CN115811426A - Risk user identification method and device, electronic equipment and storage medium - Google Patents
Risk user identification method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115811426A CN115811426A CN202211466812.6A CN202211466812A CN115811426A CN 115811426 A CN115811426 A CN 115811426A CN 202211466812 A CN202211466812 A CN 202211466812A CN 115811426 A CN115811426 A CN 115811426A
- Authority
- CN
- China
- Prior art keywords
- risk
- network access
- user
- rule
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a method and a device for identifying a risk user, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring network access characteristics of a user to be identified; judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in the blacklist; if the user identification information accords with the risk identification information, determining that the user to be identified is a risk user; if not, judging whether a rule matched with the network access characteristic exists in a plurality of rules included in the preset rule module or not, wherein the plurality of rules included in the preset rule module are established according to the network access characteristic with the risk degree not higher than the risk degree threshold value; and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic. Therefore, the electronic equipment can rapidly identify the risk users, meanwhile, the identification success rate of the risk users is guaranteed, and safe and effective risk user identification is realized.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and an apparatus for identifying a risky user, an electronic device, and a storage medium.
Background
With the wide application of computer networks, the importance of network security is particularly prominent, and especially under the situation that the network structure is increasingly complicated, the boundary is increasingly blurred, and the threat form is increasingly diversified, the network risk prevention and control face a serious challenge.
Current internet companies need to guard against traditional risk types, such as: intrusion and attack by hackers also require protection against new types of risks brought by various new traffic patterns, such as: swiping volume, posting malicious comments and advertisements, paying fraud, etc. These risk types of actions initiated by risky users not only result in loss to regular users, but also negatively impact the image and reputation of the enterprise. Therefore, it is desirable to provide a safe and effective method for identifying a risky user.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a device for identifying a risk user, electronic equipment and a storage medium, so as to realize safe and effective risk user identification. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides a method for identifying a risky user, where the method includes:
acquiring network access characteristics of a user to be identified;
judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in a blacklist;
if the network access characteristics accord with the preset rules, determining the user to be identified as a risk user;
if the network access characteristics do not accord with the preset rules, judging whether rules matched with the network access characteristics exist in a plurality of rules included by a preset rule module or not, wherein the plurality of rules included by the preset rule module are established according to the network access characteristics of which the risk degree is not higher than a risk degree threshold value;
and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic.
Optionally, the step of determining whether a rule matching the network access characteristic exists in the plurality of rules included in the preset rule module includes:
and respectively judging whether a rule matched with the network access characteristic exists in a plurality of rules included in each preset rule module.
Optionally, the step of determining whether the user to be identified is a risk user according to the risk degree corresponding to the rule matched with the network access characteristic includes:
determining a risk score corresponding to the network access characteristic according to a corresponding relation between a preset rule and the risk score and each rule matched with the network access characteristic;
and when the risk score is larger than a preset score threshold value, determining that the user to be identified is a risk user.
Optionally, the step of determining a risk score corresponding to the network access characteristic according to a corresponding relationship between a preset rule and the risk score and each rule matched with the network access characteristic includes:
if a target rule exists in the rules matched with the network access characteristics, taking the risk score corresponding to the rule with the maximum corresponding risk score as the target risk score corresponding to a preset rule module to which the rule belongs, wherein the target rule is the rule belonging to the same preset rule module;
and determining the risk score corresponding to the network access characteristic according to the target risk score corresponding to each preset rule module.
Optionally, the preset rule module at least includes a general rule module and a customized rule module, where a rule in the general rule module is determined according to a common attribute characteristic of a network access feature of a risk user; the rules in the customized rule module are determined according to the requirements of users.
In a second aspect, an embodiment of the present invention provides an apparatus for identifying a risky user, where the apparatus includes:
the network access characteristic acquisition module is used for acquiring the network access characteristics of the user to be identified;
the first judgment module is used for judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in a blacklist;
a second judging module, configured to, if the judgment result of the first judging module is negative, judge whether a rule matching the network access characteristic exists in multiple rules included in a preset rule module, where the multiple rules included in the preset rule module are established according to the network access characteristic whose risk degree is not higher than a risk degree threshold;
the risk user determining module is used for determining the user to be identified as a risk user when the judgment result of the first judging module is yes; and when the judgment result of the second judgment module is yes, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic.
Optionally, the preset rule modules are multiple, the rules in each preset rule module are independent from each other, and the second judgment module is specifically configured to:
and respectively judging whether a rule matched with the network access characteristic exists in a plurality of rules included in each preset rule module.
Optionally, the risk user determining module includes:
the risk score determining unit is used for determining a risk score corresponding to the network access characteristic according to a corresponding relation between a preset rule and the risk score and each rule matched with the network access characteristic;
and the risk user determining unit is used for determining the user to be identified as a risk user when the risk score is larger than a preset score threshold.
Optionally, the risk score determining unit includes:
a target risk score determining subunit, configured to, when a target rule exists in the rules matched with the network access characteristics, take a risk score corresponding to a rule with a largest corresponding risk score as a target risk score corresponding to a preset rule module to which the rule belongs, where the target rule is a rule belonging to the same preset rule module;
and the risk score determining subunit is used for determining the risk score corresponding to the network access characteristic according to the target risk score corresponding to each preset rule module.
Optionally, the preset rule module at least includes a general rule module and a customized rule module, where a rule in the general rule module is determined according to a common attribute characteristic of a network access feature of a risk user; the rules in the customized rules module are determined according to the requirements of the user.
In a third aspect, an embodiment of the present invention provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor and the communication interface complete communication between the memory and the processor through the communication bus;
a memory for storing a computer program;
a processor, configured to implement the steps of the method for identifying a risky user according to any one of the first aspect described above when executing a program stored in the memory.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method for identifying a risky user according to any one of the above first aspects are implemented.
In the scheme provided by the embodiment of the invention, the electronic equipment can acquire the network access characteristics of the user to be identified; judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in the blacklist; if the network access characteristics accord with preset rules, determining the user to be identified as a risk user; if the network access characteristics do not accord with the preset rules, judging whether the rules matched with the network access characteristics exist in the rules included by the preset rule module, wherein the rules included by the preset rule module are established according to the network access characteristics of which the risk degree is not higher than the risk degree threshold value; and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic. Because the preset rule includes the network access characteristics of the risk users in the blacklist, and the risk degree of the part of the network access characteristics is higher, when the electronic device identifies the user to be accessed, whether the network access characteristics of the user to be identified accord with the preset rule or not can be judged firstly, so that whether the user to be identified is the risk user or not can be preliminarily determined. When the network access characteristics of the user to be identified accord with the preset rules, the risk degree of the user to be identified is higher, and the user to be identified can be directly determined as a risk user at the moment, so that a subsequent judgment process is not needed, the calculation resources are saved, and the identification efficiency of the risk user is improved. If the network access characteristics of the users to be identified are not matched with the rules included in the preset rule module, the electronic equipment can further judge whether the network access characteristics of the users to be identified are matched with the rules included in the preset rule module or not, and comprehensively determine whether the users to be identified are the risk users or not according to the risk degree corresponding to the matched rules, so that the identification success rate of the risk users is ensured. Therefore, the electronic equipment can rapidly identify the risk users, meanwhile, the identification success rate of the risk users is guaranteed, and safe and effective risk user identification is achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below.
Fig. 1 is a flowchart of a method for identifying a risky user according to an embodiment of the present invention;
FIG. 2 is a flow chart for determining a risky user based on the embodiment shown in FIG. 1;
FIG. 3 is a flow chart for determining a risk score based on the embodiment shown in FIG. 2;
fig. 4 is a schematic diagram of a method for identifying a risky user according to the embodiment shown in fig. 1;
fig. 5 is a schematic structural diagram of an apparatus for identifying a risky user according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
In order to realize safe and effective risk user identification, the embodiment of the invention provides a risk user identification method, a risk user identification device, an electronic device, a computer readable storage medium and a computer program product. First, a method for identifying a risky user according to an embodiment of the present invention is described below.
The method for identifying a risky user provided by the embodiment of the present invention can be applied to any electronic device that needs to identify a risky user, for example, the electronic device can be a server, a terminal, and the like, and is not limited specifically herein. For clarity of description, hereinafter referred to as electronic device.
As shown in fig. 1, a method for identifying a risky user includes:
s101, obtaining the network access characteristics of the user to be identified.
S102, judging whether the network access characteristics accord with preset rules or not.
And the preset rule is established according to the network access characteristics of the risk users recorded in the blacklist.
S103, if the network access characteristics accord with the preset rules, determining that the user to be identified is a risk user.
And S104, if the network access characteristics do not accord with the preset rules, judging whether rules matched with the network access characteristics exist in a plurality of rules included in a preset rule module.
The preset rule module comprises a plurality of rules which are established according to the network access characteristics of which the risk degree is not higher than the risk degree threshold value.
And S105, if yes, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic.
Therefore, in the scheme provided by the embodiment of the invention, the electronic equipment can acquire the network access characteristics of the user to be identified; judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in the blacklist; if the network access characteristics accord with preset rules, determining the user to be identified as a risk user; if the network access characteristics do not accord with the preset rules, judging whether the rules matched with the network access characteristics exist in the rules included by the preset rule module, wherein the rules included by the preset rule module are established according to the network access characteristics of which the risk degree is not higher than the risk degree threshold value; and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic. Because the preset rules include the network access characteristics of the risk users in the blacklist, and the risk degree of the part of the network access characteristics is higher, when the electronic device identifies the user to be accessed, whether the network access characteristics of the user to be identified meet the preset rules or not can be judged firstly, so that whether the user to be identified is the risk user or not can be preliminarily determined. When the network access characteristics of the user to be identified accord with the preset rules, the risk degree of the user to be identified is higher, and the user to be identified can be directly determined as a risk user at the moment, so that a subsequent judgment process is not needed, the calculation resources are saved, and the identification efficiency of the risk user is improved. If the network access characteristics of the users to be identified are not matched with the rules included in the preset rule module, the electronic equipment can further judge whether the network access characteristics of the users to be identified are matched with the rules included in the preset rule module or not, and comprehensively determine whether the users to be identified are the risk users or not according to the risk degree corresponding to the matched rules, so that the identification success rate of the risk users is ensured. Therefore, the electronic equipment can rapidly identify the risk users, meanwhile, the identification success rate of the risk users is guaranteed, and safe and effective risk user identification is achieved.
In order to realize safe and effective risk user identification, the electronic device may acquire the network access characteristic of the user to be identified when the user to be identified initiates a network access request or when the user to be identified performs network access, and determine whether the user to be identified is a risk user or not through the network access characteristic.
The network access characteristics of the user to be identified may include: information of a device used by the user to be identified, IP address information of the user to be identified, account information of the user to be identified, location information of the user to be identified, a historical access request initiated by the user to be identified, and the like, which are not specifically limited herein.
It should be noted that, in the technical solution of the present invention, the operations of obtaining, storing, using, processing, providing, and the like of the network access feature of the user to be identified are all performed when the authorization of the user to be identified is obtained.
Because the risk users determined in the history identification process are recorded in the blacklist, and the risk degree of the network access characteristics of the part of users is very high, a preset rule can be established according to the network access characteristics of the risk users recorded in the blacklist. For example, the IP address of the risky user recorded in the blacklist is used as the network access characteristic that the risk degree is higher than the threshold value, and then a preset rule is established according to the IP address of the risky user. The risk degree of the network access characteristic reflects a threat degree of network security of a user having the network access characteristic when performing network access, and may be specifically represented in the form of a risk score or a risk level.
Furthermore, the preset rule established according to the network access characteristics of the risk users recorded in the blacklist can be stored in the electronic device in advance, so that after the network access characteristics of the user to be identified are obtained, the electronic device can firstly judge whether the network access characteristics of the user to be identified meet the preset rule, and then preliminarily judge whether the user to be identified is a risk user.
For example, the electronic device may determine whether each IP address in the preset rule exists in the same IP address as the IP address of the user to be identified, so as to determine whether the network access characteristic of the user to be identified meets the preset rule. The electronic device may also determine each MAC address in the preset rule, and determine whether there is an MAC address that is the same as the MAC address of the device used by the user to be identified, so as to determine whether the network access characteristic of the user to be identified meets the preset rule.
In an embodiment, because the risk degrees corresponding to the same network access characteristic are different in different service scenarios, when the preset rule is established, except that the preset rule may be established according to the network access characteristics of the risk users recorded in the blacklist, the network access characteristic of which the corresponding risk degree is higher than the threshold value may be determined for each service scenario in advance, and then the preset rule corresponding to each service scenario is respectively established according to the network access characteristics of the risk users recorded in the blacklist and the preset network access characteristics of which the risk degree corresponding to each service scenario is higher than the threshold value.
For example, when a risk user of a traffic-swiping type is identified, the second broadcast IP and the network access feature of which the risk degree in the service scene is higher than the threshold value may be used as the network access feature of which the initiation time interval of the access request is smaller than the preset time interval, and then the preset rule corresponding to the traffic-swiping identification service scene may be established according to the second broadcast IP and the network access feature of the risk user recorded in the blacklist and the network access feature of the risk user of which the initiation time interval of the access request is smaller than the preset time interval.
Because the preset rule is established according to the network access characteristic with higher risk degree, if the network access characteristic of the user to be identified accords with the preset rule, the user to be identified is most likely to be a risk user, under the condition, in order to avoid the influence of the network access behavior of the user to be identified on the network security, the electronic equipment can directly determine the user to be identified as the risk user, and then refuses the network access behavior of the user to be identified, and a subsequent judgment process is not needed, so that the computing resource is saved, and the identification efficiency of the risk user is improved.
In this case, in order to avoid the occurrence of a false judgment on the risky user, the electronic device may further determine whether a rule matching the network access characteristic exists in the plurality of rules included in the preset rule module.
The rules included in the preset rule module may be established according to network access characteristics with risk degrees not higher than a threshold, for example, high-risk software is installed on a device of a user, an account of the user is not named in real, and an IP address of the user is a public IP address.
In the case that the risk degree is characterized in the form of a risk score, the fact that the risk degree of the network access feature is not higher than the threshold value may mean that the risk score of the network access feature is not higher than a preset threshold value, and the preset threshold value may be set by a user according to experience and a specific quantitative standard, and is not specifically limited herein. For example, the user sets the maximum value of the risk score to be 100 points, the minimum value to be 0 points and the score of the network access feature with high risk to be greater than 80 points according to experience and specific quantitative criteria, and then when the risk score of the network access feature is not greater than 80 points, it can be determined that the risk degree of the network access feature is not greater than the preset threshold.
In the case that the risk degree is characterized in the form of a risk level, the fact that the risk degree of the network access characteristic is not higher than the threshold value may mean that the risk level of the network access characteristic is not higher than a preset level, and the preset level may be set by a user according to experience and a specific quantitative standard, and is not specifically limited herein. For example, if the user sets each risk level to be a high risk level, a medium risk level, and a low risk level according to experience and specific quantitative criteria, it may be determined that the risk level of the net access feature is not higher than the preset threshold when the risk level of the net access feature is the medium risk level or the low risk level.
If the rules matched with the network access characteristics of the user to be identified do not exist in the rules included in the preset rule module, the user to be identified is represented as not a risk user, and at this time, the electronic device may release the access request of the user to be identified or continue to provide network access service for the user to be identified, so that the user to be identified performs normal network access service.
If a rule matched with the network access characteristic of the user to be identified exists in the rules included in the preset rule module, the user to be identified is represented as a risk user possibly, and at the moment, whether the user to be identified is the risk user can be comprehensively judged according to the risk degree corresponding to the rule matched with the network access characteristic of the user to be identified.
For example, in the case that the risk degree is characterized in the form of a risk score, the electronic device may determine, in the preset rule module, a risk score corresponding to each rule matched with the network access feature of the user to be identified, take a sum of the risk scores of each rule matched with the network access feature of the user to be identified as a total risk score of the user to be identified, compare the total risk score with a preset score threshold, and determine that the user to be identified is a risk user when the total risk score is greater than the preset score threshold.
For another example, in a case that the risk degree is characterized in a risk level form, the electronic device may determine, in the preset rule module, a risk level corresponding to each rule matched with the network access feature of the user to be identified, and further determine, in each rule matched with the network access feature of the user to be identified, the number of rules with medium risk level and low risk level, compare the number of rules with medium risk level and low risk level with the corresponding preset number threshold, respectively, and determine that the user to be identified is a risk user when the number of rules with medium risk level is greater than the corresponding preset number threshold and/or the number of rules with low risk level is greater than the corresponding preset number threshold.
Therefore, in the embodiment of the invention, the electronic equipment can firstly judge whether the network access characteristics of the user to be identified accord with the preset rules, and if so, the user to be identified is directly determined as the risk user without carrying out subsequent judging processes, so that the computing resources are saved, and the identification efficiency of the risk user is improved. If the user identification information does not meet the preset rules, whether the user to be identified is a risk user or not can be accurately judged by judging whether the rules matched with the network access characteristics exist in the plurality of rules included in the preset rule module or not.
As an implementation manner of the embodiment of the present invention, the preset rule module may include a plurality of preset rule modules, rules in each preset rule module are independent from each other, and the step of determining whether a rule matching the network access characteristic exists in the plurality of rules included in the preset rule module may include:
and respectively judging whether a rule matched with the network access characteristic exists in a plurality of rules included in each preset rule module.
Because the number of the preset rule modules can be multiple, and the rules in each preset rule module are independent from each other, when the electronic device judges whether a rule matched with the network access characteristic exists in the multiple rules included in the preset rule module, the electronic device can respectively judge whether a rule matched with the network access characteristic exists in the multiple rules included in each preset rule module.
In one embodiment, the preset rule module may include: the system comprises an equipment rule module, an environment rule module, an account rule module, a conflict rule module and the like.
The rules in the device rule module are established according to the device attributes of the risky user, for example, each rule in the device rule module may be that high-risk software is installed on the device of the user, the device of the user has tampering information, and the like.
The rules in the environment rule module are established according to the environment attributes of the risky users, for example, each rule in the environment rule module may be that the IP address of the user is a public address, the current network environment of the user has a potential risk, and so on.
The rules in the account rule module are established according to account attributes of the risky user, for example, the rules in the account rule module may be registered in a mailbox for an account registration mode of the user, the account of the user is not in a real name system, and the account of the user is a non-member.
The rules in the conflict rule module are established according to the inconsistency between the same attribute information of the risk users, for example, the rules in the conflict rule module may be that the IP attribution of the user is inconsistent with the mobile phone number attribution, the standing address of the user is inconsistent with the current address, and the like.
Correspondingly, when the preset rule modules include the device rule module, the environment rule module, the account rule module and the conflict rule module, the electronic device may respectively determine whether a rule matching the network access characteristic exists in the device rule module, the environment rule module, the account rule module and the conflict rule module when respectively determining whether a rule matching the network access characteristic exists in a plurality of rules included in each preset rule module.
It can be seen that, in the embodiment of the present invention, the number of the preset rule modules may be multiple, the rules in each preset rule module are independent from each other, and when determining whether a rule matching the network access feature exists in the multiple rules included in the preset rule module, the electronic device may respectively determine whether a rule matching the network access feature exists in the multiple rules included in each preset rule module. On one hand, for some service scenarios that only need to judge the network access characteristics of part of types of users to be identified, the electronic device can only match the network access characteristics of the part of types with the rules in the corresponding preset rule modules, and does not need to match all the preset rule modules, so that the computing resources are saved, and the identification efficiency of the risk users is improved. On the other hand, because the rules in each preset rule module are independent, the subsequent independent optimization and updating can be carried out only aiming at a specific certain preset rule module, and the problem of interference caused by pulling and moving the whole body is avoided.
As an implementation manner of the embodiment of the present invention, as shown in fig. 2, the step of determining whether the user to be identified is a risky user according to a risk degree corresponding to a rule matched with the network access characteristic may include:
s201, determining a risk score corresponding to the network access characteristic according to a corresponding relation between a preset rule and the risk score and each rule matched with the network access characteristic;
after determining each rule matched with the network access characteristic of the user to be identified by respectively judging whether a rule matched with the network access characteristic exists in the plurality of rules included in each preset rule module, the electronic device may determine a risk score corresponding to each rule matched with the network access characteristic of the user to be identified according to a corresponding relationship between the preset rule and the risk score, and further determine a risk score corresponding to the network access characteristic.
In one embodiment, after determining the risk score corresponding to each rule matched with the network access characteristic of the user to be identified, the electronic device may directly add the risk scores corresponding to each rule, and the sum of the obtained risk scores is the risk score corresponding to the network access characteristic.
For example, the rule matched with the network access feature of the user to be identified, which is determined by the electronic device, is: the risk score corresponding to the device rule A1 is 70 scores, and the risk score corresponding to the account rule C3 is 50 scores, so that the risk score corresponding to the device rule A1 and the risk score corresponding to the account rule C3 can be added by the electronic device, the sum of the risk scores is 120 scores, and at this time, the risk score corresponding to the network access feature of the user to be identified is 120 scores.
In another embodiment, when determining whether a user to be identified is a risky user in different business scenarios, the importance degrees corresponding to different preset rule modules are different, for example, when identifying a risky user of a swipe type, the account rule module plays an important role, and when identifying a risky user of a payment fraud type, the environment rule module and the conflict rule module play an important role.
Therefore, corresponding risk weights can be preset for each preset rule module in different business scenes, and after the risk score corresponding to each rule matched with the network access characteristics of the user to be identified is determined, the electronic equipment can perform weighted summation on the risk scores of the rules according to the corresponding relation between the preset rule modules and the risk weights in the current business scene to obtain the risk score corresponding to the network access characteristics.
For example, in a business scenario of identifying a risk user of a brushing amount type, risk weights corresponding to an equipment rule module, an environment rule module, an account rule module and a conflict rule module are respectively 0.2, 0.5 and 0.1, after it is determined that risk scores corresponding to an equipment rule A1 and an account rule C3 which are matched with a network access characteristic of a user to be identified are respectively 70 minutes and 50 minutes, according to the risk weights corresponding to the equipment rule module and the account rule module in the current business scenario of identifying a risk user of a brushing amount type, the risk score corresponding to the equipment rule A1 and the risk score corresponding to the account rule C3 are summed, and a risk score corresponding to the network access characteristic is calculated to be 39 minutes.
S202, when the risk score is larger than a preset score threshold value, determining that the user to be identified is a risk user.
After determining the risk score corresponding to the network access characteristic, the electronic device may compare the risk score with a preset score threshold, and when the risk score is greater than the preset score threshold, it indicates that the risk degree of the user to be identified is relatively high, and may determine the user to be identified as a risk user and refuse the network access behavior of the user to be identified. When the risk score is not greater than the preset score threshold, it indicates that the risk of the user to be identified is relatively low, and the user to be identified can be determined as a non-risk user, and receives an access request of the user to be identified, or continues to provide network access service for the user to be identified, so that the user to be identified performs normal network access service.
The preset scoring threshold may be set correspondingly according to specific use requirements, a specific service scenario, and a risk scoring calculation manner, which is not specifically limited herein. For example, the preset score threshold may be 50 points, and the total risk score of the user to be identified is 39 points by performing weighted summation on each rule matched with the network access feature of the user to be identified, then the electronic device may determine that the user to be identified is not a risk user, and further receive an access request of the user to be identified, or continue to provide a network access service for the user to be identified, so that the user to be identified performs a normal network access service.
Therefore, in the embodiment of the invention, after the electronic device determines each rule matched with the network access characteristic of the user to be identified, the risk score corresponding to the network access characteristic can be determined according to the corresponding relation between the preset rule and the risk score, and then whether the user to be identified is a risk user can be determined by judging whether the risk score is larger than the preset score threshold value. When the user to be identified is judged to be the risk user, each rule which is accorded with the network access characteristics of the user to be identified and the risk score corresponding to each rule are comprehensively considered, so that the obtained judgment result is more reasonable and accurate.
As an implementation manner of the embodiment of the present invention, as shown in fig. 3, the step of determining the risk score corresponding to the network access characteristic according to the corresponding relationship between the preset rule and the risk score and each rule matched with the network access characteristic may include:
s301, if a target rule exists in the rules matched with the network access characteristics, taking the risk score corresponding to the rule with the maximum corresponding risk score as the target risk score corresponding to the preset rule module to which the rule belongs;
because the multiple rules in the same preset rule module include the same type of network access features of the risk users, when judging whether the multiple rules included in the preset rule module have the rules matched with the network access features, the situation that the network access features are simultaneously matched with the multiple rules in the same preset rule module can occur, at the moment, the electronic equipment performs superposition operation on the same type of network access features, so that the obtained risk score is higher, the actual risk level does not accord with the actual risk level, and the situation of misjudgment is easy to occur.
Therefore, after determining the rules matched with the network access characteristics, the electronic device may determine whether the rules matched with the network access characteristics exist in the rules matched with the network access characteristics, that is, determine that the rules matched with the network access characteristics exist in the target rules. If the risk score exists, the risk score corresponding to the rule with the maximum risk score can be used as the target risk score corresponding to the preset rule module to which the rule belongs.
For example, after the electronic device determines that the rules matched with the network access features are the device rule A1, the device rule A3, the environment rule B2, the account rule C4, the conflict rule D1, the conflict rule D3, and the conflict rule D5, it may further determine whether the rules belong to the same preset rule module.
And then the electronic device determines that the device rule A1 and the device rule A3 belong to the same preset rule module, namely, the rule of the device rule module, and the conflict rule D1, the conflict rule D3 and the conflict rule D5 belong to the same preset rule module, namely, the rule of the conflict rule module, and then the electronic device can further determine that the risk scores corresponding to the device rule A1, the device rule A3, the conflict rule D1, the conflict rule D3 and the conflict rule D5 are respectively according to the corresponding relationship between the preset rule and the risk score: 70 minutes, 50 minutes, 34 minutes, 48 minutes and 65 minutes.
Because the device rule A1 is a rule with the largest corresponding risk score matched with the network access feature in the device rule module, and the conflict rule D5 is a rule with the largest corresponding risk score matched with the network access feature in the conflict rule module, the electronic device may use the risk score 70 corresponding to the device rule A1 as the target risk score corresponding to the device rule module to which the device rule A1 belongs, and use the risk score 65 corresponding to the conflict rule D5 as the target risk score corresponding to the conflict rule module to which the conflict rule D5 belongs.
S302, according to the target risk scores corresponding to the preset rule modules, determining the risk scores corresponding to the network access characteristics.
For the environment rule module and the account rule module, because only one rule in the rules is matched with the network access characteristics, the risk score corresponding to the environment rule B2 can be directly used as the risk score corresponding to the environment rule module to which the environment rule B2 belongs, and the risk score corresponding to the account rule C4 can be used as the risk score corresponding to the account rule module to which the account rule C4 belongs.
Further, the electronic device may determine, according to a corresponding relationship between preset rules and risk scores, that the risk score corresponding to the environment rule B2 is 52, determine 52 as a risk score corresponding to the environment rule module, determine 38 as a risk score corresponding to the account rule C4, determine 38 as a risk score corresponding to the account rule module, and determine 70 as a risk score corresponding to the device rule module and 65 as a risk score corresponding to the conflict rule module in combination with the above steps, thereby determining a risk score corresponding to the network access feature.
For the way of determining the risk score corresponding to the network access feature according to the risk score corresponding to each preset rule module, refer to the above-mentioned corresponding relationship between the preset rule and the risk score and the discussion of determining the risk score corresponding to the network access feature according to each rule matched with the network access feature, which is not described herein again.
In the embodiment of the present invention, when multiple rules matched with the network access characteristics exist in the same preset rule module, the electronic device may determine, according to the corresponding relationship between the preset rules and the risk scores, the risk score corresponding to each rule matched with the network access characteristics in each preset rule module, and select the risk score of the rule with the largest risk score as the risk score corresponding to the preset rule module to which the rule belongs. Therefore, the electronic equipment can not perform superposition operation on all rules in the same preset rule module, the condition that the risk score is high due to the fact that the rules of the same type are easily matched for many times and are not accordant with the actual risk level, and misjudgment is easily caused is avoided.
As an implementation manner of the embodiment of the present invention, the preset rule module may at least include a general rule module and a customized rule module, where a rule in the general rule module is determined according to a common attribute characteristic of a network access feature of a risk user; the rules in the customized rules module are determined according to the needs of the user.
The preset rule modules in the electronic equipment can be divided into at least two types according to the rule determining mode, namely a universal rule module determined according to the common attribute characteristics of the network access characteristics of the risk users and a customized rule module determined according to the user requirements.
For example, if the high-risk software is generally installed on the equipment of the risk user, the high-risk software installed on the equipment can be used as a common attribute characteristic of the network access characteristics of the risk user, and then a general rule can be determined according to the common attribute characteristic, that is, the high-risk software is installed on the equipment of the user.
For another example, if the user finds a new risk type in the identification process of the risk user, or a new requirement is generated in the identification process of the risk user, a rule may be set according to the actual requirement for use, and the rule is a customized rule.
Correspondingly, in an embodiment, the preset rule module in the electronic device may be first divided into a general rule module and a customized rule module according to a rule determination manner, the general rule module may be further divided into an equipment rule module, an environment rule module, an account rule module and a conflict rule module according to a rule type, and the customized rule module may not be further divided, or may be further divided into an equipment rule module, an environment rule module, an account rule module and a conflict rule module according to a rule type in the general rule module.
Therefore, in the embodiment of the invention, when the preset rule module comprises the universal rule module, the rule in the universal rule module is determined according to the common attribute characteristics of the network access characteristics of the risk users, so that the universal rule module can be suitable for identifying the risk users in different service scenes, and the cost of repeated construction is saved. When the preset rule module comprises the customized rule module, the rules in the customized rule module are determined according to the requirements of the user, so that the identification process of the risk user can be more flexible, and the application range is wider.
For the convenience of understanding the solution of the present invention, the method for identifying a risky user in the present invention is described in detail below by taking fig. 4 as an example, specifically:
as shown in fig. 4, after receiving an access request of a user to be identified, the electronic device may match a network access characteristic of the user to be identified with a blocking rule 1, a blocking rule 2, a blocking rule 3, and the like of a blocking layer, that is, determine whether the network access characteristic meets a preset rule, if so, determine that the matching is successful, output a decision result, and determine that the user to be identified is a risk user.
And if the matching is unsuccessful, matching the network access characteristics of the user to be identified with the general rules of the general layer and the customized rules of the customized layer in parallel, namely judging whether rules matched with the network access characteristics exist in a plurality of rules included in a preset rule module, wherein the preset rule module comprises a general rule module and a customized rule module.
The universal layer can comprise a plurality of modules such as an equipment module, an environment module, an account module and a conflict module, the equipment module can comprise universal rules such as universal rules A1, A2 and A3 related to equipment attributes of the risky users, the environment module can comprise universal rules such as universal rules B1, B2 and B3 related to environment attributes of the risky users, the account module can comprise universal rules such as universal rules C1, C2 and C3 related to account attributes of the risky users, the conflict module can comprise universal rules such as universal rules D1, D2 and D3 related to inconsistency between the same attribute information of the risky users, and the customization layer comprises rules such as customization rules 1, customization rules 2 and customization rules 3 set by the users according to actual use requirements.
The universal rule module comprises an equipment rule module, an environment rule module, an account rule module and a conflict rule module, the equipment rule module, the environment rule module, the account rule module and the conflict rule module respectively comprise a plurality of rules, and the customized rule module comprises a plurality of rules.
And finally, in a decision layer, the electronic equipment can sum the maximum score of each module with the customized score, namely, the maximum risk score corresponding to each rule matched with the network access characteristics in each preset rule module in the general rule module is summed with the risk score corresponding to each rule matched with the network access characteristics in the customized rule module, so as to obtain the total risk score of the user to be identified, then whether the total risk score is greater than a preset risk score threshold value is judged, if so, a decision result is output, and the user to be identified is determined to be a risk user.
Therefore, in the embodiment of the invention, the electronic equipment can match the network access characteristics of the user to be identified with the preset rules, and if the matching is successful, the user to be identified is directly determined as the risk user without performing the subsequent judgment process, so that the computing resources are saved, and the identification efficiency of the risk user is improved. If not, whether a rule matched with the network access characteristic exists in a plurality of rules included in the preset rule module or not can be further judged so as to accurately judge whether the user to be identified is a risk user or not.
Meanwhile, the rules in the universal rule module are determined according to the common attribute characteristics of the network access characteristics of the risk users, so that the universal rule module can be suitable for identifying the risk users in different service scenes, and the cost of repeated construction is saved. Because the rules in the customized rule module are determined according to the requirements of the users, the identification process of the risk users can be more flexible, and the application range is wider.
And because the preset rule modules can be multiple, the rules in each preset rule module are independent, and when the electronic device judges whether a rule matched with the network access characteristic exists in the multiple rules included in the preset rule module, the electronic device can respectively judge whether a rule matched with the network access characteristic exists in the multiple rules included in each preset rule module. On one hand, for some service scenarios only requiring judgment of the network access characteristics of part of types of users to be identified, the electronic device can match the network access characteristics of the part of types with the rules in the corresponding preset rule modules, and does not need to adopt all the preset rule modules for matching, so that the computing resources are saved, and the identification efficiency of the risk users is improved. On the other hand, because the rules in each preset rule module are independent from each other, the rules can be optimized and updated only for a specific preset rule module in the follow-up process, and the problem of interference caused by pulling and moving the whole body is avoided.
In addition, under the condition that a plurality of rules matched with the network access characteristics exist in the same preset rule module, the electronic equipment can determine the risk score corresponding to each rule matched with the network access characteristics in each preset rule module according to the corresponding relation between the preset rules and the risk scores, and select the risk score of the rule with the maximum risk score as the risk score corresponding to the preset rule module to which the rule belongs. Therefore, the electronic equipment can not perform superposition operation on all rules in the same preset rule module, the condition that the risk score is high due to the fact that the rules of the same type are easily matched for many times and are not accordant with the actual risk level, and misjudgment is easy to occur is avoided.
Corresponding to the method for identifying the risky user, the embodiment of the invention also provides a device for identifying the risky user. The following describes an apparatus for identifying a risky user according to an embodiment of the present invention.
As shown in fig. 5, an apparatus for identifying a risky user, the apparatus comprising:
a network access characteristic obtaining module 510, configured to obtain a network access characteristic of a user to be identified;
a first determining module 520, configured to determine whether the network access characteristic meets a preset rule, where the preset rule is established according to the network access characteristic of the risk user recorded in a blacklist;
a second determining module 530, configured to determine whether a rule matching the network access characteristic exists in multiple rules included in a preset rule module when a determination result of the first determining module is negative, where the multiple rules included in the preset rule module are established according to the network access characteristic whose risk degree is not higher than a risk degree threshold;
a risk user determining module 540, configured to determine that the user to be identified is a risk user if a determination result of the first determining module is yes; and when the judgment result of the second judgment module is yes, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic.
Therefore, in the scheme provided by the embodiment of the invention, the electronic equipment can acquire the network access characteristics of the user to be identified; judging whether the network access characteristics conform to preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in the blacklist; if the network access characteristics accord with preset rules, determining the user to be identified as a risk user; if the network access characteristics do not accord with the preset rules, judging whether the rules matched with the network access characteristics exist in the rules included by the preset rule module, wherein the rules included by the preset rule module are established according to the network access characteristics of which the risk degree is not higher than the risk degree threshold value; and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic. Because the preset rule includes the network access characteristics of the risk users in the blacklist, and the risk degree of the part of the network access characteristics is higher, when the electronic device identifies the user to be accessed, whether the network access characteristics of the user to be identified accord with the preset rule or not can be judged firstly, so that whether the user to be identified is the risk user or not can be preliminarily determined. When the network access characteristics of the user to be identified accord with the preset rules, the risk degree of the user to be identified is higher, and the user to be identified can be directly determined as a risk user at the moment, so that a subsequent judgment process is not needed, the calculation resources are saved, and the identification efficiency of the risk user is improved. If the network access characteristics of the user to be identified are not matched with the rules included in the preset rule module, the electronic equipment can further judge whether the network access characteristics of the user to be identified are matched with the rules included in the preset rule module or not, and comprehensively determine whether the user to be identified is a risk user or not according to the risk degree corresponding to the matched rules, so that the identification success rate of the risk user is ensured. Therefore, the electronic equipment can rapidly identify the risk users, meanwhile, the identification success rate of the risk users is guaranteed, and safe and effective risk user identification is achieved.
As an implementation manner of the embodiment of the present invention, the number of the preset rule modules is multiple, rules in each preset rule module are independent from each other, and the second determining module 530 may be specifically configured to:
and respectively judging whether a rule matched with the network access characteristic exists in a plurality of rules included in each preset rule module.
As an implementation manner of the embodiment of the present invention, the risk user determining module 540 may include:
the risk score determining unit is used for determining a risk score corresponding to the network access characteristic according to a corresponding relation between a preset rule and the risk score and each rule matched with the network access characteristic;
and the risk user determining unit is used for determining the user to be identified as a risk user when the risk score is larger than a preset score threshold.
As an implementation manner of the embodiment of the present invention, the risk score determining unit may include:
a target risk score determining subunit, configured to, when a target rule exists in the rules matched with the network access characteristics, take a risk score corresponding to a rule with a largest risk score as a target risk score corresponding to a preset rule module to which the rule belongs, where the target rule is a rule belonging to the same preset rule module;
and the risk score determining subunit is used for determining the risk score corresponding to the network access characteristic according to the target risk score corresponding to each preset rule module.
As an implementation manner of the embodiment of the present invention, the preset rule module at least includes a general rule module and a customized rule module, wherein a rule in the general rule module is determined according to a common attribute characteristic of a network access characteristic of a risk user; the rules in the customized rule module are determined according to the requirements of users.
As an implementation manner of the embodiment of the present invention, the apparatus may further include:
and the network access behavior refusing module is used for refusing the network access behavior of the user to be identified after the user to be identified is determined to be the risk user.
An embodiment of the present invention further provides an electronic device, as shown in fig. 6, including a processor 601, a communication interface 602, a memory 603, and a communication bus 604, where the processor 601, the communication interface 602, and the memory 603 complete mutual communication through the communication bus 604,
a memory 603 for storing a computer program;
the processor 601 is configured to implement the steps of the method for identifying a risky user according to any of the embodiments described above when executing the program stored in the memory 603.
Therefore, in the scheme provided by the embodiment of the invention, the electronic equipment can acquire the network access characteristics of the user to be identified; judging whether the network access characteristics conform to preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in the blacklist; if the network access characteristics accord with preset rules, determining the user to be identified as a risk user; if the network access characteristics do not accord with the preset rules, judging whether the rules matched with the network access characteristics exist in the rules included by the preset rule module, wherein the rules included by the preset rule module are established according to the network access characteristics of which the risk degree is not higher than the risk degree threshold value; and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic. Because the preset rules include the network access characteristics of the risk users in the blacklist, and the risk degree of the part of the network access characteristics is higher, when the electronic device identifies the user to be accessed, whether the network access characteristics of the user to be identified meet the preset rules or not can be judged firstly, so that whether the user to be identified is the risk user or not can be preliminarily determined. When the network access characteristics of the user to be identified accord with the preset rules, the risk degree of the user to be identified is higher, the user to be identified can be directly determined as a risk user at the moment, a subsequent judgment process is not needed, the calculation resources are saved, and the identification efficiency of the risk user is improved. If the network access characteristics of the user to be identified are not matched with the rules included in the preset rule module, the electronic equipment can further judge whether the network access characteristics of the user to be identified are matched with the rules included in the preset rule module or not, and comprehensively determine whether the user to be identified is a risk user or not according to the risk degree corresponding to the matched rules, so that the identification success rate of the risk user is ensured. Therefore, the electronic equipment can rapidly identify the risk users, meanwhile, the identification success rate of the risk users is guaranteed, and safe and effective risk user identification is achieved.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM), and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In another embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the method for identifying a risky user as described in any one of the above embodiments.
In yet another embodiment, the present invention further provides a computer program product containing instructions which, when run on a computer, cause the computer to perform the method for identifying an at risk user as described in any of the above embodiments.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to be performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on differences from other embodiments. In particular, for the apparatus, the electronic device, the computer-readable storage medium, and the computer program product embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiments.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A method for identifying an at-risk user, the method comprising:
acquiring network access characteristics of a user to be identified;
judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in the blacklist;
if the network access characteristics accord with the preset rules, determining that the user to be identified is a risk user;
if the network access characteristics do not accord with the preset rules, judging whether rules matched with the network access characteristics exist in a plurality of rules included by a preset rule module, wherein the plurality of rules included by the preset rule module are established according to the network access characteristics of which the risk degree is not higher than a risk degree threshold value;
and if so, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic.
2. The method according to claim 1, wherein the preset rule module includes a plurality of preset rule modules, the rules in each preset rule module are independent from each other, and the step of determining whether a rule matching the network access characteristic exists in the plurality of rules included in the preset rule module includes:
and respectively judging whether a rule matched with the network access characteristic exists in a plurality of rules included in each preset rule module.
3. The method of claim 2, wherein the step of determining whether the user to be identified is a risky user according to a risk level corresponding to the rule matching the network access characteristic comprises:
determining a risk score corresponding to the network access characteristic according to a corresponding relation between a preset rule and the risk score and each rule matched with the network access characteristic;
and when the risk score is larger than a preset score threshold value, determining that the user to be identified is a risk user.
4. The method according to claim 3, wherein the step of determining the risk score corresponding to the network access characteristic according to the preset correspondence between the rule and the risk score and each rule matched with the network access characteristic comprises:
if a target rule exists in the rules matched with the network access characteristics, taking the risk score corresponding to the rule with the maximum risk score as a target risk score corresponding to a preset rule module to which the rule belongs, wherein the target rule is the rule belonging to the same preset rule module;
and determining a risk score corresponding to the network access characteristic according to the target risk score corresponding to each preset rule module.
5. The method according to any one of claims 2 to 4, wherein the preset rule module at least comprises a general rule module and a customized rule module, wherein the rules in the general rule module are determined according to the common attribute characteristics of the network access characteristics of the risk users; the rules in the customized rule module are determined according to the requirements of users.
6. An apparatus for identifying an at risk user, the apparatus comprising:
the network access characteristic acquisition module is used for acquiring the network access characteristics of the user to be identified;
the first judgment module is used for judging whether the network access characteristics accord with preset rules or not, wherein the preset rules are established according to the network access characteristics of the risk users recorded in a blacklist;
the second judgment module is used for judging whether a rule matched with the network access characteristic exists in a plurality of rules included by a preset rule module when the judgment result of the first judgment module is negative, wherein the plurality of rules included by the preset rule module are established according to the network access characteristic of which the risk degree is not higher than the risk degree threshold value;
the risk user determining module is used for determining the user to be identified as a risk user when the judgment result of the first judging module is yes; and when the judgment result of the second judgment module is yes, determining whether the user to be identified is a risk user or not according to the risk degree corresponding to the rule matched with the network access characteristic.
7. The apparatus of claim 6, wherein the at-risk user determination module comprises:
the risk score determining unit is used for determining a risk score corresponding to the network access characteristic according to a corresponding relation between a preset rule and the risk score and each rule matched with the network access characteristic;
and the risk user determining unit is used for determining the user to be identified as a risk user when the risk score is larger than a preset score threshold.
8. The apparatus of claim 7, wherein the risk score determination unit comprises:
a target risk score determining subunit, configured to, when a target rule exists in the rules matched with the network access characteristics, take a risk score corresponding to a rule with a largest risk score as a target risk score corresponding to a preset rule module to which the rule belongs, where the target rule is a rule belonging to the same preset rule module;
and the risk score determining subunit is used for determining the risk score corresponding to the network access characteristic according to the target risk score corresponding to each preset rule module.
9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication between the processor and the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1 to 5 when executing a program stored in the memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of the claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211466812.6A CN115811426A (en) | 2022-11-22 | 2022-11-22 | Risk user identification method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211466812.6A CN115811426A (en) | 2022-11-22 | 2022-11-22 | Risk user identification method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115811426A true CN115811426A (en) | 2023-03-17 |
Family
ID=85483715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211466812.6A Pending CN115811426A (en) | 2022-11-22 | 2022-11-22 | Risk user identification method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115811426A (en) |
-
2022
- 2022-11-22 CN CN202211466812.6A patent/CN115811426A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109327439B (en) | Risk identification method and device for service request data, storage medium and equipment | |
| CN111310196B (en) | Risk identification method and device and electronic equipment | |
| CN102484640A (en) | Threat detection in a data processing system | |
| CN112134954A (en) | Service request processing method and device, electronic equipment and storage medium | |
| CN107046516B (en) | Wind control method and device for identifying mobile terminal identity | |
| CN111447201A (en) | Scanning behavior recognition method and device, electronic equipment and storage medium | |
| CN109547427B (en) | Blacklist user identification method and device, computer equipment and storage medium | |
| US11677765B1 (en) | Distributed denial of service attack mitigation | |
| CN114928452A (en) | Access request verification method, device, storage medium and server | |
| EP3547243A1 (en) | Methods and apparatuses for fraud handling | |
| CN111951084B (en) | Method, electronic device, and medium for vehicle rental order management | |
| CN111740999B (en) | DDOS attack identification method, system and related device | |
| CN110944007B (en) | Network access management method, system, device and storage medium | |
| CN115065512B (en) | Account login method, system, device, electronic equipment and storage medium | |
| CN115811426A (en) | Risk user identification method and device, electronic equipment and storage medium | |
| CN113590180B (en) | Detection strategy generation method and device | |
| CN113239407B (en) | Block chain decision point selection method and device, electronic equipment and storage medium | |
| US8503636B1 (en) | Systems and methods for blocking an outgoing request associated with an outgoing telephone number | |
| CN115396154A (en) | Access authentication method, device, electronic equipment and storage medium | |
| CN111800407B (en) | Network attack defense method and device, electronic equipment and storage medium | |
| CN111294311B (en) | Traffic charging method and system for preventing traffic fraud | |
| CN114301711A (en) | Anti-riot brushing method, device, equipment, storage medium and computer program product | |
| CN111507594A (en) | Data processing method and equipment | |
| CN111932290A (en) | Request processing method, device, equipment and storage medium | |
| CN116708013B (en) | DDoS protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |