address analysis

Publications (2)

Publication Number Publication Date
CN115102873A CN115102873A (en) 2022-09-23
CN115102873B true CN115102873B (en) 2022-11-18

Family

ID=83300503

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211013563.5A Active CN115102873B (en) 2022-08-23 2022-08-23 Data processing method and system based on IP address analysis

Country Status (1)

Country Link
CN (1) CN115102873B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018228408A1 (en) * 2017-06-16 2018-12-20 腾讯科技(深圳)有限公司 Method and apparatus for settling transaction, server, and storage medium
CN110807643A (en) * 2019-10-11 2020-02-18 支付宝(杭州)信息技术有限公司 User trust evaluation method, device and equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640608A (en) * 2009-04-13 2010-02-03 山石网科通信技术(北京)有限公司 Network action monitoring method
US11625723B2 (en) * 2020-05-28 2023-04-11 Paypal, Inc. Risk assessment through device data using machine learning-based network
CN111818093B (en) * 2020-08-28 2020-12-11 支付宝(杭州)信息技术有限公司 Neural network system, method and device for risk assessment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018228408A1 (en) * 2017-06-16 2018-12-20 腾讯科技(深圳)有限公司 Method and apparatus for settling transaction, server, and storage medium
CN110807643A (en) * 2019-10-11 2020-02-18 支付宝(杭州)信息技术有限公司 User trust evaluation method, device and equipment

Also Published As

Publication number Publication date
CN115102873A (en) 2022-09-23

Similar Documents

Publication Publication Date Title
Lam et al. ANT-centric IoT security reference architecture—Security-by-design for satellite-enabled smart cities
CN112199714B (en) Privacy protection method and device based on block chain and electronic equipment
CN110633963B (en) Electronic bill processing method, electronic bill processing device, computer readable storage medium and computer readable storage device
CN103795692B (en) Open authorization method, system and certification authority server
CN105187431B (en) Login method, server, client and the communication system of third-party application
Li et al. Inspecting edge data integrity with aggregate signature in distributed edge computing environment
US20080083039A1 (en) Method for integrity attestation of a computing platform hiding its configuration information
CN109936545A (en) The detection method and relevant apparatus of Brute Force attack
CN107332844B (en) Private information using method and personal credit assessment scoring method
CN110535648A (en) Electronic certificate is generated and verified and key controlling method, device, system and medium
CN110084600B (en) Processing and verifying method, device, equipment and medium for resolution transaction request
CN112199412B (en) Payment bill processing method based on block chain and block chain bill processing system
WO2020147426A1 (en) Blockchain-based information authorization method and device, medium and electronic apparatus
CN113435121B (en) Model training verification method, device, equipment and medium based on federal learning
CN111818093A (en) Neural network system, method and device for risk assessment
CN112434334A (en) Data processing method, device, equipment and storage medium
US11943210B2 (en) System and method for distributed, keyless electronic transactions with authentication
CN110502889A (en) Login method, device, computer readable storage medium and computer equipment
CN106101092A (en) A kind of information evaluation processing method and first instance
CN111461881A (en) Data management method and device, computer equipment and storage medium
He et al. DIV-SC: A data integrity verification scheme for centralized database using smart contract
CN115102873B (en) Data processing method and system based on IP address analysis
KR101120059B1 (en) Billing verifying apparatus, billing apparatus and method for cloud computing environment
CN113067802A (en) User identification method, device, equipment and computer readable storage medium
Ghali et al. Catrac: Context-aware trust-and role-based access control for composite web services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant