CN116522357A - Confidentiality risk method based on informationized user behavior data - Google Patents

Confidentiality risk method based on informationized user behavior data Download PDF

Info

Publication number
CN116522357A
CN116522357A CN202310369405.1A CN202310369405A CN116522357A CN 116522357 A CN116522357 A CN 116522357A CN 202310369405 A CN202310369405 A CN 202310369405A CN 116522357 A CN116522357 A CN 116522357A
Authority
CN
China
Prior art keywords
data
user
user behavior
behavior data
verified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310369405.1A
Other languages
Chinese (zh)
Inventor
南卫兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202310369405.1A priority Critical patent/CN116522357A/en
Publication of CN116522357A publication Critical patent/CN116522357A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation
    • G06F16/9574Browsing optimisation, e.g. caching or content distillation of access to content, e.g. by caching
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a security risk method based on informationized user behavior data, which comprises the following steps: randomly selecting an unencrypted initial user behavior data as data to be verified, converting the data to be verified into a bit encryption relation function, calculating a verification code of the data to be verified, and acquiring encrypted data corresponding to the data to be verified as encrypted data to be verified; obtaining decryption data corresponding to the data to be verified as decryption data to be verified; based on the data to be checked and the check code, checking the encrypted data to be checked and the decrypted data to be checked to obtain a first check result and a second check result; if the first checking result is the same as the second checking result, the data to be checked is safe; if the data to be checked are different, the data to be checked are tampered. The invention can identify whether the user behavior data is tampered or not, thereby facilitating enterprise management personnel to take security measures to carry out encryption protection on subsequent user behavior data and avoiding that more user behavior data are tampered.

Description

Confidentiality risk method based on informationized user behavior data
Technical Field
The invention relates to the technical field of information confidentiality, in particular to a confidentiality risk method based on informationized user behavior data.
Background
With the development of big data age and computer technology, more and more users will generate action data, such as user behavior data, during business interaction. However, there are some malicious attackers in today's networks that begin to tamper with user behavior data for malicious competition. This behaviour is two jeopardized, firstly, the attacker adds false browsing records or transaction records for the user on a certain platform or application, which can make the behaviour data of the user rejected by some institutions. Secondly, the privacy of the user is also revealed to an attacker, and the trust evaluation and privacy security of the user are greatly jeopardized.
Therefore, how to identify whether the user behavior data is tampered becomes a problem to be solved.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, an object of the present invention is to provide a security risk method based on informationized user behavior data for solving the problem of how to identify whether the user behavior data is tampered with.
To achieve the above and other related objects, the present invention provides a security risk method based on informationized user behavior data, the method comprising the steps of:
acquiring user behavior data;
randomly selecting an unencrypted initial user behavior data as data to be verified, and converting the data to be verified into a bit encryption relation function, wherein the method comprises the following steps: z (x) =z n ·2 n +Z n-1 ·2 n-1 +…+Z 0 ·2 0 The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is n ~Z 0 N+1 bits coexisting in the user behavior data, n being a natural number;
calculating a check code T of the data to be checked based on the bit encryption relation function, wherein the check code T comprises the following components: t=z (x) ·2 8 ·(2 n +2 n-1 +…+2 0 );
Acquiring encrypted data corresponding to the data to be verified, and recording the encrypted data as the encrypted data to be verified; obtaining decryption data corresponding to the data to be verified, and recording the decryption data as the decryption data to be verified;
based on the data to be verified and the verification code, verifying the encrypted data to be verified to obtain a first verification result; and verifying the decryption data to be verified based on the data to be verified and the verification code to obtain a second verification result;
comparing the first checking result with the second checking result, and judging whether the first checking result is identical with the second checking result or not;
if the first checking result is the same as the second checking result, marking the confidentiality risk of the data to be checked as safe;
if the first checking result is different from the second checking result, marking the confidentiality risk of the data to be checked as tamper.
Optionally, before acquiring the encrypted data to be verified and the decrypted data to be verified, the method further includes:
randomly selecting two prime numbers with different storage values from a database for caching the user behavior data, and respectively marking the prime numbers as a first prime number and a second prime number;
calculating an Euler function of a block chain encryption algorithm according to the first prime number and the second prime number;
generating an encryption value interval by taking the Euler function as an interval maximum value and the minimum positive integer as an interval minimum value;
randomly selecting a numerical value from the encryption value interval as an encryption key of the blockchain encryption algorithm, and carrying out blockchain encryption on the user behavior data based on the encryption key to obtain encrypted user behavior data;
calculating a decryption key of the blockchain encryption algorithm based on the encryption key and the Euler function, and decrypting the encrypted user behavior data subjected to blockchain encryption by using the decryption key to obtain decrypted user behavior data;
screening out encrypted user behavior data corresponding to the data to be verified to obtain the encrypted data to be verified; and screening out the decrypted user behavior data corresponding to the data to be verified, and obtaining the decrypted data to be verified.
Optionally, when calculating a decryption key of the blockchain encryption algorithm based on the encryption key and the euler function, the encryption key, the euler function, and the corresponding decryption key satisfy: e×d×mod [ phi (n) ]=1; where phi (n) represents the Euler function, e represents the encryption key, and d represents the decryption key.
Optionally, the process of acquiring the user behavior data includes:
receiving a control instruction when a user triggers an Internet communication service, and recording the control instruction as a communication service instruction;
responding to the communication service instruction, displaying a data permission protocol on an Internet communication service display interface, and displaying an accept control button and an not accept control button which are associated with the data permission protocol;
responding to an accept control button instruction selected by a user on the Internet communication service display interface, and caching user behavior data generated by the user when the user subsequently uses the Internet communication service as user behavior data to be subjected to security processing; or alternatively, the process may be performed,
responding to an instruction of a non-accepted control button selected by a user on the Internet communication service display interface, closing the Internet communication service display interface, and stopping caching user behavior data generated by the user when the user subsequently uses the Internet communication service;
when a user selects an accept control button on the Internet communication service display interface, generating an accept control button instruction; and when the user selects the non-acceptance control button on the Internet communication service display interface, generating the non-acceptance control button instruction.
Optionally, before responding to the instruction of accepting the control button selected by the user on the internet communication service display interface, or before responding to the instruction of not accepting the control button selected by the user on the internet communication service display interface, the method further comprises:
recording the display time of the data permission protocol as real-time display time;
comparing the real-time display time with a preset display time, closing the Internet communication service display interface when the real-time display time is larger than the preset display time, and stopping caching user behavior data generated by the user when the user subsequently uses the Internet communication service;
if the real-time display time is smaller than or equal to the preset display time, judging whether the user selects a control button to accept or does not accept on the Internet communication service display interface;
if the user selects an accept control button on the Internet communication service display interface, generating an accept control button instruction;
if the user selects the non-acceptance control button on the Internet communication service display interface, generating a non-acceptance control button instruction;
and if the user does not select the accept control button on the Internet communication service display interface and does not select the accept control button, re-recording the display time of the data permission protocol.
Optionally, in acquiring the user behavior data, the method further includes:
vectorizing the user behavior data to generate a user behavior data vector;
constructing a user element portrait based on the user behavior data vector, and clustering the user element portrait to form a plurality of element portrait clusters;
labeling each meta-portrait cluster to generate a user behavior label;
the user behavior data and the user behavior labels are input into a neural network model together for training, and a user portrait model is generated;
and identifying the user behavior data by using the user portrait model to generate a corresponding user portrait.
Optionally, after generating the user image, the method further comprises:
obtaining geographic position information and terminal equipment information when the user behavior data are generated;
correlating the geographic position information, the terminal equipment information and the user image, and recommending target information to the user based on a correlation result; wherein the target information includes at least one of: graphic information, audio information, video information.
Optionally, the vectorizing process is performed on the user behavior data, and the process of generating the user behavior data vector includes:
cleaning the user behavior data to obtain cleaned user behavior data;
vectorization processing is carried out based on the cleaned user behavior data, and a user behavior data vector is generated;
wherein, when cleaning the user behavior data, the method comprises the following steps: performing word segmentation processing on the user behavior data, performing stop word deletion processing on the user behavior data, and performing sensitive word filtering processing on the user behavior data.
Optionally, the internet communication service includes: an internet website platform communication service, an internet application program communication service; the user behavior data includes: network data generated when a user generates a use behavior on an internet website platform and network data generated when a user generates a use behavior on an internet application.
Optionally, the usage behavior includes at least one of: browsing behavior, searching behavior, clicking behavior, purchasing behavior, comment behavior, sharing behavior.
As described above, the present invention provides a security risk method based on informationized user behavior data, which has the following beneficial effects: firstly, acquiring user behavior data, randomly selecting unencrypted initial user behavior data as data to be checked, converting the data to be checked into a bit encryption relation function, and calculating a check code of the data to be checked based on the bit encryption relation function; simultaneously acquiring encrypted data corresponding to the data to be verified, and recording the encrypted data as the encrypted data to be verified; obtaining decryption data corresponding to the data to be verified, and recording the decryption data as the decryption data to be verified; based on the data to be verified and the verification code, verifying the encrypted data to be verified to obtain a first verification result; and verifying the decryption data to be verified based on the data to be verified and the verification code to obtain a second verification result; comparing the first checking result with the second checking result, and judging whether the first checking result is the same as the second checking result or not; if the first checking result is the same as the second checking result, marking the confidentiality risk of the data to be checked as safe; if the first checking result is different from the second checking result, marking the confidentiality risk of the data to be checked as tamper. Therefore, the invention can identify whether the user behavior data is tampered, thereby facilitating enterprise management personnel to take security measures to carry out encryption protection on the subsequent user behavior data and avoiding that more user behavior data are tampered.
Drawings
FIG. 1 is a schematic diagram of an architecture of a security risk method based on informationized user behavior data for an application according to one embodiment;
FIG. 2 is a flow chart of a security risk method based on informationized user behavior data according to an embodiment;
fig. 3 is a flowchart of acquiring user behavior data according to an embodiment.
Detailed Description
Other advantages and effects of the present invention will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present invention with reference to specific examples. The invention may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present invention. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict.
Fig. 1 illustrates a system architecture to which a security risk method based on informationized user behavior data may be applied, in accordance with an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a reverse proxy server 104, and a server 105. The terminal devices 101, 102, 103 and the reverse proxy server 104, the reverse proxy server 104 and the server 105 may communicate with each other over a network, which may include various connection types, such as wired and/or wireless communication links, etc.
The user may interact with the server 105 through the reverse proxy server 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications may be installed on the terminal devices 101, 102, 103, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients and/or social platform software, to name a few.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The reverse proxy server 104 may comprise an nmginx server. The nminux server may store corresponding data in a disk cache and use the cached data to respond to requests from clients.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the user portrait generating method provided by the embodiments of the present disclosure may be generally executed by the terminal device 101, 102, or 103. Accordingly, the user portrait generating apparatus provided by the embodiments of the present disclosure may also be provided in the terminal device 101, 102, or 103.
Alternatively, the security risk method based on the informative user behavior data provided by the embodiments of the present disclosure may also be generally performed by the server 105. The security risk method based on the informationized user behavior data provided by the embodiments of the present disclosure may also be performed by a server or a cluster of servers other than the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, reverse proxy servers and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, reverse proxy servers, and servers, as desired for implementation.
It should be noted that, the security risk method based on the informationized user behavior data provided by the embodiment of the present disclosure may be used in the technical field of data processing and the field of financial technology, for example, may perform security risk identification on user behavior data generated by a user on a website platform, an application program, a social media platform, etc., to determine whether the corresponding user behavior data is tampered.
It should be noted that the sequence numbers of the respective operations in the following methods are merely representative of the operations for the purpose of description, and should not be construed as representing the order of execution of the respective operations. The method need not be performed in the exact order shown unless explicitly stated.
Fig. 2 schematically illustrates a flow chart of a security risk method based on informationized user behavior data according to an embodiment of the disclosure. Referring to fig. 2, the present invention provides a security risk method based on informationized user behavior data, comprising the following steps:
s210, acquiring user behavior data;
s220, randomly selecting an unencrypted initial user behavior data as data to be verified, and converting the data to be verified into a bit encryption relationshipThe functions are: z (x) =z n ·2 n +Z n-1 ·2 n-1 +…+Z 0 ·2 0 The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is n ~Z 0 N+1 bits coexisting in the user behavior data, n being a natural number;
s230, calculating a check code T of the data to be checked based on the bit encryption relation function, wherein the check code T comprises the following components: t=z (x) ·2 8 ·(2 n +2 n-1 +…+2 0 );
S240, obtaining the encrypted data corresponding to the data to be verified, and recording the encrypted data as the encrypted data to be verified; obtaining decryption data corresponding to the data to be verified, and recording the decryption data as the decryption data to be verified;
s250, based on the data to be verified and the verification code, verifying the encrypted data to be verified to obtain a first verification result; and verifying the decryption data to be verified based on the data to be verified and the verification code to obtain a second verification result;
s260, comparing the first checking result with the second checking result, and judging whether the first checking result is the same as the second checking result or not; if the first checking result is the same as the second checking result, marking the confidentiality risk of the data to be checked as safe; if the first checking result is different from the second checking result, marking the confidentiality risk of the data to be checked as tamper.
Therefore, the invention verifies the original user behavior data and the encrypted user behavior data; and meanwhile, checking the user behavior data again when the data are decrypted, if the two checking results are the same, proving that the user behavior data are safe, otherwise, indicating that the tampered user behavior data exist. Therefore, the invention can identify whether the user behavior data is tampered, thereby facilitating enterprise management personnel to take security measures to carry out encryption protection on the subsequent user behavior data and avoiding that more user behavior data are tampered.
According to the above description, in an exemplary embodiment, before the encrypted data to be verified and the decrypted data to be verified are obtained, the method may further include:
randomly selecting two prime numbers with different storage values from a database for caching the user behavior data, and respectively marking the prime numbers as a first prime number and a second prime number;
calculating an Euler function of a block chain encryption algorithm according to the first prime number and the second prime number;
generating an encryption value interval by taking the Euler function as an interval maximum value and the minimum positive integer as an interval minimum value;
randomly selecting a numerical value from the encryption value interval as an encryption key of the blockchain encryption algorithm, and carrying out blockchain encryption on the user behavior data based on the encryption key to obtain encrypted user behavior data;
calculating a decryption key of the blockchain encryption algorithm based on the encryption key and the Euler function, and decrypting the encrypted user behavior data subjected to blockchain encryption by using the decryption key to obtain decrypted user behavior data;
screening out encrypted user behavior data corresponding to the data to be verified to obtain the encrypted data to be verified; and screening out the decrypted user behavior data corresponding to the data to be verified, and obtaining the decrypted data to be verified.
In this embodiment, when calculating the decryption key of the blockchain encryption algorithm based on the encryption key and the euler function, the encryption key, the euler function, and the corresponding decryption key satisfy: e×d×mod [ phi (n) ]=1; where phi (n) represents the Euler function, e represents the encryption key, and d represents the decryption key.
Specifically, the embodiment randomly formulates two larger first prime numbers h and two larger second prime numbers k in the user behavior data repository; calculating an Euler function phi (n) of a block chain encryption algorithm based on a first prime number h and the second prime number k, and: n= (h×k); phi (n) = (h-1) × (k-1). The predetermined number e represents the encryption key of the blockchain, the value azimuth of the number e is between {1, phi (n) }, d is assumed to represent the decryption key of the blockchain, and d is full at the same timeFoot identity e x d x mod [ phi (n)]=1. Encrypting the user behavior data, assuming that m represents initial data of the user behavior data and c represents behavior data obtained by storing the encrypted behavior data, then the association between the original data and the encrypted data can be described as c=m e ×mod n×d。
In an exemplary embodiment, as shown in fig. 3, the process of acquiring user behavior data includes:
s310, receiving a control instruction when a user triggers an Internet communication service, and recording the control instruction as a communication service instruction;
s320, responding to the communication service instruction, displaying a data permission protocol on an Internet communication service display interface, and displaying an acceptance control button and an non-acceptance control button which are associated with the data permission protocol;
s330, responding to an instruction of a control button selected by a user on the Internet communication service display interface, and caching user behavior data generated by the user when the user subsequently uses the Internet communication service as user behavior data to be subjected to security processing; or alternatively, the process may be performed,
s340, closing the Internet communication service display interface and stopping caching user behavior data generated by the user when the user subsequently uses the Internet communication service in response to the command of not accepting the control button selected by the user on the Internet communication service display interface;
when a user selects an accept control button on the Internet communication service display interface, generating an accept control button instruction; and when the user selects the non-acceptance control button on the Internet communication service display interface, generating the non-acceptance control button instruction.
Therefore, when the user behavior data is acquired, the user can acquire the user behavior data after receiving the data permission protocol, and if the user does not receive the data permission protocol, the user does not acquire the behavior data generated when using the internet communication service later, so that the user data privacy can be prevented from being violated. In this embodiment, the internet communication service includes: an internet website platform communication service, an internet application program communication service; the user behavior data includes: network data generated when a user generates a use behavior on an internet website platform and network data generated when a user generates a use behavior on an internet application. Among them, usage behaviors include, but are not limited to: browsing behavior, searching behavior, clicking behavior, purchasing behavior, comment behavior, sharing behavior. That is, the user behavior data in the present embodiment may be various behavior data generated when the user uses an internet product or an internet service, including, but not limited to, a click behavior, a browse behavior, a search behavior, a purchase behavior, a comment behavior, a share behavior.
In accordance with the foregoing, in an exemplary embodiment, before responding to the acceptance control button instruction selected by the user at the internet communication service display interface, or before responding to the non-acceptance control button instruction selected by the user at the internet communication service display interface, the method may further include:
recording the display time of the data permission protocol as real-time display time;
comparing the real-time display time with a preset display time, closing the Internet communication service display interface when the real-time display time is larger than the preset display time, and stopping caching user behavior data generated by the user when the user subsequently uses the Internet communication service;
if the real-time display time is smaller than or equal to the preset display time, judging whether the user selects a control button to accept or does not accept on the Internet communication service display interface;
if the user selects an accept control button on the Internet communication service display interface, generating an accept control button instruction;
if the user selects the non-acceptance control button on the Internet communication service display interface, generating a non-acceptance control button instruction;
and if the user does not select the accept control button on the Internet communication service display interface and does not select the accept control button, re-recording the display time of the data permission protocol.
Therefore, the embodiment provides the method for recording the display time of the data permission protocol, and then judges whether the user selects the accept control button or the not accept control button within the specified time, thereby avoiding the overlong display time of the display interface of the internet communication service from influencing the experience of the user using the internet communication service.
In an exemplary embodiment, in acquiring the user behavior data, the embodiment may further include: vectorizing the user behavior data to generate a user behavior data vector; constructing a user element portrait based on the user behavior data vector, and clustering the user element portrait to form a plurality of element portrait clusters; labeling each meta-portrait cluster to generate a user behavior label; the user behavior data and the user behavior labels are input into a neural network model together for training, and a user portrait model is generated; and identifying the user behavior data by using the user portrait model to generate a corresponding user portrait. After generating the user image, the embodiment may further include: obtaining geographic position information and terminal equipment information when the user behavior data are generated; correlating the geographic position information, the terminal equipment information and the user image, and recommending target information to the user based on a correlation result; wherein the target information includes at least one of: graphic information, audio information, video information.
As an example, the present embodiment may determine an expected revenue level according to the user consumption behavior data, the price corresponding to the model of the mobile terminal, and the revenue range corresponding to the common location information; and constructing a user portrait corresponding to the mobile terminal according to the expected income level. Specifically, a preset weight k1 of the user consumption behavior data, a preset weight k2 of the model of the mobile terminal and a preset weight k3 of the common position information are obtained; the estimated revenue level y is determined by: y=x1×k1+x2×k2+x3×k3, where x1 is the user consumption behavior data, x2 is the price corresponding to the model of the mobile terminal, and x3 is the income range corresponding to the common location information.
Constructing a user portrait corresponding to the mobile terminal according to the expected income level specifically comprises: judging whether the estimated income level is larger than a first preset threshold value or not; if the judgment result is yes, determining that the attribute mark of the user portrait corresponding to the mobile terminal is a first label; and if the judgment result is negative, determining that the attribute mark of the user portrait corresponding to the mobile terminal is a second label. The first tag and the second tag can be set according to the situation, for example, the first tag is a potential user, and the second tag is a non-potential user; alternatively, the first tag is a first level user, the second tag is a second level user, etc.
The embodiment of the invention adopts three dimensions to comprehensively infer the income level of the user at multiple angles, reduces the influence of subjective factors such as consumption concepts on the final speculated result, and ensures that the income level of the user is comprehensively speculated at multiple dimensions, so that the speculated result is more objective and reasonable.
And predicting the income situation of the user according to the price situation of the mobile phone brand and the specific mobile phone model used by the user on the internet. The price of the mobile phone generally accounts for 40% of the monthly income of the user, namely, the monthly income=the price of the mobile phone/0.4;
the income situation of the user is presumed according to the economic development situation of the city where the user always lives, for example, the wide and deep super first line city on the North, the income of people is 1.5 ten thousand-2 ten thousand yuan; the average income of new first-line cities such as adults, chongqing, nanjing and the like is 8 thousands to 1.5 thousands; the income of two-line urban people such as Ningbo, qingdao, xiamen and the like is 5-8 kiloyuan; the month income of other cities is 5-8 thousand;
the monthly income situation of the user is estimated according to the brand and price of the commodity purchased by the user. A. Users often purchase luxury items, and the user's monthly revenue is over 15000 yuan. B. The user income situation is presumed according to the total price of the commodity purchased by the user in month, namely, the month income=cost/0.3;
through the three dimensions, respectively giving different weights to the equipment 0.5 with different dimensions; region 0.3; cost0.2 to comprehensively analyze and infer the monthly income condition of the users. Such as: case of a certain user a: 2000 yuan for Beijing+apple 8+month shopping, the income is presumed to be:
lowest: 15000×0.3+ (7000/0.4) ×0.5+ (2000/0.3) ×02=1.4 kilowatts;
highest: 20000 x 0.3+ (7000/0.4) x 0.5+ (2000/0.3) x 0.2=1.6 ten thousand, so its monthly income is probably: 15000-20000 yuan.
The embodiment of the invention presumes the income level of the user from the region, the brand of the mobile phone equipment and consumption data in three dimensions, and the dimensions are richer and more perfect; meanwhile, three dimensions are respectively given with different weights, for example, equipment is-0.5, region is-0.3 and consumption is-0.2, so that the influence of subjective factors such as consumption concept and the like on a final result is reduced. The income level of the user is comprehensively presumed by the multidimensional different weights, and the system is more comprehensive and reasonable.
In an exemplary embodiment, the vectorizing the user behavior data, and the generating the user behavior data vector includes: cleaning the user behavior data to obtain cleaned user behavior data; vectorization processing is carried out based on the cleaned user behavior data, and a user behavior data vector is generated; wherein, when cleaning the user behavior data, the method comprises the following steps: performing word segmentation processing on the user behavior data, performing stop word deletion processing on the user behavior data, and performing sensitive word filtering processing on the user behavior data. Specifically, the process of performing vectorization processing on user behavior data in this embodiment includes: acquiring original user behavior data, judging whether the data are related to user privacy preference settings, portrait interaction preferences, ages, sexes, schools and regions, and if the data are related, dividing the data into user objective data; if the data is related to browsing content, browsing time and browsing frequency, dividing the data into user behavior data; the user objective data adopts a single-hot code to realize the data transformation of discrete variable, and vector processing is used for obtaining a user objective information vector; the user behavior data adopts a statistical method, the user behavior data is weighted and summed, the user behavior data is arranged, and a user behavior preference vector is established; and combining the user objective information vector and the user behavior preference vector to form a user portrait vector serving as a user portrait data base.
In summary, the present invention provides a security risk method based on informationized user behavior data, which includes firstly obtaining user behavior data, then randomly selecting an unencrypted initial user behavior data as data to be verified, converting the data to be verified into a bit encryption relation function, and calculating a verification code of the data to be verified based on the bit encryption relation function; simultaneously acquiring encrypted data corresponding to the data to be verified, and recording the encrypted data as the encrypted data to be verified; obtaining decryption data corresponding to the data to be verified, and recording the decryption data as the decryption data to be verified; based on the data to be verified and the verification code, verifying the encrypted data to be verified to obtain a first verification result; and verifying the decryption data to be verified based on the data to be verified and the verification code to obtain a second verification result; comparing the first checking result with the second checking result, and judging whether the first checking result is the same as the second checking result or not; if the first checking result is the same as the second checking result, marking the confidentiality risk of the data to be checked as safe; if the first checking result is different from the second checking result, marking the confidentiality risk of the data to be checked as tamper. Therefore, the invention can identify whether the user behavior data is tampered, thereby facilitating enterprise management personnel to take security measures to carry out encryption protection on the subsequent user behavior data and avoiding that more user behavior data are tampered. The invention can determine the security level of the data and take corresponding security measures by comprehensively analyzing the factors such as encryption and decryption of the data, and the like. Therefore, the security risk method in the invention can help enterprises or organizations to better manage and protect important information, reduce risk of information leakage and improve information security. In addition, the invention collects, analyzes and processes the behavior data of the user on the Internet through the information technology means so as to acquire the behavior characteristics, preference, demand and other information of the user, thereby providing more accurate marketing and service for enterprises. Specifically, the informationized user behavior data may include behavior data such as browsing, searching, clicking, purchasing, commenting, sharing, and the like of a user on a website, APP, social media, and the like, and data such as personal information, geographic location, device information, and the like of the user. Through analysis and mining of the data, enterprises can know the information of interests, consumption habits, buying will and the like of users, so that more accurate marketing strategies are formulated and higher-quality services are provided. The user behavior data can also help enterprises to conduct accurate marketing and popularization, and marketing effect is improved.
The above embodiments are merely illustrative of the principles of the present invention and its effectiveness, and are not intended to limit the invention. Modifications and variations may be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the invention. Accordingly, it is intended that all equivalent modifications and variations of the invention be covered by the claims, which are within the ordinary skill of the art, be within the spirit and scope of the present disclosure.

Claims (10)

1. A security risk method based on informationized user behavior data, comprising the steps of:
acquiring user behavior data;
randomly selecting an unencrypted initial user behavior data as data to be verified, and converting the data to be verified into a bit encryption relation function, wherein the method comprises the following steps: z (x) =z n ·2 n +Z n-1 ·2 n-1 +…+Z 0 ·2 0 The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is n ~Z 0 N+1 bits coexisting in the user behavior data, n being a natural number;
calculating a check code T of the data to be checked based on the bit encryption relation function, wherein the check code T comprises the following components: t=z (x) ·2 8 ·(2 n +2 n -1 +…+2 0 );
Acquiring encrypted data corresponding to the data to be verified, and recording the encrypted data as the encrypted data to be verified; obtaining decryption data corresponding to the data to be verified, and recording the decryption data as the decryption data to be verified;
based on the data to be verified and the verification code, verifying the encrypted data to be verified to obtain a first verification result; and verifying the decryption data to be verified based on the data to be verified and the verification code to obtain a second verification result;
comparing the first checking result with the second checking result, and judging whether the first checking result is identical with the second checking result or not;
if the first checking result is the same as the second checking result, marking the confidentiality risk of the data to be checked as safe;
if the first checking result is different from the second checking result, marking the confidentiality risk of the data to be checked as tamper.
2. The method of claim 1, further comprising, prior to obtaining the encrypted data to be verified and the decrypted data to be verified:
randomly selecting two prime numbers with different storage values from a database for caching the user behavior data, and respectively marking the prime numbers as a first prime number and a second prime number;
calculating an Euler function of a block chain encryption algorithm according to the first prime number and the second prime number;
generating an encryption value interval by taking the Euler function as an interval maximum value and the minimum positive integer as an interval minimum value;
randomly selecting a numerical value from the encryption value interval as an encryption key of the blockchain encryption algorithm, and carrying out blockchain encryption on the user behavior data based on the encryption key to obtain encrypted user behavior data;
calculating a decryption key of the blockchain encryption algorithm based on the encryption key and the Euler function, and decrypting the encrypted user behavior data subjected to blockchain encryption by using the decryption key to obtain decrypted user behavior data;
screening out encrypted user behavior data corresponding to the data to be verified to obtain the encrypted data to be verified; and screening out the decrypted user behavior data corresponding to the data to be verified, and obtaining the decrypted data to be verified.
3. The method of claim 2, wherein when calculating a decryption key for the blockchain encryption algorithm based on the encryption key and the euler function, the encryption key, euler function, and corresponding decryption key satisfy: e×d×mod [ phi (n) ]=1; where phi (n) represents the Euler function, e represents the encryption key, and d represents the decryption key.
4. A security risk method based on informative user behaviour data according to any one of claims 1 to 3, wherein the process of obtaining user behaviour data comprises:
receiving a control instruction when a user triggers an Internet communication service, and recording the control instruction as a communication service instruction;
responding to the communication service instruction, displaying a data permission protocol on an Internet communication service display interface, and displaying an accept control button and an not accept control button which are associated with the data permission protocol;
responding to an accept control button instruction selected by a user on the Internet communication service display interface, and caching user behavior data generated by the user when the user subsequently uses the Internet communication service as user behavior data to be subjected to security processing; or alternatively, the process may be performed,
responding to an instruction of a non-accepted control button selected by a user on the Internet communication service display interface, closing the Internet communication service display interface, and stopping caching user behavior data generated by the user when the user subsequently uses the Internet communication service;
when a user selects an accept control button on the Internet communication service display interface, generating an accept control button instruction; and when the user selects the non-acceptance control button on the Internet communication service display interface, generating the non-acceptance control button instruction.
5. The method of claim 4, wherein before accepting control button instructions in response to user selection at the internet communication service display interface or before not accepting control button instructions in response to user selection at the internet communication service display interface, the method further comprises:
recording the display time of the data permission protocol as real-time display time;
comparing the real-time display time with a preset display time, closing the Internet communication service display interface when the real-time display time is larger than the preset display time, and stopping caching user behavior data generated by the user when the user subsequently uses the Internet communication service;
if the real-time display time is smaller than or equal to the preset display time, judging whether the user selects a control button to accept or does not accept on the Internet communication service display interface;
if the user selects an accept control button on the Internet communication service display interface, generating an accept control button instruction;
if the user selects the non-acceptance control button on the Internet communication service display interface, generating a non-acceptance control button instruction;
and if the user does not select the accept control button on the Internet communication service display interface and does not select the accept control button, re-recording the display time of the data permission protocol.
6. The method of claim 1, wherein upon obtaining user behavior data, the method further comprises:
vectorizing the user behavior data to generate a user behavior data vector;
constructing a user element portrait based on the user behavior data vector, and clustering the user element portrait to form a plurality of element portrait clusters;
labeling each meta-portrait cluster to generate a user behavior label;
the user behavior data and the user behavior labels are input into a neural network model together for training, and a user portrait model is generated;
and identifying the user behavior data by using the user portrait model to generate a corresponding user portrait.
7. The method of claim 6, further comprising, after generating the user image:
obtaining geographic position information and terminal equipment information when the user behavior data are generated;
correlating the geographic position information, the terminal equipment information and the user image, and recommending target information to the user based on a correlation result; wherein the target information includes at least one of: graphic information, audio information, video information.
8. A security risk method based on informationized user behavior data according to claim 6 or 7, wherein the process of vectorizing the user behavior data to generate a user behavior data vector comprises:
cleaning the user behavior data to obtain cleaned user behavior data;
vectorization processing is carried out based on the cleaned user behavior data, and a user behavior data vector is generated;
wherein, when cleaning the user behavior data, the method comprises the following steps: performing word segmentation processing on the user behavior data, performing stop word deletion processing on the user behavior data, and performing sensitive word filtering processing on the user behavior data.
9. The method of claim 4, wherein the internet communication service comprises: an internet website platform communication service, an internet application program communication service; the user behavior data includes: network data generated when a user generates a use behavior on an internet website platform and network data generated when a user generates a use behavior on an internet application.
10. The method of claim 9, wherein the usage behavior comprises at least one of: browsing behavior, searching behavior, clicking behavior, purchasing behavior, comment behavior, sharing behavior.
CN202310369405.1A 2023-04-07 2023-04-07 Confidentiality risk method based on informationized user behavior data Pending CN116522357A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310369405.1A CN116522357A (en) 2023-04-07 2023-04-07 Confidentiality risk method based on informationized user behavior data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310369405.1A CN116522357A (en) 2023-04-07 2023-04-07 Confidentiality risk method based on informationized user behavior data

Publications (1)

Publication Number Publication Date
CN116522357A true CN116522357A (en) 2023-08-01

Family

ID=87405564

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310369405.1A Pending CN116522357A (en) 2023-04-07 2023-04-07 Confidentiality risk method based on informationized user behavior data

Country Status (1)

Country Link
CN (1) CN116522357A (en)

Similar Documents

Publication Publication Date Title
US11886555B2 (en) Online identity reputation
US10862843B2 (en) Computerized system and method for modifying a message to apply security features to the message's content
US20190147461A1 (en) Methods and apparatus to estimate total audience population distributions
US11468448B2 (en) Systems and methods of providing security in an electronic network
US20170324760A1 (en) Security weakness and infiltration detection and repair in obfuscated website content
JP2017091515A (en) Computer-implemented system and method for automatically identifying attributes for anonymization
WO2018107459A1 (en) Methods and apparatus to estimate media impression frequency distributions
US20140287723A1 (en) Mobile Applications For Dynamic De-Identification And Anonymity
JP2016511891A (en) Privacy against sabotage attacks on large data
Zhu et al. Understanding identity exposure in pervasive computing environments
JP2019509577A (en) System and method for identifying matching content
CN115087967A (en) Electronic multi-tenant data management system
Tu et al. From fingerprint to footprint: Cold-start location recommendation by learning user interest from app data
Jardine The trouble with (supply-side) counts: the potential and limitations of counting sites, vendors or products as a metric for threat trends on the Dark Web
Krupp et al. An analysis of web tracking domains in mobile applications
US20240089177A1 (en) Heterogeneous Graph Clustering Using a Pointwise Mutual Information Criterion
Ullah et al. Protecting private attributes in app based mobile user profiling
Kou et al. Trust‐Based Missing Link Prediction in Signed Social Networks with Privacy Preservation
CN116522357A (en) Confidentiality risk method based on informationized user behavior data
JP7250112B2 (en) Using crowdsourcing to combat disinformation
Masood et al. Tracking and Personalization.
Riederer Location Data: Perils, Profits, Promise
CN105099993A (en) Data interaction method based on proxy platform and device and system thereof
Auliya et al. A review on smartphone usage data for user identification and user profiling
CN114004456B (en) Data tag calculation method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination