CN115941347B

CN115941347B - User big data security analysis method and system for artificial intelligent platform

Info

Publication number: CN115941347B
Application number: CN202211659850.3A
Authority: CN
Inventors: 徐健; 陆佳慧
Original assignee: Shenzhen Positive Energy Network Technology Co ltd
Current assignee: Shenzhen Positive Energy Network Technology Co ltd
Priority date: 2022-12-23
Filing date: 2022-12-23
Publication date: 2024-01-12
Anticipated expiration: 2042-12-23
Also published as: CN115941347A

Abstract

The invention discloses a user big data security analysis method and a system for an artificial intelligent platform, wherein the method comprises the following steps: firstly, responding to an access request aiming at an artificial intelligent platform, and acquiring platform operation and maintenance evaluation data of the artificial intelligent platform; when the platform operation and maintenance assessment result is characterized in that the platform operates normally, determining the user security category of the undetermined user initiating the access request according to the identity data and the network behavior data of a plurality of users; transmitting an access request to the artificial intelligent platform when the user security class of the undetermined user is characterized as a legal user; the platform content corresponding to the access request is determined, and the platform content is returned to the user terminal corresponding to the undetermined user, so that the design is adopted, and the user safety category of the undetermined user can be determined by combining the identity data and the network behavior data of a plurality of users on the basis of determining that the platform of the artificial intelligent platform runs normally, so that the safety of the artificial intelligent platform is improved.

Description

User big data security analysis method and system for artificial intelligent platform

Technical Field

The invention relates to the technical field of artificial intelligence, in particular to a user big data security analysis method and system for an artificial intelligence platform.

Background

With the popularity of the internet, more and more user behavior data can be recorded, and as time passes, a significant portion of user-generated behavior information has been able to be used as production data in some areas. For example, in a user security identity recognition scenario, there are schemes for recognizing a user security identity based on behavior information of a user. In the information data technology, the information security problem is a problem which needs to be solved at present when the information data technology is moved to a big data age and how to use user behavior data in complex and massive data.

Disclosure of Invention

The invention aims to provide a user big data security analysis method and system for an artificial intelligent platform.

In a first aspect, an embodiment of the present invention provides a method for securely analyzing user big data for an artificial intelligence platform, including:

responding to an access request for the artificial intelligent platform, and acquiring platform operation and maintenance evaluation data of the artificial intelligent platform;

inputting platform operation and maintenance evaluation data into a pre-trained platform operation and maintenance evaluation model to obtain a platform operation and maintenance evaluation result of the artificial intelligent platform;

when the platform operation and maintenance assessment result is characterized in that the platform operates normally, determining the user security category of the undetermined user initiating the access request according to the identity data and the network behavior data of a plurality of users;

Transmitting an access request to the artificial intelligent platform when the user security class of the undetermined user is characterized as a legal user;

and determining the platform content corresponding to the access request, and returning the platform content to the user terminal corresponding to the undetermined user.

In a second aspect, an embodiment of the present invention provides a server system, including a server, where the server is configured to perform the user big data security analysis method for an artificial intelligence platform according to at least one possible implementation manner in the first aspect.

Compared with the prior art, the invention has the beneficial effects that: by adopting the user big data security analysis method and system for the artificial intelligent platform, disclosed by the invention, the platform operation and maintenance evaluation data of the artificial intelligent platform is obtained by responding to the access request aiming at the artificial intelligent platform; when the platform operation and maintenance assessment result is characterized in that the platform operates normally, determining the user security category of the undetermined user initiating the access request according to the identity data and the network behavior data of a plurality of users; transmitting an access request to the artificial intelligent platform when the user security class of the undetermined user is characterized as a legal user; the platform content corresponding to the access request is determined, and the platform content is returned to the user terminal corresponding to the undetermined user, so that the design is adopted, and the user safety category of the undetermined user can be determined by combining the identity data and the network behavior data of a plurality of users on the basis of determining that the platform of the artificial intelligent platform runs normally, so that the safety of the artificial intelligent platform is improved.

Drawings

In order to more clearly illustrate the technical solution of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described. It is appreciated that the following drawings depict only certain embodiments of the invention and are therefore not to be considered limiting of its scope. Other relevant drawings may be made by those of ordinary skill in the art without undue burden from these drawings.

FIG. 1 is a schematic flow chart of steps of a user big data security analysis method for an artificial intelligent platform according to an embodiment of the present invention;

fig. 2 is a schematic block diagram of a computer device according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

In order to solve the foregoing technical problems in the background art, fig. 1 is a flowchart of a user big data security analysis method for an artificial intelligent platform according to an embodiment of the present disclosure, where the user big data security analysis method for an artificial intelligent platform according to the embodiment may be executed by a computer device, and the user big data security analysis method for an artificial intelligent platform is described in detail below.

101. And responding to the access request for the artificial intelligent platform, and acquiring platform operation and maintenance evaluation data of the artificial intelligent platform.

102. Inputting the platform operation and maintenance evaluation data into a pre-trained platform operation and maintenance evaluation model to obtain a platform operation and maintenance evaluation result of the artificial intelligent platform.

103. And when the platform operation and maintenance assessment result is characterized in that the platform operates normally, determining the user security category of the undetermined user initiating the access request according to the identity data and the network behavior data of the plurality of users.

104. And transmitting an access request to the artificial intelligent platform when the user security class of the undetermined user is characterized as a legal user.

105. And determining the platform content corresponding to the access request, and returning the platform content to the user terminal corresponding to the undetermined user.

In the embodiment of the application, the artificial intelligence platform may refer to a network platform with an artificial intelligence processing technology, and can realize functions of collecting and recording behavior data of a user, such as an XX shopping platform, an XX online transaction platform, an XX mail processing platform, and the like. When an access request initiated by a user for an artificial intelligent platform is detected, platform operation and maintenance evaluation data of the artificial intelligent platform are firstly obtained, for example, for an XX shopping platform, the data such as the number of real-time accesses of the current whole platform, the abnormal transaction order quantity and the like can be obtained as the platform operation and maintenance evaluation data. And determining whether the platform operation and maintenance of the current artificial intelligent platform is stable or not based on the platform operation and maintenance evaluation data by utilizing a pre-trained platform operation and maintenance evaluation model, so that the condition that the subsequent user safety category judgment of the user is inaccurate due to the abnormality of the artificial intelligent platform can be avoided. Under the condition of determining the platform operation and maintenance problems of the artificial intelligent platform, the user security category of the undetermined user initiating the access request can be determined according to the identity data and the network behavior data of a plurality of users, after the user is determined to be a legal user, the platform content corresponding to the access request is determined, and the platform content is returned to the user terminal corresponding to the undetermined user. By the design, under the condition that the stability of the artificial intelligent platform is ensured, the identity data and the network behavior data of a plurality of users are combined, the user security category of the undetermined user initiating the access request is determined, and the use security of the artificial intelligent platform is improved.

In order to clearly describe the solution provided by the embodiments of the present application, the foregoing step 103 may be implemented by performing the following detailed steps.

201. The computer device obtains identity data and network behavior data for a plurality of users.

The identity data of the user is identity information for characterizing the user, for example, the identity data includes information configured for the user in the process of user registration, and the like. The network behavior data of the user is behavior information related to the user on the network.

The method comprises the steps that the computer equipment obtains identity data and network behavior data of a plurality of users, wherein the plurality of users comprise undetermined users to be evaluated and comparison users of preset user security categories. Optionally, the user security category includes legitimate users and illegitimate users.

202. The computer device determines identity matching characteristics between the identity data of the pending user and the identity data of the comparison user, and behavior matching characteristics between the network behavior data of the pending user and the network behavior data of the comparison user.

After the computer equipment acquires the identity data and the network behavior data of the undetermined user and compares the identity data and the network behavior data of the user, the computer equipment respectively compares the information of the undetermined user and the information of the same dimension of the comparison user from two different dimensions of the identity data and the network behavior data.

That is, the computer device obtains an identity matching feature between the identity data of the pending user and the identity data of the comparison user by comparing the identity data of the pending user and the identity data of the comparison user in the attribute dimension, where the identity matching feature represents a degree of similarity between the identity data of the pending user and the identity data of the comparison user. The computer equipment compares the network behavior data of the undetermined user with the network behavior data of the comparison user in the network behavior dimension to obtain behavior matching characteristics between the network behavior data of the undetermined user and the network behavior data of the comparison user, wherein the behavior matching characteristics represent the similarity degree between the network behavior data of the undetermined user and the network behavior data of the comparison user, so that the similarity degree between the undetermined user and the comparison user is mined in two different dimensions.

203. And the computer equipment executes binding operation on the identity matching characteristic and the behavior matching characteristic to acquire a comparison vector pair between the undetermined user and the comparison user.

After the computer device obtains the identity matching feature and the behavior matching feature, a binding operation is performed on the identity matching feature and the behavior matching feature, and a pair of comparison vectors is obtained, wherein the pair of comparison vectors comprises similar features of the identity data dimension and similar features of the network behavior data dimension.

Because the identity matching feature and the behavior matching feature respectively represent the similarity degree between the information of the undetermined user and the information of the comparison user in different dimensions, the comparison pair acquired after combination contains the similarity feature between the information in different dimensions.

204. The computer equipment performs identification and classification operation on the comparison vector pair, and obtains the homogeneity confidence between the undetermined user and the comparison user.

Because the pair of comparison vectors contains similar features among information in different dimensions, the computer equipment performs identification classification operation on the pair of comparison vectors, and acquires the same-quality confidence degree represented by the pair of comparison vectors, wherein the same-quality confidence degree is the same-quality confidence degree between a to-be-determined user and the comparison user, and the accuracy of the same-quality confidence degree is higher because the considered factors are richer. The similarity confidence coefficient represents the similarity degree between the undetermined user and the comparison user, which is equivalent to that the undetermined user and the comparison user are subjected to the similarity confidence coefficient judgment based on the comparison user, so that the similarity degree between the undetermined user and the comparison user is obtained.

205. And when the homoplasmy confidence coefficient between the undetermined user and the comparison user meets a preset confidence coefficient threshold value, the computer equipment determines that the undetermined user corresponds to the user security category to which the comparison user belongs.

In the embodiment of the present application, since the security class of the user to which the comparison user belongs is already determined, the comparison user may be used as a reference standard, if the homogeneous confidence between the to-be-determined user and the comparison user meets a preset confidence threshold, it is indicated that the identity data of the to-be-determined user is similar to the identity data of the comparison user, and the network behavior data of the to-be-determined user is also similar to the network behavior data of the comparison user, that is, the information in different dimensions is similar to each other, so that the security class of the user to which the to-be-determined user belongs is the same as the security class of the user to which the comparison user belongs, and therefore, the computer device determines that the to-be-determined user corresponds to the security class of the user to which the comparison user belongs, thereby implementing detection of the security class of the user to which the to be-determined user belongs. For example, the user is in a scene of detecting an illegal user. When whether the user A is an illegal user needs to be detected, the computer equipment acquires the identity data and the network behavior data of the user A, then the computer equipment acquires the identity data and the network behavior data of the user B which are determined to be the illegal user, and the method provided by the embodiment of the application is adopted to determine the homogeneous confidence degree between the user A and the user B based on the identity data and the network behavior data of the user A and the identity data and the network behavior data of the user B, and if the homogeneous confidence degree between the user A and the user B is large enough, the user security category to which the user A belongs is the same as the user security category to which the user B belongs, so that the user A is determined to be the illegal user.

The method comprises the steps that the homogeneity confidence coefficient meeting a preset confidence coefficient threshold is larger than the homogeneity confidence coefficient not meeting the preset confidence coefficient threshold, so that when the homogeneity confidence coefficient between a user to be determined and a comparison user is relatively larger, the user safety category to which the user to be determined belongs is the same as the user safety category to which the comparison user belongs.

According to the method provided by the embodiment of the application, the identity matching feature and the behavior matching feature are respectively mined from two dimensions of the identity data and the network behavior data of the user, then the identity matching feature and the behavior matching feature are utilized to execute the comparison vector pair obtained by the binding operation to judge the homoplasmic confidence between the two users, and if the homoplasmic confidence of the two users meets the preset confidence threshold, the user security classes to which the two users belong are considered to be the same, so that the user security classes to which the users to be determined belong can be detected by means of the comparison users by adopting the method. Because the method considers the identity data and the network behavior data of the users at the same time, the dimension of the similarity degree between the users is enriched, and the accuracy of detecting the user security category to which the users belong is improved.

In the embodiment of the application, it is specifically described that when detecting the user security category to which the pending user belongs, whether there is an overlapping attribute between the pending user and the comparison user is also considered, please refer to the following steps

301. The computer device obtains identity data and network behavior data for a plurality of users.

In this embodiment, the identity data and the network behavior data each include a plurality of attribute contents. Optionally, the identity data comprises a plurality of attribute contents of different dimensions, for example, the attribute contents comprise authority information, identification tags, identity data sources, identity data code amounts and the like, and optionally, the network behavior data comprises the attribute contents of different dimensions, for example, the attribute contents comprise a behavior directing address, a server serial number of a destination server and the like.

Wherein the rights information is used to indicate an identity code dataset of the user. The identification tag is used for checking the integrity of the user's identification code dataset, for example, the identification tag is a file obtained by packaging the identification code dataset after abstract extraction. Alternatively, the identification tag may include information of the user developer, etc. The identity data source is used to indicate the user, e.g. the identity data source is the user name to which the user corresponds, different users may have the same user name. The identity data code amount refers to the size of the user's identity code data set, for example, the user's identity data code amount is 213386703 bytes, etc. The behavior-directed address refers to a target network address contained in the network behavior data. The destination server corresponding to the user comprises the first 5 devices with earlier history execution records.

The plurality of users comprise undetermined users, non-associated users and associated users, wherein the undetermined users are users to be evaluated, namely the user security category to which the undetermined users belong is not determined, the user security category to which the non-associated users belong is determined, and the user security category to which the associated users belong is not determined.

Wherein, the existence of the overlapping attribute between the two users means that the two users exist the same attribute content. The non-associated user and the associated user have overlapping attributes, the undetermined user and the non-associated user do not have overlapping attributes, and the undetermined user and the associated user have overlapping attributes. That is, there is at least one identical attribute content for the non-associated user and the associated user, the undetermined user and the non-associated user do not have identical attribute content, and the undetermined user and the associated user have at least one identical attribute content.

In one possible implementation, the identity data and the network behavior data of the plurality of users are reported by the authentication server, and the identity data and the network behavior data of the users are acquired by the authentication server in the identity code data set of the users. Taking a pending user as an example, after an authentication server acquires an identity code data set of the pending user, before the pending user is processed through the identity code data set, analyzing the identity code data set so as to acquire identity data and network behavior data in the identity code data set, and then reporting the identity data and the network behavior data of the pending user to a computer device so that a subsequent computer device can detect the pending user based on the identity data and the network behavior data of the pending user.

302. The computer device determines a confidence of homogeneity between the non-associated user and the associated user.

In the embodiment of the present application, considering that the probability of similarity between two users with overlapping attributes is greater, in order to reduce the calculation amount, only the confidence level of homogeneity between two users with overlapping attributes is determined, and further the confidence level of homogeneity is judged to determine whether the user security categories to which the two users belong are the same. Since the user security category to which the non-associated user belongs has been determined, the user security category to which the associated user belongs has not been determined, and there is an overlapping attribute between the non-associated user and the associated user, the computer device may determine a homogeneous confidence level between the non-associated user and the associated user, so as to determine whether the user security category to which the associated user belongs is the same as the user security category to which the non-associated user belongs according to the homogeneous confidence level.

The computer equipment determines a third similar feature between the identity data of the non-associated user and the identity data of the associated user, and a fourth similar feature between the network behavior data of the non-associated user and the network behavior data of the associated user, performs a binding operation on the third similar feature and the fourth similar feature, acquires a comparison vector pair between the non-associated user and the associated user, performs an identification classification operation on the comparison vector pair between the non-associated user and the associated user, and acquires a homogeneity confidence between the non-associated user and the associated user. The process of determining the confidence level of the homogeneity between the non-associated user and the associated user is the same as the process of determining the confidence level of the homogeneity between the undetermined user and the comparison user in the above steps 202-204, and will not be described in detail herein.

303. The computer device determines that the associated user corresponds to a user security category to which the non-associated user belongs when a homogeneity confidence between the non-associated user and the associated user reaches a homogeneity confidence threshold.

The computer equipment judges whether the homogeneity confidence between the non-associated user and the associated user reaches a homogeneity confidence threshold, if the homogeneity confidence between the non-associated user and the associated user reaches the homogeneity confidence threshold, the similarity degree between the non-associated user and the associated user is high enough, the non-associated user and the user security category to which the associated user belongs can be considered to be the same, and therefore the associated user is determined to correspond to the non-associated user security category to which the non-associated user belongs. If the homogeneity confidence between the non-associated user and the associated user does not reach the homogeneity confidence threshold, the similarity degree between the non-associated user and the associated user is not high enough, and the security category of the non-associated user and the user to which the associated user belongs can be considered to be different.

Optionally, the confidence level threshold is a threshold preset by the computer device, for example, the confidence level between the non-associated user and the associated user ranges from 0 to 1, and the confidence level threshold may be 0.7 or 0.8. For another example, if the value of the homogeneity confidence between the non-associated user and the associated user is 0 or 1, the homogeneity confidence threshold may be 1.

Optionally, the user security category comprises a first type and a second type, the first type being different from the second type, e.g. the first type being an illegal user and the second type being a legal user. Wherein the non-associated user corresponds to the first type. If the homogeneity confidence between the non-associated user and the associated user reaches the homogeneity confidence threshold, determining that the user security category to which the associated user belongs is the same as the user security category to which the non-associated user belongs, namely that the associated user also corresponds to the first type, and if the homogeneity confidence between the non-associated user and the associated user does not reach the homogeneity confidence threshold, determining that the associated user is different from the user security category to which the non-associated user belongs, namely that the associated user corresponds to the second type.

304. The computer device determines identity matching characteristics between the identity data of the pending user and the identity data of the associated user, and behavior matching characteristics between the network behavior data of the pending user and the network behavior data of the associated user.

It should be noted that, in the embodiment of the present application, the user security category to which the non-associated user belongs is already determined, so that the non-associated user is the comparison user, and after executing the steps 302 to 303, the computer device also determines the user security category to which the associated user belongs, so that the associated user can also be used as the comparison user. And, since the undetermined user does not have the overlapping attribute with the non-associated user, and the undetermined user has the overlapping attribute with the associated user, considering that the probability of similarity between the undetermined user and the associated user is larger, in order to reduce the calculation amount, only the homogeneity confidence between the undetermined user with the overlapping attribute and the associated user is determined.

305. The computer equipment executes binding operation on the identity matching feature and the behavior matching feature, obtains a comparison vector pair between the undetermined user and the associated user, executes identification classification operation on the comparison vector pair, and obtains the homogeneity confidence between the undetermined user and the associated user.

306. And the computer equipment determines that the undetermined user corresponds to the user security category to which the associated user belongs when the homogeneity confidence between the undetermined user and the associated user reaches a homogeneity confidence threshold.

The process of determining that the pending user corresponds to the user security class to which the associated user belongs in the steps 304-306 is the same as the process of determining that the pending user corresponds to the user security class to which the user belongs in the steps 202-205, and is not described in detail herein.

In the embodiment of the application, when the overlapping attribute exists between the two users and the homogeneity confidence coefficient between the two users reaches the homogeneity confidence coefficient threshold, the user safety categories to which the two users belong are determined to be the same, and the users corresponding to the same user safety category are mined from two different angles of the overlapping attribute and the homogeneity confidence coefficient, so that the condition of judging that the two users correspond to the same user safety category is more severe, and the accuracy of user detection is improved.

When only the user security category to which the non-associated user belongs is determined, the user security category to which the associated user belongs is determined according to the overlapping attribute and the homogeneous confidence coefficient between the associated user and the non-associated user, although the overlapping attribute does not exist between the undetermined user and the non-associated user, the user security category to which the undetermined user belongs is determined according to the overlapping attribute and the homogeneous confidence coefficient between the undetermined user and the associated user of which the user security category is determined, which is equivalent to the user security category to which the associated user with the overlapping attribute exists according to the non-associated user, and the user security category to which the undetermined user with the overlapping attribute does not exist is indirectly determined, so that the diffuse user detection is realized, more users corresponding to the same user security category are excavated, and the coverage capability of the user detection is improved.

It should be noted that, the embodiment of the present application takes as an example that only the confidence of the homogeneity between two users having the overlapping attribute is determined. In another embodiment, whether the pending user and the comparison user have overlapping attributes or not may be first disregarded, that is, the non-associated user and the associated user in the comparison user are first indistinguishable, based on the above embodiment, the above step 204 is replaced by the following steps: and when the overlapping attribute exists between the undetermined user and the comparison user and the homogeneity confidence coefficient between the undetermined user and the comparison user reaches a homogeneity confidence coefficient threshold value, determining that the undetermined user corresponds to the user security category to which the comparison user belongs. That is, the preset confidence threshold in the above step 204 is: overlapping attributes exist between the undetermined user and the comparison user, and the homogeneity confidence between the undetermined user and the comparison user reaches a homogeneity confidence threshold.

And when the overlapping attribute exists between the two users and the homogeneity confidence coefficient between the two users reaches the homogeneity confidence coefficient threshold value, determining that the user safety categories to which the two users belong are the same, and mining the users corresponding to the same user safety category from two different angles of the overlapping attribute and the homogeneity confidence coefficient, so that the condition for judging that the two users correspond to the same user safety category is more severe, and the method is beneficial to improving the accuracy and the precision of user detection.

When only the user security category to which the non-associated user belongs is determined, the user security category to which the associated user belongs is determined according to the overlapping attribute and the homogeneous confidence coefficient between the associated user and the non-associated user, although the overlapping attribute does not exist between the undetermined user and the non-associated user, the user security category to which the undetermined user belongs is determined according to the overlapping attribute and the homogeneous confidence coefficient between the undetermined user and the associated user of which the user security category is determined, which is equivalent to the user security category to which the associated user with the overlapping attribute exists according to the non-associated user, and the user security category to which the undetermined user with the overlapping attribute does not exist is indirectly determined, so that the diffuse user detection is realized, more types of users are mined, and the coverage capability of the user detection is improved.

And, considering that the probability of similarity between two users with overlapping attributes is larger, only the same quality confidence between the two users with overlapping attributes is determined, and further the same quality confidence is judged to determine whether the user security categories to which the two users belong are the same, so that the calculation amount for determining the same quality confidence between the users is reduced.

In addition, the user detection method only depends on the identity data and the network behavior data, and the identity data and the network behavior data can be conveniently reported to the computer equipment by the authentication server when the user logs in, so that the acquisition difficulty of the identity data and the network behavior data is low, the computer equipment is not required to record the identity code data set of the user, and compared with a method for detecting by using the identity code data set of the user, the method has lower dependence on the identity code data set, and therefore the feasibility of the method is higher.

In the embodiment of the application, the form of the user relationship knowledge graph can be constructed, and the diffusion is carried out through the non-associated users of the preset user security categories, so that more potential users corresponding to the same user security category are found, the mining capability and the coverage capability of user detection are improved, and the efficiency and the accuracy of user detection are greatly improved.

The embodiment of the application specifically illustrates how to detect the user security category to which the pending user belongs when the number of the comparison users is plural, and the following scheme can be referred to.

1301. The computer device obtains identity data and network behavior data for a plurality of users.

The plurality of users comprise undetermined users and a plurality of comparison users, the user security categories of the plurality of comparison users are determined, and the user security categories of the plurality of comparison users are the same. For example, the plurality of aligned users each correspond to an illegal user.

Optionally, the plurality of aligned users include users that determine a user security class using methods other than the methods of the embodiments of the present application, e.g., manually determining a user security class to which the user belongs, etc. The plurality of comparison users further comprise users for which the user security category is determined by adopting the method of the embodiment of the application, for example, if a certain user is determined to be the same as the user security category to which the plurality of comparison users belong by adopting the method of the embodiment of the application, the user can be determined to be a new comparison user.

1302. The computer device determines identity matching characteristics between the identity data of the pending user and the identity data of the comparison user, and behavior matching characteristics between the network behavior data of the pending user and the network behavior data of the comparison user.

1303. And the computer equipment executes binding operation on the identity matching characteristic and the behavior matching characteristic, acquires a comparison vector pair between the undetermined user and the comparison user, executes identification classification operation on the comparison vector pair, and acquires the homogeneity confidence between the undetermined user and the comparison user.

In this embodiment, the number of comparison users is multiple, and for each comparison user, the computer device determines the homogeneous confidence between the undetermined user and the comparison user by using the methods in steps 1302-1303, so as to obtain the homogeneous confidence between the undetermined user and each comparison user.

The process of determining the confidence level between the undetermined user and the comparison user in the steps 1302-1303 is the same as the process of determining the confidence level in the steps 202-204, and will not be described in detail here.

1304. The computer device determines a vector distance between the pending user and the plurality of alignment users based on a degree of confidence in homogeneity between each two of the pending user and the plurality of alignment users.

The method comprises the steps that the computer equipment obtains the same-quality confidence coefficient between every two comparison users in the plurality of comparison users, obtains the same-quality confidence coefficient between a pending user and each comparison user, and then determines vector distances between the pending user and the plurality of comparison users based on the same-quality confidence coefficient between the pending user and every two users in the plurality of comparison users, wherein the vector distances represent aggregation degrees between the pending user and the plurality of comparison users.

The vector distance has a forward relationship with the confidence of homogeneity between each two of the undetermined user and the plurality of comparison users. For example, the vector distance is an average of the confidence in homogeneity between the pending user and each two of the plurality of aligned users.

1305. And when the vector distance reaches a preset distance threshold, the computer equipment determines that the undetermined user corresponds to the user security category to which the plurality of comparison users belong.

The computer equipment judges whether the vector distance reaches a preset distance threshold value, if the vector distance reaches the preset distance threshold value, the aggregation degree between the undetermined user and the plurality of comparison users is high enough, namely the undetermined user is similar to the plurality of comparison users enough, and the undetermined user and the plurality of comparison users can be considered to have the same user security category, so that the undetermined user is determined to correspond to the user security category, to which the plurality of comparison users belong. If the vector distance does not reach the preset distance threshold, the aggregation degree between the undetermined user and the multiple comparison users is not high enough, namely the undetermined user is dissimilar to the multiple comparison users, and the undetermined user and the multiple comparison users can be considered to have different user security categories.

Optionally, the preset distance threshold is a threshold preset by the computer device, for example, the vector distance ranges from 0 to 1, and the preset distance threshold may be 0.7 or 0.8.

When the computer equipment determines that the undetermined user corresponds to the user security category to which the multiple comparison users belong, the undetermined user can be determined as a new comparison user, and the determined multiple comparison users are continuously utilized to detect the user security categories of other users.

According to the method provided by the embodiment of the application, the identity matching feature and the behavior matching feature are respectively mined from two dimensions of the identity data and the network behavior data of the user, then the identity matching feature and the behavior matching feature are utilized to execute the comparison vector pair obtained by the binding operation to judge the homogeneous confidence between the two users, then the vector distance between the undetermined user and the multiple comparison users is determined by utilizing the homogeneous confidence, if the vector distance is high enough, the security categories of the undetermined user and the multiple comparison users are considered to be the same, and therefore the user security category of the undetermined user can be detected by means of the multiple comparison users by adopting the method. The method enriches the dimension of the similarity degree between users and simultaneously considers a plurality of different comparison users, so that the accuracy of detecting the user security category to which the users belong is improved.

The embodiment of the application specifically illustrates how the identity confidence is determined based on the identity matching feature and the behavior matching feature, and the following steps can be referred to.

1401. The computer device obtains identity data and network behavior data for a plurality of users.

1402. The computer device determines identity matching characteristics between the identity data of the pending user and the identity data of the comparison user, and behavior matching characteristics between the network behavior data of the pending user and the network behavior data of the comparison user.

The process of determining the identity matching feature and the behavior matching feature in steps 1401-1402 is the same as the process of determining the identity matching feature and the behavior matching feature in steps 201-202, and will not be described in detail here.

1403. And the computer equipment executes binding operation on the identity matching characteristic and the behavior matching characteristic to acquire a comparison vector pair between the undetermined user and the comparison user.

In one possible implementation, the identity data comprises attribute content of at least one identity attribute, the identity matching feature comprises a first attribute feature on the at least one identity attribute, the network behavior data comprises attribute content of at least one behavior attribute, and the behavior matching feature comprises a second attribute feature on the at least one behavior attribute. The computer device performs a binding operation on the first attribute feature on the at least one identity attribute and the second attribute feature on the at least one behavior attribute based on the order of the at least one identity attribute and the at least one behavior attribute, and obtains a comparison vector pair between the user to be determined and the comparison user.

The attribute content of the at least one identity attribute refers to different types of identity data, for example, the attribute content of the at least one identity attribute includes authority information, an identity identification tag, an identity data source, an identity data code amount and the like, and a first attribute feature corresponds between the attribute content of each identity attribute of the undetermined user and the attribute content of each identity attribute of the comparison user, and the first attribute feature represents the similarity degree between the attribute content of the identity attribute. The attribute content of the at least one behavior attribute refers to different types of network behavior data, for example, the attribute content of the at least one behavior attribute comprises a behavior pointing address, a server serial number of a destination server and the like, and a second attribute feature is corresponding between the attribute content of each behavior attribute of the undetermined user and the attribute content of each comparison user, and represents the similarity degree between the attribute content of the behavior attribute.

For example, the authority information corresponds to a first attribute feature a, the identification tag corresponds to a first attribute feature b, the identity data source corresponds to a first attribute feature c, the identity data code amount corresponds to a first attribute feature d, the behavior-oriented address corresponds to a second attribute feature e, the server serial number corresponds to a second attribute feature f, the at least one identity attribute and the at least one behavior attribute are in the order (authority information, identification tag, identity data source, identity data code amount, behavior-oriented address, server serial number), and the pair of comparison vectors obtained by performing the binding operation on the first attribute feature and the second attribute feature is (a, b, c, d, e, f).

1404. The computer equipment performs recognition classification operation on the comparison vector pair based on the comparison vector pair recognition model, and obtains the homogeneity confidence between the undetermined user and the comparison user.

The comparison vector recognition model is used for executing recognition classification operation on any comparison vector pair, and after the computer equipment obtains the comparison vector pair between the undetermined user and the comparison user, the comparison vector pair is input into the comparison vector pair recognition model, the comparison vector pair recognition model executes recognition classification operation on the comparison vector pair, and the homogeneity confidence between the undetermined user and the comparison user is output.

In one possible implementation, the pair of vector pair identification models are trained in the following manner, including the following steps.

1414. The computer device obtains a pair of sample comparison vectors between the first preset sample user and the second preset sample user, and a sample homogeneity confidence between the first preset sample user and the second preset sample user.

The process of determining the sample comparison vector pair between the first preset sample user and the second preset sample user is the same as the process of determining the comparison vector pair between the undetermined user and the comparison user, and is not described herein.

The sample homogeneity confidence between the first preset sample user and the second preset sample user is the actual homogeneity confidence between the first preset sample user and the second preset sample user. For example, the value of the homogeneity confidence is 0 and 1,0 indicates dissimilarity, and 1 indicates similarity. If the user security categories of the first preset sample user and the second preset sample user are the same, the sample homogeneity confidence between the first preset sample user and the second preset sample user is 1, and if the user security categories of the first preset sample user and the second preset sample user are different, the sample homogeneity confidence between the first preset sample user and the second preset sample user is 0.

1424. The computer device performs an identification classification operation on the sample pair vector based on the pair vector identification model, and obtains a reference homogeneity confidence between the first preset sample user and the second preset sample user.

The computer device inputs the sample alignment vector pair into an alignment vector pair identification model, which performs an identification classification operation on the sample alignment vector pair, outputting a reference homogeneity confidence between the first preset sample user and the second preset sample user.

1434. The computer device trains the pair of alignment vectors to identify the model based on the reference homogeneity confidence and the sample homogeneity confidence.

In the embodiment of the application, a supervised learning mode is adopted to train the pair-comparison vector identification model. Since the sample homogeneity confidence is the actual homogeneity confidence, and the reference homogeneity confidence is the homogeneity confidence obtained by predicting the comparison vector pair recognition model, the closer the reference homogeneity confidence is to the sample homogeneity confidence, the higher the classification capacity of the comparison vector pair recognition model is, that is, the higher the accuracy is, so the computer equipment trains the comparison vector pair recognition model based on the difference between the reference homogeneity confidence and the sample homogeneity confidence, so that the difference between the reference homogeneity confidence obtained by the trained comparison vector pair recognition model and the sample homogeneity confidence is smaller.

1405. And when the homoplasmy confidence coefficient between the undetermined user and the comparison user meets a preset confidence coefficient threshold value, the computer equipment determines that the undetermined user corresponds to the user security category to which the comparison user belongs.

The process of step 1405 is the same as that of step 205, and will not be described again.

Based on the above embodiment, the identity data of the user may include a plurality of attribute contents, such as authority information, an identification tag, an identity data source, an identity data code amount, and the like, and then identity matching characteristics between the identity data of the user to be determined and the identity data of the comparison user are determined, including at least one of the following ways.

A first way of determining identity matching features: the identity data includes rights information and the computer device determines an identity matching feature between the rights information of the pending user and the rights information of the comparison user.

In one possible implementation, the computer device determines an identity matching feature between rights information of the pending user and rights information of the aligned user, including at least one of the following.

(1) The computer equipment determines an identity matching characteristic based on a difference parameter between authority information of a user to be determined and authority information of a comparison user, wherein the difference parameter refers to a data parameter which is required to be modified by modifying one authority information into another authority information.

The identity matching characteristic between the rights information of the undetermined user and the comparison user is inversely related to the difference parameter. Optionally, the computer device determines a first ratio between the difference parameter and a maximum value of the lengths of the entitlement information of the pending and the comparison user, and based on the first ratio, determines an identity matching feature between the entitlement information of the pending and the comparison user. Wherein the identity matching feature is inversely related to the first ratio. That is, the larger the first ratio, the smaller the identity-matching feature, and the smaller the first ratio, the larger the identity-matching feature. By determining the ratio between the difference parameter and the maximum value, the influence caused by different lengths of authority information of different users is avoided, and the accuracy of the identity matching characteristics is improved. For example, the computer device determines a difference between the preset value and the first ratio as an identity matching feature between the rights information. For example, the preset value is 1.

For example, the computer device uses the following formula to determine identity matching features between rights information.

Identity matching feature between rights information = 1-difference parameter/max (length of rights information of pending user, length of rights information of comparison user). Where max refers to taking the maximum value.

Wherein the difference parameter is a quantitative measure of the degree of difference between two claim descriptions by determining how many characters need to be changed to change one claim description to another. For example, for the rights description content "abcde" and the rights description content "abcefg", it is necessary to modify "d" in the rights description content "abcde" to "f" and add "g" to obtain the rights description content "abcefg", and then the difference parameter between the rights description content "abcde" and the rights description content "abcefg" is 2.

(2) The computer device determines an identity matching feature based on the length of the content described by the same rights in the rights information of the pending user and the comparison user.

The identity matching characteristic between the rights information of the undetermined user and the comparison user has a positive relation with the length of the description content of the same rights item. Optionally, the computer device determines a second ratio between the length of the descriptive content of the similarity terms and a maximum of the lengths of the rights information of the pending user and the comparison user, and determines an identity matching feature between the rights information of the pending user and the comparison user based on the second ratio. Wherein the identity matching feature has a forward relationship with the second ratio. That is, the larger the second ratio, the larger the identity-matching feature, and the smaller the second ratio, the smaller the identity-matching feature. For example, the computer device determines the second ratio as an identity matching feature between the rights information.

Identity matching feature between rights information = length/max of the content described by the same rights item (length of rights information of pending user, length of rights information of comparison user). Where max refers to taking the maximum value.

(3) The computer equipment determines the identity matching characteristic based on the number of the same authority description semantics in the authority information of the undetermined user and the comparison user.

The identity matching characteristics between the authority information of the undetermined user and the authority information of the comparison user have a forward relation with the number of the description semantics of the same authority. Optionally, the computer device determines a third ratio between the number of the same rights description semantics and a maximum value in the lengths of the rights information of the undetermined user and the comparison user, and determines an identity matching feature between the rights information of the undetermined user and the comparison user based on the third ratio. Wherein the identity matching feature has a forward relationship with the third ratio. That is, the larger the third ratio, the larger the identity matching feature, and the smaller the third ratio, the smaller the identity matching feature. For example, the computer device determines the third ratio as an identity matching feature between the rights information.

Identity matching features between rights information = number/max of identical rights description semantics (length of rights information of pending user, length of rights information of comparison user). Where max refers to taking the maximum value.

(4) The computer equipment determines the identity matching characteristic based on the number of rights description semantics corresponding to the same rights display format in the rights information of the undetermined user and the comparison user.

The rights information includes a plurality of rights description semantics, and the rights display formats of different rights description semantics may be the same or different. The identity matching characteristics between the rights information of the undetermined user and the comparison user have a forward relation with the number of rights description semantics of the same rights display format. Optionally, the computer device determines a fourth ratio between the number of rights description semantics of the same rights display format and a maximum value in the lengths of the rights information of the pending user and the comparison user, and determines an identity matching feature between the rights information of the pending user and the comparison user based on the fourth ratio. Wherein the identity matching feature has a forward relationship with the fourth ratio. That is, the larger the fourth ratio, the larger the identity matching feature, and the smaller the fourth ratio, the smaller the identity matching feature. For example, the computer device determines the fourth ratio as an identity matching feature between the rights information.

Identity matching features between rights information = number/max of rights description semantics of the same rights display format (length of rights information of pending user, length of rights information of comparison user). Where max refers to taking the maximum value.

In the embodiment of the application, when the similar characteristics in the authority information dimension are determined, the similar characteristics in the dual dimensions of the character content and the authority description semantic authority display format are fully extracted, and the accuracy of the identity matching characteristics is improved.

A second way of determining identity matching features: the identity data includes an identification tag and the computer device determines an identity matching feature between the identification tag of the pending user and the identification tag of the comparison user.

In one possible implementation, the computer device determines an identity matching feature between the identification tag of the pending user and the identification tag of the aligned user, including the following.

(1) When the identity label of the undetermined user is the same as that of the comparison user, the computer equipment determines the identity matching characteristic based on the number of the user with the identity label, wherein the number of the user with the identity label refers to the number of the users with the identity label.

The method comprises the steps that the computer equipment obtains an identification label of a to-be-determined user and an identification label of a comparison user, if the identification label of the to-be-determined user is identical to the identification label of the comparison user, the computer equipment determines the number of the held users of the identification label, and then based on the number of the held users of the identification label, the identity matching characteristic between the to-be-determined user and the identification label of the comparison user is determined, and the identity matching characteristic is inversely related to the number of the held users of the identification label. For example, the computer device determines the reciprocal of the number of held users as an identity matching feature between the identification tags. For example, the identity matching feature between the identification tag of the pending user and the comparison user=1/(the number of holding users).

(2) And when the identification labels of the undetermined user and the comparison user are different and the difference value of the holding user numbers is smaller than the threshold value of the holding user numbers, the computer equipment determines the identity matching characteristic based on the maximum value of the holding user numbers corresponding to the undetermined user and the comparison user.

If the identification label of the undetermined user is different from the identification label of the comparison user, the computer equipment respectively determines the number of the holding users of the identification label of the undetermined user and the number of the holding users of the identification label of the comparison user, then determines the difference value between the two holding users, if the difference value of the holding users is smaller than the threshold value of the holding users, the computer equipment determines the maximum value of the two holding users, and based on the maximum value, determines the identity matching characteristics between the undetermined user and the identification label of the comparison user.

Optionally, the identity-matching feature is inversely related to the maximum value. For example, the computer device determines the inverse of the maximum value as the identity matching feature. For example, the identity matching feature between the identification tag of the user to be determined and the identification tag of the comparison user=1/max (the number of holding users corresponding to the user to be determined, the number of holding users corresponding to the comparison user). Where max refers to taking the maximum value.

Optionally, the threshold number of holding users is a threshold preset by the computer device, for example, the threshold number of holding users is 10.

(3) And when the identification labels of the undetermined user and the comparison user are different and the difference value of the holding user number is not smaller than the threshold value of the holding user number, the computer equipment determines the preset target parameter as the identification matching characteristic.

If the difference in the number of holding users is not less than the threshold number of holding users, the preset target parameter of the computer device is determined to be an identity matching feature, for example, the preset target parameter is 0.

Third way of determining identity matching feature: the identity data includes an identity data source, and the computer device determines an identity matching feature between the identity data source of the pending user and the identity data source of the aligned user.

In one possible implementation, the computer device determines an identity matching feature between the identity data source of the pending user and the identity data source of the aligned user, including at least one of the following.

(1) The computer device determines an identity matching feature based on the lengths of the descriptive content of the same rights in the identity data sources of the pending and the comparing users.

The identity matching feature between the identity data sources of the pending user and the comparison user has a positive relationship with the length of the content of the same claim description. Optionally, the computer device determines a fifth ratio between the length of the content described by the same claim and a maximum of the lengths of the identity data sources of the pending and the alignment users, and based on the fifth ratio, determines an identity matching feature between the identity data sources of the pending and the alignment users. Wherein the identity matching feature has a forward relationship with the fifth ratio. That is, the larger the fifth ratio, the larger the identity matching feature, and the smaller the fifth ratio, the smaller the identity matching feature. For example, the computer device determines the fifth ratio as an identity matching feature between the identity data sources.

For example, the computer device uses the following formula to determine identity matching characteristics between sources of identity data.

Identity matching features between identity data sources = length/max of the content described by the same rights (length of identity data source of pending user compared to length of identity data source of user). Where max refers to taking the maximum value.

The length of the description content of the same claim refers to the number of the same characters in the identity data sources of the user to be determined and the user to be compared. For example, in this embodiment, the identity data source of the undetermined user is "web panning", and the identity data source of the comparison user is "web panning benefit", and the number of identical characters in the identity data source of the undetermined user and the identity data source of the comparison user is 2.

(2) The computer device determines identity matching features based on source information corresponding to the identity data sources of the pending user and the comparison user.

The source information corresponding to the identity data source indicates a probability that the identity data source corresponds to each of a plurality of target sources. For example, for the purpose of a user, the target sources corresponding to the identity data sources may include video, online shopping, social, game, and the like.

In one possible implementation manner, the computer device performs an identification classification operation on the identity data source of the user to be determined and the identity data source of the comparison user based on the identity data source classification model, so as to obtain source information corresponding to the user to be determined and source information corresponding to the comparison user.

Optionally, the computer device determines a distance between the source information corresponding to the pending user and the source information corresponding to the comparison user, and determines the identity matching feature based on the distance between the source information, the identity matching feature being inversely related to the distance. That is, the greater the distance between the source information, the smaller the identity matching feature, and the smaller the distance between the source information, the greater the identity matching feature.

Optionally, the computer device determines a difference between the preset value and the distance as the identity matching feature. For example, the preset value is 1. Optionally, the source information is a classification vector, and the classification vector includes probability values in a plurality of dimensions, each dimension corresponding to a target source. The computer equipment determines the difference value between the probability value in each dimension in the source information corresponding to the undetermined user and the probability value in the same dimension in the source information corresponding to the comparison user, and determines the distance between the source information corresponding to the undetermined user and the source information corresponding to the comparison user based on the determined difference value in each dimension, wherein the distance between the source information and the difference value in each dimension has a forward relation. For example, the computer device determines a sum of squares of the differences in each dimension, and squares the sum of squares based on the number of the plurality of dimensions to obtain the distance between the source information.

Fourth way of determining identity matching feature: the identity data includes an identity data code amount and the computer device determines an identity matching feature between the identity data code amount of the pending user and the identity data code amount of the comparison user.

Since the amount of identity data code is a numeric value, the computer device may determine the identity matching feature based on the distance between the amount of identity data code of the pending user and the amount of identity data code of the comparison user. Wherein the identity matching feature is inversely related to the distance between the identity data code amounts. That is, the greater the distance between the amounts of identity data codes, the smaller the identity matching feature, and the greater the distance between the amounts of identity data codes.

Optionally, the computer device determines a difference between the amounts of identity data codes of the pending and the comparison user, and a sum of the amounts of identity data codes of the pending and the comparison user, determines a sixth ratio between the difference and the sum, and determines an identity matching feature between the amounts of identity data codes based on the sixth ratio. Wherein the identity matching feature is inversely related to the sixth ratio. That is, the larger the sixth ratio, the larger the identity matching feature, and the smaller the sixth ratio, the smaller the identity matching feature. For example, the computer device determines an absolute value of a product between the sixth ratio and a first predetermined value, determines a difference between a second predetermined value and the absolute value as the identity matching feature, e.g., the first predetermined value is 2 and the second predetermined value is 1.

For example, the computer device uses the following formula to determine identity matching features between the amounts of identity data codes.

Identity matching feature = 1-2 abs (x-y)/(x+y). Wherein x represents the code quantity of the identity data of the undetermined user, y represents the code quantity of the identity data of the comparison user, and abs refers to the absolute value.

The embodiment of the application provides a determination mode of the identity matching features on a plurality of different dimensions, enriches the dimensions of the identity matching features, digs the features of the undetermined user and the comparison user with finer granularity on the identity data, and is beneficial to improving the accuracy of determining the similarity degree between the undetermined user and the comparison user.

It should be noted that, in one possible implementation manner, the computer device splices the acquired identity matching features in a plurality of different dimensions, acquires the integral identity matching feature between the undetermined user and the comparison user, and then determines the homogeneous confidence coefficient between the undetermined user and the comparison user by using the identity matching feature acquired after splicing.

On the basis of the above embodiment, the network behavior data of the user may include a plurality of attribute contents, such as a behavior targeting address and a server serial number of a destination server, and the behavior matching feature between the network behavior data of the pending user and the network behavior data of the comparison user is determined, including at least one of the following ways.

First way of determining behavior matching features: the network behavior data includes a behavior targeting address, and the computer device determines a behavior matching feature between the behavior targeting address of the pending user and the behavior targeting address of the comparison user.

In one possible implementation, the computer device determines the behavior matching feature based on the number of identical behavior-directed addresses of the pending user and the alignment user.

The behavior matching characteristics between the behavior pointing addresses of the undetermined user and the comparison user have a forward relation with the number of the same behavior pointing addresses. Optionally, the computer device determines a seventh ratio between the number of the same behavior-directed addresses and a maximum value of the total number of the behavior-directed addresses of the pending user and the total number of the behavior-directed addresses of the comparison user, and determines a behavior matching feature between the behavior-directed addresses of the pending user and the comparison user based on the seventh ratio. Wherein the behavior matching feature has a forward relationship with the seventh ratio. That is, the larger the seventh ratio, the larger the behavior matching feature, and the smaller the seventh ratio, the smaller the behavior matching feature. For example, the computer device determines the seventh ratio as a behavior matching characteristic between the behavior-directed addresses.

For example, the computer device uses the following formula to determine behavior matching characteristics between behavior-directed addresses.

Behavior matching features between behavior targeting addresses = number of identical behavior targeting addresses/max (total number of behavior targeting addresses of pending users, compared to total number of behavior targeting addresses of users). Where max refers to taking the maximum value.

A second way of determining behavior matching features: the network behavior data comprises server serial numbers of the destination servers, and the computer equipment determines behavior matching characteristics between the server serial numbers corresponding to the undetermined users and the server serial numbers corresponding to the comparison users.

In one possible implementation, the computer device determines the same feature parameter as a behavior matching feature when at least one identical server serial number exists for the pending user and the aligned user; and when the undetermined user and the comparison user do not have the same server serial numbers, determining the difference characteristic parameters as behavior matching characteristics, wherein the same characteristic parameters are larger than the difference characteristic parameters.

For example, if at least one identical server number exists for the pending user and the aligned user, the behavior matching characteristic between server numbers is equal to 1, and if the identical server number does not exist for the pending user and the aligned user, the behavior matching characteristic between server numbers is equal to 0.

According to the method and the device for determining the behavior matching characteristics, a determination mode of the behavior matching characteristics on a plurality of different dimensions is provided, the dimensions of the behavior matching characteristics are enriched, the characteristics of finer granularity on network behaviors of the undetermined user and the comparison user are mined, and accuracy of determining the similarity degree between the undetermined user and the comparison user is improved.

It should be noted that, in one possible implementation manner, the computer device splices the acquired behavior matching features in a plurality of different dimensions, acquires the overall behavior matching feature between the undetermined user and the comparison user, and then determines the homogeneous confidence between the undetermined user and the comparison user by using the behavior matching feature acquired after splicing.

In the above two embodiments, the identity data of the user includes attribute contents in multiple dimensions, which are authority information, an identification tag, an identity data source and an identity data code amount, the identity matching feature includes identity matching features in the multiple dimensions, the network behavior data of the user includes attribute contents in the multiple dimensions, which are server serial numbers of the behavior pointing address and the destination server, respectively, the behavior matching feature includes behavior matching features in the multiple dimensions, based on which in step 1403, the computer device performs a binding operation on the identity matching features in the multiple dimensions and the behavior matching features in the multiple dimensions, and obtains a comparison vector pair between the user to be determined and the comparison user.

In an embodiment of the present application, the identity matching feature between the identity data of the pending user and the aligned user includes: (1) identity matching features between rights information; (2) identity matching features between the identification tags; (3) identity matching features between sources of identity data; (4) identity matching features between the amounts of identity data codes. The behavior matching features between the network behavior data of the undetermined user and the comparison user comprise: (5) behavior points to behavior matching features between addresses; (6) behavior matching features between server serial numbers. The computer device performs a binding operation on the six similar features to obtain a comparison vector pair between the pending user and the comparison user.

In the embodiment of the application, the characteristics of finer granularity of the undetermined user and the comparison user on the identity data and the characteristics of finer granularity on the network behavior data are mined, the dimensionalities of the identity matching characteristics and the behavior matching characteristics are enriched, and the comparison vector pairs acquired by splicing consider multiple aspects, so that the accuracy of determining the similarity degree between the undetermined user and the comparison user is improved, and the detection capability of the user is improved.

On the basis of the above embodiment, the computer device may be a server, and the server determines a plurality of users with the same user security category as the comparison user, and forms a user database with the comparison user, and then detects the user to be evaluated, which is requested to be detected by the authentication server, based on the user database.

The embodiments of the present application also provide the following examples.

1701. The authentication server sends a user identity assessment indication to the server.

The user identity evaluation indication comprises identity data of a user to be evaluated, and the user identity evaluation indication is used for requesting a server to detect a user security category to which the user to be evaluated belongs.

In one possible implementation, the authentication server parses the identity code dataset of the user to be evaluated in response to a processing instruction to the user to be evaluated, obtains identity data in the identity code dataset, and then sends a user identity evaluation instruction including the identity data to the server.

For example, before the authentication server processes the user to be evaluated, it needs to determine whether the user to be evaluated corresponds to a legal user or an illegal user, if the user to be evaluated corresponds to the legal user, it indicates that the user to be evaluated can be processed, and if the user to be evaluated corresponds to the illegal user, it indicates that the processing of the user to be evaluated brings a potential safety hazard, so the authentication server sends the user identity evaluation indication to the server to request the server to detect whether the user to be evaluated corresponds to the illegal user.

1702. The server obtains the user identity evaluation indication sent by the authentication server.

The server acquires the user identity evaluation indication sent by the authentication server and acquires the identity data of the user to be evaluated, which is carried in the user identity evaluation indication.

1703. And when the server searches any user which is the same as the identity data of the user to be evaluated in the user database, sending an evaluation result to the authentication server.

The user database comprises a plurality of users corresponding to the user security categories to which the comparison users belong, the server searches the user database for the users identical to the identity data of the users to be evaluated, and if a certain user identical to the identity data of the users to be evaluated is found, the user security categories to which the users to be evaluated belong are identical, namely, the users to be evaluated correspond to the user security categories corresponding to the user database, the server sends an evaluation result to the authentication server, and the evaluation result is used for representing the user security categories corresponding to the user database of the users to be evaluated.

If the server does not find any user which is the same as the identity data of the user to be evaluated in the user database, another evaluation result is sent to the authentication server, wherein the evaluation result is used for representing that the user to be evaluated does not correspond to the user security category corresponding to the user database.

For example, the user database includes a plurality of users corresponding to illegal users, the user identity evaluation indication is used for requesting to detect whether the user to be evaluated corresponds to the illegal user, if the server finds the user which is the same as the identity data of the user to be evaluated in the user database, the server indicates that the user to be evaluated also corresponds to the illegal user, and the server notifies the authentication server that the user to be evaluated corresponds to the illegal user.

1704. The authentication server obtains the evaluation result sent by the server.

In one possible implementation, the evaluation result is used to characterize that the user to be evaluated corresponds to an illegal user, and the authentication server displays a prompt message, where the prompt message is used to prompt that the user to be evaluated corresponds to the illegal user, so as to prompt the user not to process the user to be evaluated. Alternatively, the authentication server stops processing the user to be evaluated, and displays a processing failure message for prompting processing failure due to correspondence of the user to be evaluated to an illegal user.

In addition, in order to further increase the security of the artificial intelligence platform, the foregoing step 105 may be implemented by the following detailed embodiments.

401. After receiving an access request sent by a user terminal, the artificial intelligent platform adds the access request to a task list;

402. the artificial intelligent platform receives the content to be fed back corresponding to the access request pushed by the computer equipment; the content to be fed back is obtained by encapsulating platform content corresponding to the access request after the computer equipment monitors the access request in the task list;

403. after receiving a first encryption strategy sent by a user terminal, the artificial intelligent platform de-encapsulates content to be fed back according to the first encryption strategy to obtain platform content, and returns the obtained platform content to the user terminal; wherein the first encryption policy sent by the user terminal is transmitted to the user terminal.

Optionally, when the artificial intelligence platform receives the content to be fed back corresponding to the access request pushed by the computer device, the method further includes:

the artificial intelligent platform receives a third encryption strategy corresponding to the content to be fed back, which is pushed by the computer equipment; the third encryption strategy is obtained by packaging the second encryption strategy by using the first encryption strategy, and the second encryption strategy is a secret key used when the platform content is packaged;

the artificial intelligence platform unpacks the content to be fed back according to a first encryption strategy to obtain platform content, and the method comprises the following steps:

The artificial intelligent platform uses the first encryption strategy to decapsulate the third encryption strategy to obtain a second encryption strategy; and decapsulating the content to be fed back by using the obtained second encryption strategy to obtain platform content.

Optionally, before the artificial intelligence platform decapsulates the content to be fed back according to the first encryption policy to obtain the platform content, the artificial intelligence platform further includes:

the artificial intelligent platform receives an equipment authentication tag sent by a user terminal; wherein the device authentication tag is transmitted to the user terminal by the computer device;

and the artificial intelligent platform authenticates the user terminal according to the equipment authentication tag and determines that the authentication of the user terminal is passed.

The embodiments of the present application also provide the following examples.

501. After monitoring the access request in the task list, the computer equipment determines platform content corresponding to the access request, and encapsulates the determined platform content to obtain content to be fed back; the access request is added to the task list after the artificial intelligent platform receives the access request sent by the user terminal;

502. the computer equipment transmits the content to be fed back to the artificial intelligent platform, and transmits the generated first encryption strategy to the user terminal, so that the user terminal transmits the first encryption strategy to the artificial intelligent platform, the artificial intelligent platform de-encapsulates the content to be fed back according to the first encryption strategy to obtain platform content, and the platform content is returned to the user terminal.

Optionally, the computer device encapsulates the determined platform content to obtain the content to be fed back, including:

and the computer equipment encapsulates the determined platform content by using a second encryption strategy to obtain the content to be fed back.

Optionally, before the computer device transmits the content to be fed back to the artificial intelligence platform, the method further includes:

the computer equipment generates a first encryption strategy, and encapsulates the second encryption strategy by using the first encryption strategy to obtain a third encryption strategy;

when the computer equipment transmits the content to be fed back to the artificial intelligence platform, the method further comprises the following steps:

the computer equipment transmits the third encryption strategy to the artificial intelligent platform, so that the artificial intelligent platform uses the first encryption strategy to unpack the third encryption strategy to obtain a second encryption strategy, and uses the second encryption strategy to unpack the content to be fed back to obtain the platform content.

Optionally, when the computer device transmits the generated first encryption policy to the user terminal, the method further includes:

the computer equipment transmits the generated equipment authentication tag to the user terminal so that the user terminal sends the first encryption strategy and the equipment authentication tag to the artificial intelligent platform, and the artificial intelligent platform unpacks the third encryption strategy by using the first encryption strategy to obtain the second encryption strategy after the authentication of the user terminal is passed by the artificial intelligent platform according to the equipment authentication tag.

Optionally, the computer device transmits the first encryption policy and the generated device authentication tag to the user terminal according to the following manner:

the computer device transmits the first encryption policy and the device authentication tag to the authentication server, which forwards the first encryption policy and the device authentication tag to the user terminal.

Based on the same inventive concept, the embodiment of the present application further provides a data transmission device, and since the principle of the device for solving the problem is similar to that of the data transmission method, the implementation of the device can refer to the implementation of the method, and the repetition is omitted.

The embodiment of the invention provides a computer device 100, wherein the computer device 100 comprises a processor and a nonvolatile memory storing computer instructions, and when the computer instructions are executed by the processor, the computer device 100 executes the user big data security analysis method for an artificial intelligent platform. As shown in fig. 2, fig. 2 is a block diagram of a computer device 100 according to an embodiment of the present invention. The computer device 100 comprises a memory 111, a processor 112 and a communication unit 113.

For data transmission or interaction, the memory 111, the processor 112 and the communication unit 113 are electrically connected to each other directly or indirectly. For example, the elements may be electrically connected to each other via one or more communication buses or signal lines.

The foregoing description, for purpose of explanation, has been presented with reference to particular embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical application, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated. The foregoing description, for purpose of explanation, has been presented with reference to particular embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical application, to thereby enable others skilled in the art to best utilize the disclosure and various embodiments with various modifications as are suited to the particular use contemplated.

Claims

1. The user big data safety analysis method for the artificial intelligent platform is characterized by comprising the following steps of:

responding to an access request for an artificial intelligent platform, and acquiring platform operation and maintenance evaluation data of the artificial intelligent platform;

Inputting the platform operation and maintenance evaluation data into a pre-trained platform operation and maintenance evaluation model to obtain a platform operation and maintenance evaluation result of the artificial intelligent platform;

transmitting the access request to the artificial intelligence platform when the user security class of the undetermined user is characterized as a legal user;

determining platform content corresponding to the access request, and returning the platform content to a user terminal corresponding to the undetermined user;

the determining the user security category of the pending user initiating the access request according to the identity data and the network behavior data of the plurality of users comprises the following steps: acquiring identity data and network behavior data of a plurality of users, wherein the identity data is identity information used for representing the users, the network behavior data and the identity data are in corresponding relation, and the plurality of users comprise undetermined users to be evaluated and comparison users of preset user security categories;

Determining identity matching characteristics between the identity data of the undetermined user and the identity data of the comparison user, and behavior matching characteristics between the network behavior data of the undetermined user and the network behavior data of the comparison user, wherein the identity data comprises attribute contents of at least one identity attribute, the identity matching characteristics comprise first attribute characteristics on the at least one identity attribute, the network behavior data comprise attribute contents of at least one behavior attribute, and the behavior matching characteristics comprise second attribute characteristics on the at least one behavior attribute;

based on the sequence of the at least one identity attribute and the at least one behavior attribute, binding operation is carried out on a first attribute feature on the at least one identity attribute and a second attribute feature on the at least one behavior attribute, and a comparison vector pair between the to-be-determined user and the comparison user is obtained;

based on a comparison vector pair identification model, performing identification classification operation on the comparison vector pair, and acquiring a homogeneous confidence coefficient between the undetermined user and the comparison user;

the comparison vector pair recognition model is obtained through training in the following mode, and comprises the following steps of: acquiring a sample comparison vector pair between a first preset sample user and a second preset sample user and a sample homogeneity confidence between the first preset sample user and the second preset sample user; performing a recognition classification operation on the sample comparison vector pair based on the comparison vector pair recognition model, and acquiring a reference homogeneity confidence between the first preset sample user and the second preset sample user; training the pair of alignment vectors based on the reference homogeneity confidence and the sample homogeneity confidence;

When the homogeneity confidence between the undetermined user and the comparison user meets a preset confidence threshold, determining that the undetermined user corresponds to the user security category to which the comparison user belongs;

the determining the platform content corresponding to the access request and returning the platform content to the user terminal corresponding to the undetermined user comprises the following steps:

after monitoring an access request in a task list, determining platform content corresponding to the access request, and packaging the determined platform content by using a second encryption strategy to obtain content to be fed back; the access request is added to the task list after the artificial intelligent platform receives the access request sent by the user terminal;

generating a first encryption strategy, and packaging the second encryption strategy by using the first encryption strategy to obtain a third encryption strategy;

transmitting the content to be fed back to the artificial intelligent platform, and transmitting the third encryption strategy to the artificial intelligent platform, so that the artificial intelligent platform uses the first encryption strategy to unpack the third encryption strategy to obtain the second encryption strategy;

The second encryption strategy is used for decapsulating the content to be fed back to obtain platform content, and the generated first encryption strategy is transmitted to the user terminal;

transmitting the generated equipment authentication tag to the user terminal so that the user terminal transmits the first encryption strategy and the equipment authentication tag to the artificial intelligent platform, after the user terminal is authenticated by the artificial intelligent platform according to the equipment authentication tag, using the first encryption strategy to decapsulate the third encryption strategy to obtain the second encryption strategy, so that the user terminal transmits the first encryption strategy to the artificial intelligent platform, and the artificial intelligent platform decapsulates the content to be fed back according to the first encryption strategy to obtain platform content and returns the platform content to the user terminal.

2. The method of claim 1, wherein the number of said aligned users is plural, and the user security categories to which plural said aligned users belong are the same;

when the homogeneity confidence between the undetermined user and the comparison user meets a preset confidence threshold, determining that the undetermined user corresponds to a user security category to which the comparison user belongs, including:

Determining vector distances between the undetermined user and the plurality of comparison users based on the homogeneity confidence between each two users in the undetermined user and the plurality of comparison users, wherein the vector distances have a forward relation with the homogeneity confidence between each two users;

and when the vector distance reaches a preset distance threshold, determining that the undetermined user corresponds to a plurality of user security categories to which the comparison user belongs.

3. The method of claim 1, wherein the identity data and the network behavior data each comprise a plurality of attribute content; when the homogeneity confidence between the undetermined user and the comparison user meets a preset confidence threshold, determining that the undetermined user corresponds to a user security category to which the comparison user belongs, including:

when an overlapping attribute exists between the undetermined user and the comparison user and the homogeneity confidence between the undetermined user and the comparison user reaches a homogeneity confidence threshold, determining that the undetermined user corresponds to a user security category to which the comparison user belongs, wherein the overlapping attribute means that the same attribute content exists;

The comparison user comprises a non-associated user and an associated user, the overlapping attribute does not exist between the undetermined user and the non-associated user, and the overlapping attribute exists between the undetermined user and the associated user;

the determining the identity matching characteristic between the identity data of the undetermined user and the identity data of the comparison user, and the behavior matching characteristic between the network behavior data of the undetermined user and the network behavior data of the comparison user comprises the following steps:

determining identity matching characteristics between the identity data of the undetermined user and the identity data of the associated user, and behavior matching characteristics between the network behavior data of the undetermined user and the network behavior data of the associated user;

when there is an overlapping attribute between the undetermined user and the comparison user and the homogeneity confidence between the undetermined user and the comparison user reaches a homogeneity confidence threshold, determining that the undetermined user corresponds to a user security category to which the comparison user belongs, including:

when the homogeneity confidence between the undetermined user and the associated user reaches the homogeneity confidence threshold, determining that the undetermined user corresponds to the user security category to which the associated user belongs;

Before determining the identity matching feature between the identity data of the pending user and the identity data of the comparison user and the behavior matching feature between the network behavior data of the pending user and the network behavior data of the comparison user, the method further includes:

determining a homogeneity confidence between the non-associated user and the associated user, wherein a user security category to which the non-associated user belongs is already determined, a user security category to which the associated user belongs is not yet determined, and the overlapping attribute exists between the non-associated user and the associated user;

and when the homogeneity confidence between the non-associated user and the associated user reaches the homogeneity confidence threshold, determining that the associated user corresponds to a user security category to which the non-associated user belongs.

4. The method of claim 1, wherein after determining that the pending user corresponds to a user security category to which the alignment user belongs when a degree of confidence in the identity between the pending user and the alignment user satisfies a preset confidence threshold, the method further comprises:

acquiring a user identity evaluation indication sent by an authentication server, wherein the user identity evaluation indication comprises identity data of a user to be evaluated;

And when any user with the same identity data as the user to be evaluated is found in a user database, sending an evaluation result to the authentication server, wherein the user database comprises a plurality of users corresponding to the user security categories to which the comparison user belongs, and the evaluation result is used for representing the user to be evaluated to correspond to the user security categories corresponding to the user database.

5. The method of claim 1, wherein the determining an identity matching feature between the identity data of the pending user and the identity data of the aligned user comprises at least one of:

the identity data comprises authority information, and identity matching characteristics between the authority information of the undetermined user and the authority information of the comparison user are determined;

the identity data comprises an identity identification tag, and identity matching characteristics between the identity identification tag of the undetermined user and the identity identification tag of the comparison user are determined;

the identity data comprises an identity data source, and identity matching characteristics between the identity data source of the undetermined user and the identity data source of the comparison user are determined;

the identity data comprises an identity data code amount, and identity matching characteristics between the identity data code amount of the undetermined user and the identity data code amount of the comparison user are determined;

The determining the identity matching characteristic between the authority information of the undetermined user and the authority information of the comparison user comprises at least one of the following steps:

determining the identity matching characteristic based on a difference parameter between the right information of the undetermined user and the right information of the comparison user, wherein the difference parameter refers to a data parameter which is required to be modified by modifying one right information into another right information;

determining the identity matching characteristic based on the length of the description content of the same weight item in the authority information of the undetermined user and the comparison user;

determining the identity matching characteristics based on the number of the same authority description semantics in the authority information of the undetermined user and the comparison user;

determining the identity matching feature based on the number of rights description semantics corresponding to the same rights display format in the rights information of the undetermined user and the comparison user;

the determining the identity matching characteristic between the identification label of the undetermined user and the identification label of the comparison user comprises the following steps:

when the identity identification label of the undetermined user is the same as that of the comparison user, determining the identity matching characteristic based on the number of the users with the identity identification label, wherein the identity matching characteristic is inversely related to the number of the users with the identity identification label, and the number of the users with the identity identification label;

When the identification labels of the undetermined user and the comparison user are different and the difference value of the holding user numbers is smaller than a holding user number threshold value, determining the identity matching feature based on the maximum value of the holding user numbers corresponding to the undetermined user and the comparison user, wherein the identity matching feature is in negative correlation with the maximum value;

when the identification labels of the undetermined user and the comparison user are different and the difference value of the holding user number is not smaller than the threshold value of the holding user number, determining a preset target parameter as the identification matching characteristic;

the determining of the identity matching feature between the identity data source of the pending user and the identity data source of the comparison user comprises at least one of the following:

determining the identity matching feature based on the lengths of the description contents of the same rights in the identity data sources of the undetermined user and the comparison user;

and determining the identity matching feature based on source information corresponding to the identity data sources of the undetermined user and the comparison user, wherein the source information corresponding to the identity data sources represents the probability that the identity data source corresponds to each of a plurality of target sources.

6. The method of claim 1, wherein determining behavior matching characteristics between the network behavior data of the pending user and the network behavior data of the comparison user comprises at least one of:

the network behavior data comprises behavior directing addresses, the behavior matching characteristics are determined based on the number of the same behavior directing addresses of the undetermined user and the comparison user, and the behavior directing addresses refer to target network addresses contained in the network behavior data;

the network behavior data comprises a server serial number of a destination server, and when at least one same server serial number exists between the undetermined user and the comparison user, the same characteristic parameters are determined to be the behavior matching characteristics;

and when the undetermined user and the comparison user do not have the same server serial numbers, determining the difference characteristic parameters as the behavior matching characteristics, wherein the same characteristic parameters are larger than the difference characteristic parameters, and the target server comprises a target number of devices with earlier historical execution records in a plurality of devices for processing the user.

7. The method of claim 1, wherein transmitting the first encryption policy and the generated device authentication tag to the user terminal is accomplished by:

Transmitting the first encryption policy and the device authentication tag to an authentication server, which forwards the first encryption policy and the device authentication tag to the user terminal.

8. A server system comprising a server for performing the user big data security analysis method for an artificial intelligence platform according to any of claims 1-7.