CN116582369B - Willingness authentication method for online subscription - Google Patents
Willingness authentication method for online subscription Download PDFInfo
- Publication number
- CN116582369B CN116582369B CN202310855129.XA CN202310855129A CN116582369B CN 116582369 B CN116582369 B CN 116582369B CN 202310855129 A CN202310855129 A CN 202310855129A CN 116582369 B CN116582369 B CN 116582369B
- Authority
- CN
- China
- Prior art keywords
- distance
- server
- maintenance
- standby
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012423 maintenance Methods 0.000 claims abstract description 193
- 238000012795 verification Methods 0.000 claims abstract description 63
- 238000012512 characterization method Methods 0.000 claims description 61
- 238000013528 artificial neural network Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 abstract description 10
- 238000010276 construction Methods 0.000 abstract description 7
- 238000012545 processing Methods 0.000 abstract description 3
- 230000000875 corresponding effect Effects 0.000 description 16
- 238000004364 calculation method Methods 0.000 description 8
- 238000012549 training Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000002596 correlated effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000011478 gradient descent method Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000000513 principal component analysis Methods 0.000 description 1
- 238000012847 principal component analysis method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2415—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/213—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
- G06F18/2135—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods based on approximation criteria, e.g. principal component analysis
Abstract
The invention relates to the technical field of data processing, in particular to a method for willingness authentication of online subscription; and acquiring the daily access quantity of the default server corresponding to the online contracted domain name and the operation and maintenance information of the standby server, and the distance between the servers. And obtaining an access pressure critical value according to the difference of the daily access quantity when the standby server is started or not, and analyzing the load level of the default server. Analyzing the comprehensive construction level of the server site according to the operation and maintenance level index; enabling the correlation between the standby server and the distance according to the historical distance correlation coefficient analysis; and enabling the correlation between the standby server and the operation and maintenance level according to the historical operation and maintenance correlation coefficient analysis. Finally, the probability of acquiring the malicious links by analyzing the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient is improved, the accuracy of judging domain name hijacking is improved, the safety of online signing of the user is further improved, and the signing willingness of the user is ensured.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a willingness authentication method for online subscription.
Background
Online signing is a method for signing or authorizing users remotely on line, but many potential safety hazards exist in the online signing process, such as identity forging, network attack, technical loopholes and the like. The common scenario is that malicious links are mixed in signed verification links, so that a user is very likely to be stolen about personal information and rights by phishing websites, and the user information is revealed and property loss is caused; and analyzing the unknown link to further judge whether the user has willingness to sign up on the unknown link, namely, willingness authentication, and considering that the user does not have willingness to sign up when the unknown link is analyzed as a malicious link.
For the most common scene in the online subscription potential safety hazard, the DNS domain name system hijacking is also called domain name hijacking, which means that an attacker falsifies the resolution result of the domain name by utilizing an attack means, so that the IP of the domain name becomes another IP, and the access to the corresponding website is hijacked to another false website, thereby realizing the purpose of illegally stealing user information. The security of signing process is difficult to guarantee when domain name hijacking occurs, because the binding relationship between domain name and IP is not one-to-one, and the server often has the condition that the standby server is enabled to split with higher access pressure, therefore malicious links cannot be detected directly according to the IP list, the accuracy of willingness analysis of online signing of users is affected, information leakage and property loss are easily caused, and the security of online signing of users is poor.
Disclosure of Invention
In order to solve the problem that malicious links cannot be detected directly according to an IP list, and the accuracy of online subscription willingness analysis of a user is affected, the online subscription security of the user is poor, the invention aims to provide an online subscription willingness authentication method, which adopts the following specific technical scheme:
acquiring daily access quantity of a default server of a domain name signed on line and operation and maintenance information of a standby server; acquiring the distance between a default server and a standby server; obtaining an access pressure critical value of the default server according to the difference characteristic of the daily access quantity of whether the standby server is started or not; obtaining an operation and maintenance level index of the standby server according to the operation and maintenance information of the standby server;
obtaining a history distance correlation coefficient of the domain name according to the distance characteristic of the default server and the standby server and the difference characteristic of the daily access quantity of whether the standby server is started or not; obtaining a historical operation and maintenance correlation coefficient of the domain name according to whether the difference characteristic of the daily access quantity of the standby server and the difference characteristic of the operation and maintenance level index of the standby server are started or not; obtaining a distance weight and an operation and maintenance weight according to the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient;
Obtaining a current access pressure coefficient of a default server according to the access pressure critical value and the difference characteristic of the daily access quantity of the default server; obtaining distance verification coefficients of other servers according to the distance characteristics between the other servers currently connected with the domain name and a default server, the distance weight and the distance characteristics between the default server and a standby server; acquiring operation and maintenance verification coefficients of other servers according to the operation and maintenance weights and the difference characteristics of the operation and maintenance level indexes of the other servers and the standby server; and obtaining malicious link probabilities of the other servers according to the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient, and carrying out signing willingness authentication according to the malicious link probabilities.
Further, the step of obtaining the access pressure threshold of the default server according to the difference feature of the daily access amount of the standby server includes:
calculating the average value of the daily access quantity of the default server when the standby server is not started, and obtaining the default daily access quantity; calculating the average value of the daily access quantity of the default server in all historical days of the same number of the standby servers started by the domain name to obtain the standby daily average access quantity;
Calculating the square of the difference value between the standby average daily access quantity and the default average daily access quantity to obtain an average daily access difference characterization value; and calculating the arithmetic square root of the average value of the corresponding daily access difference characterization values when different numbers of standby servers are started, and obtaining the access pressure critical value.
Further, the step of obtaining the operation and maintenance level index of the standby server according to the operation and maintenance information of the standby server includes:
the operation and maintenance information comprises hardware parameters, a network environment, performance parameters and an operating system; extracting representative features of the operation and maintenance information, inputting the representative features into a trained classification neural network, classifying and identifying the representative features of the operation and maintenance information by the classification neural network, and outputting the operation and maintenance level index from inferior to superior to zero to one.
Further, the step of obtaining the historical distance correlation coefficient of the domain name includes:
for a default server when the standby server is started at any time by the domain name, calculating a difference value between the daily access quantity of the default server and the default daily access quantity to obtain a default access quantity difference; calculating the reciprocal of the average Euclidean distance between the default server and the actual position of the corresponding enabled standby server to obtain a standby distance representation value, calculating the reciprocal of the average Euclidean distance between the default server and the actual position of all standby services to obtain a conventional distance representation value, and calculating the difference between the standby distance representation value and the conventional distance representation value to obtain a standby distance difference representation value;
And calculating the product of the standard deviation of the default daily average access quantity and the standard deviation of the standby distance difference characterization value to obtain a first standard deviation characterization value, and calculating the absolute value of the ratio of the covariance of the default access quantity difference and the standby distance difference characterization value to the first standard deviation characterization value to obtain the history distance correlation coefficient.
Further, the step of obtaining the historical operation and maintenance correlation coefficient of the domain name comprises the following steps:
calculating the average value of the operation and maintenance level indexes of all standby servers to obtain an operation and maintenance level average value;
for the standby server started at any time of the domain name, calculating the average value of the operation and maintenance level indexes of the started standby server to obtain a standby operation and maintenance level average value; calculating the difference value between the standby operation and maintenance level average value and the operation and maintenance level average value to obtain a standby operation and maintenance level difference representation value;
calculating the product of the standard deviation of the default daily average access quantity and the standard deviation of the standby operation and maintenance level difference representation value to obtain a second standard deviation representation value; and calculating the absolute value of the ratio of the covariance of the default access quantity difference to the standby operation and maintenance level difference representation value to the second standard deviation representation value, and obtaining the historical operation and maintenance correlation coefficient.
Further, the step of obtaining the distance weight and the operation and maintenance weight according to the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient comprises the following steps:
calculating the sum of the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient to obtain a correlation coefficient characterization value, and calculating the ratio of the historical distance correlation coefficient to the correlation coefficient characterization value to obtain the distance weight; and calculating the ratio of the historical operation and maintenance correlation coefficient to the correlation coefficient characterization value to obtain the operation and maintenance weight.
Further, the step of obtaining the current access pressure coefficient of the default server includes:
calculating the absolute value of the difference value between the current daily access quantity of the default server and the default daily access quantity to obtain the current access quantity difference value; and calculating the ratio of the current access quantity difference value to the access pressure critical value to obtain the current access pressure coefficient.
Further, the step of obtaining the distance verification coefficient of the other server includes:
calculating the reciprocal of Euclidean distance between the other servers and the default server to obtain other distance characterization values, and calculating the ratio of the other distance characterization values to the conventional distance characterization values to obtain other distance difference characterization values; and calculating the product of the other distance difference characterization values and the distance weights to obtain the distance verification coefficients of the other servers.
Further, the step of obtaining the operation and maintenance verification coefficients of the other servers includes:
calculating the ratio of the operation and maintenance level index of the other servers to the operation and maintenance level average value to obtain other operation and maintenance difference characterization values, and calculating the product of the other operation and maintenance difference characterization values and the operation and maintenance weight to obtain the operation and maintenance verification coefficients of the other servers.
Further, the step of obtaining the malicious link probability of the other servers and performing subscription intention authentication according to the malicious link probability includes:
calculating the sum of the distance verification coefficient and the operation and maintenance verification coefficient to obtain other server verification coefficients; calculating the product of the other server verification coefficients and the current access pressure coefficient, and calculating the absolute value of the difference value of the product of the constant 1 and the other server verification coefficients and the current access pressure coefficient to obtain the malicious link probability;
when the malicious link probability does not exceed a preset probability threshold, judging that the signing risk does not exist, and not performing willingness authentication of the user signing; and when the malicious link probability exceeds a preset probability threshold, judging that a signing risk exists, and authenticating and reminding the user signing will.
The invention has the following beneficial effects:
in the embodiment of the invention, the access pressure critical value is calculated to represent the difference characteristic of the daily access quantity of the default server corresponding to the domain name in normal load and when the load is too high, and the accuracy of finally analyzing the malicious link probability can be improved through the access pressure critical value. The calculation operation and maintenance level index can represent the comprehensive site building level of the server site, so that the quality of the server site is reflected, and the accuracy of the final calculation of the bad link probability is improved. The distance weight and the operation and maintenance weight are obtained through the history distance correlation coefficient and the history operation and maintenance correlation coefficient, the fact that the distance preference or the operation and maintenance level preference is adopted when the default server is started in the history period of the domain name can be reflected, the selection weight of the starting standby server is represented, and accuracy of final analysis and calculation of bad link probability is improved. Acquiring the current access pressure coefficient can reflect whether the load condition of the current default server approaches to the load level of the starting standby server in the historical period; further judging the probability of malicious links; the distance verification coefficient and the operation and maintenance verification coefficient can reflect the feature similarity between other servers and the standby server selected in the historical period. And finally, the malicious link probability is obtained through the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient, so that the accuracy of analyzing domain name hijacking is improved, the safety of online signing of the user is further improved, and the signing willingness of the user is ensured.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions and advantages of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a method for willingness authentication for online subscription according to an embodiment of the present invention.
Detailed Description
In order to further describe the technical means and effects adopted by the invention to achieve the preset aim, the following detailed description refers to specific implementation, structure, characteristics and effects of an online subscription willingness authentication method according to the invention by combining the attached drawings and the preferred embodiment. In the following description, different "one embodiment" or "another embodiment" means that the embodiments are not necessarily the same. Furthermore, the particular features, structures, or characteristics of one or more embodiments may be combined in any suitable manner.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following specifically describes a specific scheme of a method for willingness authentication of online subscription provided by the invention with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of a method for willingness authentication of online subscription according to an embodiment of the present invention is shown, the method includes the following steps:
step S1, acquiring daily access quantity of a default server of a domain name signed on line and operation and maintenance information of a standby server; acquiring the distance between a default server and a standby server; obtaining an access pressure critical value of a default server according to the difference characteristic of the daily access quantity of whether the standby server is started or not; and obtaining the operation and maintenance level index of the standby server according to the operation and maintenance information of the standby server.
In the embodiment of the invention, the implementation scene is to detect and analyze the links signed on line. For domain names subscribed online, the DNS namesystem functions to map the domain name network address to a real computer-identifiable network IP address so that the computer can further communicate and deliver content, etc. DNS hijacking is that by falsifying the resolution result of a domain name, the IP pointing to the domain name becomes another IP, resulting in hijacking access to a corresponding web site to another unreachable or false web site. Because DNS is similar to public IP address resolution phonebook, and one domain name can bind multiple IPs, one IP can bind multiple domain names, so that sender-approved domain name list and IP list are required, and for public DNS, the mapping relationship between DNS and IP is not fixed, so that IP list cannot be used only as a standard for detecting malicious links. The IP address is used to identify a device on the internet or local network, and the actual server address refers to the physical location or network location where the server is located. The server may be located in a data center, a cloud service provider, inside an enterprise, etc., and the mapping relationship between its actual address and IP address is maintained by the DNS server, and when the server migrates, the IP address needs to be updated. Therefore, the real address and the IP address of all the analysis results of the DNS can be analyzed, and meanwhile, whether the domain name is hijacked by the domain name is judged by combining the operation and maintenance information of the server.
Firstly, acquiring daily access quantity of a default server of a domain name signed on line, and acquiring operation and maintenance information of a standby server of the domain name; in addition, the method is a third party monitoring method, in order to maintain the information and property safety of the user, a part of information checking authority is required to be required to the sender, if the information is refused, any link is not allowed to be sent to the user, and the sender is required to provide a domain name DNS list, an IP list, a historical operation log, a current log and operation and maintenance information of an IP corresponding server to the third party. The default server refers to a common server providing online signed web service, and the standby server refers to a temporarily enabled server when the default server fails or is overloaded; the acquisition of daily access may be extracted from the log data of the server, and the daily access may characterize the daily load characteristics of the server. For the acquisition of the operation and maintenance information, the hardware parameters, the network environment, the performance parameters and the operating system of the server are acquired, the operation and maintenance information can represent the comprehensive construction level of the site where the server is located, and whether the site corresponding to the server is a safe and regular site can be represented by the operation and maintenance information. Further, the distance between the default server and the standby server needs to be obtained, and the starting priority of the standby server can be analyzed according to the distance characteristic, wherein the distance is the actual distance between the servers.
Because the connected server can be changed after domain name hijacking occurs, the domain name is used as a default server under normal conditions, and the server can be switched to a standby server when the daily access quantity of the default server is too high, if the load of the default server is normal, the server can be switched to the situation that the domain name is hijacked, so that the load characteristics of the default server can be analyzed first; obtaining an access pressure critical value of a default server according to the daily access difference characteristic of whether the standby server is started or not; it should be noted that, log data of the replacement server caused by problems such as failure, update, etc. need to be removed before analysis; the method specifically comprises the following steps: calculating the average value of the daily access quantity of the default server when the standby server is not started, and obtaining the default daily access quantity; calculating the average value of the daily access quantity of the default server in all history days of which the number of the domain name enables the same standby server to obtain the standby daily average access quantity; calculating the square of the difference between the standby average daily access quantity and the default average daily access quantity, and obtaining an average daily access difference characterization value; calculating the arithmetic square root of the average value of the corresponding average access difference characterization values when the standby servers of different quantity types are started, and obtaining an access pressure critical value; the specific acquisition formula of the access pressure critical value comprises:
In the method, in the process of the invention,access pressure threshold for default server, +.>Representing the number of active different number types of standby servers on the same day,/for each standby server>Indicating enablement->Number of types of backup servers, total number of logs for default server, +.>Indicate->Daily access in the individual logs, +.>Indicating the number of alternate daily accesses. />Indicating the total log number when the standby server is not enabled, < >>Indicate->Daily access in the individual logs, +.>Indicating a default daily access amount.Representing daily access to the variance characterizing value.
For obtaining the access pressure critical value, the difference condition of the daily access quantity of the default server is analyzed when the default server corresponding to the domain name is started and the standby server is not started, the formula is the mean square error of the daily access quantity difference when different standby servers are started, and the difference characteristic of the daily access quantity of the default server when whether the standby server is started or not is represented by the domain name; the access pressure critical value characterizes a critical access value which is more than that of a default server in a normal running state when the access pressure is high, the load of the default server is low under normal conditions, and when the standby server is started, the load of the default server is high at the moment, so that the load bearing condition of the default server can be analyzed through the access pressure critical value, whether the load of the default server is high or not can be analyzed through the access pressure critical value, the reason when the server is switched is approaching the daily access quantity upper limit or not can be judged, and the probability of domain name hijacking is judged.
Further, after the access pressure critical value of the default server is obtained, in order to improve accuracy of domain name hijacking identification, the operation and maintenance condition of the server needs to be analyzed, because the operation and maintenance level of the server site can reflect the comprehensive construction level of the site, the comprehensive operation and maintenance level of the site of the false website is often worse, so that the operation and maintenance level index of the standby server is obtained through the neural network according to the operation and maintenance information of the standby server, which specifically includes: the operation and maintenance information comprises hardware parameters, network environment, performance parameters and an operating system; the representative features of the operation and maintenance information can be extracted through manual evaluation, network voting or principal component analysis, the important features of the operation and maintenance information are marked with grading labels of the operation and maintenance quality in a manual mode, and the important features of the operation and maintenance information are trained through a classification neural network; the trained classified neural network can classify and identify the important features of the input operation and maintenance information, and output an operation and maintenance level index from inferior to optimal zero to one. It should be noted that, the principal component analysis method and the classification neural network belong to the prior art, and specific calculation steps are not repeated. The structure of the classified neural network is an Encoder-FC, the loss function is a cross entropy function, and in order to improve the accuracy of the classified neural network, a large number of operation and maintenance information of different server sites can be additionally obtained to serve as a training set and a verification set, and training is performed through a gradient descent method in the training process until the loss function converges, so that the classified neural network training is completed. And the operation and maintenance conditions of the server site of the sender can be classified by using the trained classified neural network to obtain an operation and maintenance level index of the server, and when the comprehensive construction level of the site is higher, the output operation and maintenance level index is closer to 1. When the output operation and maintenance level index is closer to 0, the probability of encountering a false website is larger, and the probability of domain name hijacking can be analyzed by combining the operation and maintenance level index.
The access pressure critical value of the default server corresponding to the online contracted domain name in whether the standby server is started or not and the operation and maintenance level indexes of different server sites are obtained, and finally the probability of domain name hijacking can be analyzed based on the access pressure critical value and the operation and maintenance level indexes.
Step S2, obtaining a history distance correlation coefficient of the domain name according to the distance characteristic of the default server and the standby server and the difference characteristic of the daily access quantity of whether the standby server is started or not; obtaining a historical operation and maintenance correlation coefficient of the domain name according to whether the difference characteristic of the daily access quantity of the standby server and the difference characteristic of the operation and maintenance level index of the standby server are started or not; and obtaining the distance weight and the operation and maintenance weight according to the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient.
Because there are multiple standby servers, the priority of enabling the standby servers is based on the access pressure of the default server, the distance between the servers and the operation and maintenance conditions of the standby servers; the default server has large access pressure, and sites with good operation and maintenance states are required to share, so that server paralysis caused by huge access flow is avoided, but if the server is far away, nodes passing through the middle are more, and network delay time is longer. Therefore, in order to analyze the probability of domain name hijacking subsequently, it is necessary to analyze the priority logic for enabling the standby server, so as to obtain the history distance correlation coefficient of the domain name according to the distance characteristic between the default server and the standby server and the difference characteristic of the daily access amount of whether the standby server is enabled, which specifically includes: for a default server when the standby server is started at any time by the domain name, calculating a difference value between the daily access quantity of the default server and the default daily access quantity to obtain a default access quantity difference; calculating the reciprocal of the average Euclidean distance between the default server and the actual position of the corresponding enabled standby server to obtain a standby distance representation value, calculating the reciprocal of the average Euclidean distance between the default server and the actual position of all standby services to obtain a conventional distance representation value, and calculating the difference between the standby distance representation value and the conventional distance representation value to obtain a standby distance difference representation value; calculating the product of the standard deviation of the default daily average access quantity and the standard deviation of the standby distance difference characterization value to obtain a first standard deviation characterization value, and calculating the absolute value of the ratio of the covariance of the default access quantity difference and the standby distance difference characterization value to the first standard deviation characterization value to obtain a history distance correlation coefficient; the specific formula for acquiring the historical distance correlation coefficient comprises the following steps:
In the method, in the process of the invention,representing historical distance correlation coefficient,/->Representing the +.o. of enabling standby servers>Daily access to default server in the personal log, < >>Representing a default daily average access amount; />Indicate->Average Euclidean distance of corresponding default server and active standby server in each log, +.>Representing the average Euclidean distance between the default server and all standby services; />Representing a standby distance characterization value; />Representing a conventional distance characterization value; />Representing a stand-by distance difference characterization value;representing default access volume difference, ++>Covariance representing default access volume variance versus stand-by distance variance characterization value, +.>Standard deviation indicating default daily average access amount, +.>Standard deviation of representing stand-by distance difference characterization value, < >>Representing a first standard deviation characterization value.
For the acquisition of the historical distance correlation coefficient, the calculation process of the value is the calculation process of the pearson correlation coefficient, and it is to be noted that the pearson correlation coefficient is the prior art and is used for measuring the correlation between two variables, and in the embodiment of the invention, the two variables are respectively the difference value between the daily access quantity of the default server and the default daily average access quantity when the standby server is started, and the distance difference characteristic of the started standby server and the default server. The pearson correlation coefficient between two variables is defined as the quotient of the covariance between the two variables and the standard deviation, which ranges between-1 and 1, meaning that the changes in the two variables are less correlated when they are closer to 0. The inverse of the average Euclidean distance is calculated according to the logic of the preferred distance, and when the access quantity pressure is larger, a standby server with a shorter distance is selected, so that the logic relationship between the access pressure and the preferred distance is corrected by using the inverse of the average Euclidean distance. Therefore, the historical distance correlation coefficient characterizes whether the subscription domain name enables the standby server to have correlation with the distance between the servers in the historical period, and when the historical distance correlation coefficient is closer to 1, the historical distance correlation coefficient means that the subscription domain name is preferentially related with the distance when the standby server is enabled, namely the standby server with a closer distance is selected to be preferentially enabled.
Further, after analyzing the distance correlation of the standby server which is started, because the standby server may be selected to have correlation with the operation and maintenance level, the historical operation and maintenance correlation coefficient of the domain name is obtained according to the difference characteristic of the daily access quantity of the standby server and the operation and maintenance level index difference characteristic of the standby server, which specifically includes: calculating the average value of the operation and maintenance level indexes of all the standby servers to obtain an operation and maintenance level average value; for a standby server started at any one time of a domain name, calculating an average value of operation and maintenance level indexes of the started standby server to obtain a standby operation and maintenance level average value; calculating a difference value between the standby operation and maintenance horizontal average value and the operation and maintenance horizontal average value to obtain a standby operation and maintenance horizontal difference characterization value; calculating the product of the standard deviation of the default daily average access quantity and the standard deviation of the standby operation and maintenance level difference representation value to obtain a second standard deviation representation value; and calculating the absolute value of the ratio of the covariance of the default access quantity difference and the standby operation and maintenance level difference characterization value to the second standard deviation characterization value, and obtaining the historical operation and maintenance correlation coefficient. It should be noted that, since the historical operation and maintenance correlation coefficient and the historical distance correlation coefficient are calculated by using the idea of pearson correlation coefficient and the calculation formulas are similar, the calculation formulas are not repeated. For the acquisition of the historical operation and maintenance correlation coefficient, when the numerical value is closer to 1, the subscription domain name is more correlated with the operation and maintenance level preference when the subscription domain name selects the standby server in the historical period, namely the standby server with higher operation and maintenance level index is selected to be started preferentially.
After the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient corresponding to the domain name are obtained, the weight ratio of the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient needs to be analyzed, namely when an activated standby server is selected, the priority is given to the operation and maintenance level according to the distance priority; therefore, the distance weight and the operation and maintenance weight are obtained according to the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient, and the method specifically comprises the following steps: calculating the sum of the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient to obtain a correlation coefficient characterization value, and calculating the ratio of the historical distance correlation coefficient to the correlation coefficient characterization value to obtain a distance weight; and calculating the ratio of the historical operation and maintenance correlation coefficient to the correlation coefficient characterization value to obtain the operation and maintenance weight. When the distance weight is greater than the operation and maintenance weight, the distance weight means that the distance tends to be closer when the active standby server is selected; when the operation and maintenance weight is greater than the distance weight, then this means that the operation and maintenance level is more favored when selecting the active standby server. And then, analyzing whether the domain name hijacking condition occurs to other newly connected servers by combining the distance weight and the operation and maintenance weight.
Step S3, obtaining the current access pressure coefficient of the default server according to the access pressure critical value and the difference characteristic of the daily access quantity of the default server; obtaining distance verification coefficients of other servers according to distance features and distance weights between other servers currently connected with the domain name and a default server and distance features between the default server and a standby server; according to the operation and maintenance weight and the difference characteristics of the operation and maintenance level indexes of other servers and the standby server, obtaining operation and maintenance verification coefficients of the other servers; and obtaining malicious link probabilities of other servers according to the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient, and carrying out signing willingness authentication according to the malicious link probabilities.
When the IP corresponding to the contracted domain name link sent by the sender is not in the history list of the domain name, it means that the servers which are not appeared are switched, and at this time, the probability of domain name hijacking needs to be analyzed. Firstly, the load condition of the current default server needs to be analyzed, so that the current access pressure coefficient of the default server is obtained according to the difference characteristic of the access pressure critical value and the daily access quantity of the default server, which specifically comprises the following steps: calculating the absolute value of the difference value between the current daily access quantity of the default server and the default daily access quantity to obtain the current access quantity difference value; and calculating the ratio of the current access quantity difference value to the access pressure critical value to obtain the current access pressure coefficient. If the ratio of the current access volume difference value to the access pressure critical value is closer to 1, the current default server load is close to the daily access volume when the domain name starts the standby server in the history period, that is, the situation that the access volume pressure is large does exist, and other servers need to be started. If the ratio of the current access quantity difference value to the access pressure critical value is smaller than 1, the load of the current default server is not close to the level of enabling the standby server, and the probability of domain name hijacking is higher.
After the current access pressure coefficient is obtained, in order to improve the accuracy of analyzing the probability of domain name hijacking, the operation and maintenance levels of other servers currently connected and the distance characteristics between the other servers and a default server are also required to be analyzed; obtaining distance verification coefficients of other servers according to the distance characteristics and the distance weights between other servers currently connected with the domain name and the default server and the distance characteristics between the default server and the standby server; according to the operation and maintenance weight and the difference characteristics of the operation and maintenance level indexes of other servers and the standby server, the operation and maintenance verification coefficients of the other servers are obtained, and the method specifically comprises the following steps: calculating the reciprocal of Euclidean distance between other servers and a default server to obtain other distance characterization values, and calculating the ratio of the other distance characterization values to the conventional distance characterization values to obtain other distance difference characterization values; and calculating the product of the other distance difference characterization values and the distance weights to obtain the distance verification coefficients of other servers. And calculating the ratio of the operation and maintenance level index to the operation and maintenance level average value of other servers to obtain other operation and maintenance difference characterization values, and calculating the product of the other operation and maintenance difference characterization values and operation and maintenance weights to obtain operation and maintenance verification coefficients of the other servers.
For the acquisition of the distance verification coefficient and the operation and maintenance verification coefficient of other servers, when the other distance difference characterization value is closer to 1, the closer the positions of the other servers and the standby server are, the more likely to be in the same server cluster; when the other distance difference characterization values are not close to 1, the positions of the other servers and the standby server are not close, and the probability of domain name hijacking is high. When the difference characterization value of other operation and maintenance approaches 1, the operation and maintenance levels of the other servers and the standby server approach, namely the comprehensive construction level of the other server sites is good; when the other operation and maintenance difference characterization values are less close to 1, the comprehensive construction level of the other server sites is not equal to that of the standby servers. The purpose of calculating the products of the distance weight and the operation and maintenance weight respectively is to be used as a weight coefficient, if the standby server selected and started in the domain name history period is prioritized by the distance, the weight given when calculating the distance verification coefficient is larger, and similarly, if the standby server is prioritized by the operation and maintenance level, the weight given when calculating the operation and maintenance verification coefficient is larger; the accuracy of analyzing the domain name hijacking occurrence probability can be improved through different weights.
So far, after the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient are obtained, malicious link probability of other servers can be obtained according to the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient, signing willingness authentication is carried out according to the malicious link probability, and the method specifically comprises the following steps: calculating the sum of the distance verification coefficient and the corresponding operation and maintenance verification coefficient to obtain other server verification coefficients; calculating the product of other server verification coefficients and the current access pressure coefficient, and calculating the absolute value of the difference value of the product of the constant 1 and the product of the other server verification coefficients and the current access pressure coefficient to obtain malicious link probability; when the probability of malicious links does not exceed a preset probability threshold, judging that no signing risk exists, and not performing willingness authentication of user signing; when the probability of malicious links exceeds a preset probability threshold, judging that a signing risk exists, and authenticating and reminding the user's willingness to sign a signing; the acquisition formula of the malicious link probability specifically comprises the following steps:
in the method, in the process of the invention,representing malicious link probability, < >>Indicating the current daily access of the default server, < +.>Representing a current access volume variance value; />Representing distance weight, ++>Representing the operation and maintenance weight- >Representing Euclidean distance between other servers and a default server; />An operation and maintenance level index indicating other servers, < ->Representing the average value of the operation and maintenance level->Representing the distance verification coefficients of other servers; />Representing the operation and maintenance verification coefficients of other servers. />Representing other server authentication coefficients.
For the acquisition of the malicious link probability, according to the analysis of each parameter in the formula in the step S3, if the current access quantity difference value is closer to 1, the distance verification coefficient is closer to 1, and the operation and maintenance verification coefficient is closer to 1, at this time, other servers are more similar to the standby server, and the load of the default server is closer to the level of enabling the standby server, so that the malicious link probability is closer to zero; if the current access amount difference value is less than 1, the distance verification coefficient is less than 1, and the operation and maintenance verification coefficient is less than 1, other servers and standby servers are less similar, and the load of the default server is less than the level of enabling the standby server, so that the value of the malicious link probability is greater. The probability threshold can be preset, and when the probability of malicious link does not exceed the preset probability threshold, other servers switched are considered to be similar to the historical standby server, at the moment, the online subscription of the user is normal, and the subscription will of the user is not interfered; when the probability of malicious links exceeds a preset probability threshold, other servers which are switched are considered to be not authenticated, the probability of being hijacked by the domain name is high, the user has low willingness to sign up at the website, and at the moment, the user is required to be timely flicked to remind or forcibly close the website, so that the information and property safety of the user are protected. The method and the device improve the accuracy of analyzing the domain name hijacking probability by analyzing the difference characteristics of the daily access quantity of the current default server and the historical normal daily access quantity and the operation and maintenance level of other servers and the distance characteristics of the servers and the default server, and further improve the signing safety of users.
In summary, the embodiment of the invention provides a method for willingness authentication of online subscription; and acquiring the daily access quantity of the default server corresponding to the online contracted domain name and the operation and maintenance information of the standby server, and the distance between the servers. And obtaining an access pressure critical value according to the difference of the daily access quantity when the standby server is started or not, and analyzing the load level of the default server. Analyzing the comprehensive construction level of the server site according to the operation and maintenance level index; enabling the correlation between the standby server and the distance according to the historical distance correlation coefficient analysis; and enabling the correlation between the standby server and the operation and maintenance level according to the historical operation and maintenance correlation coefficient analysis. Finally, the probability of acquiring the malicious links by analyzing the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient is improved, the accuracy of judging domain name hijacking is improved, the safety of online signing of the user is further improved, and the signing willingness of the user is ensured.
It should be noted that: the sequence of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. The processes depicted in the accompanying drawings do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments.
Claims (10)
1. A method of willingness authentication for online subscriptions, the method comprising the steps of:
acquiring daily access quantity of a default server of a domain name signed on line and operation and maintenance information of a standby server; acquiring the distance between a default server and a standby server; obtaining an access pressure critical value of the default server according to the difference characteristic of the daily access quantity of whether the standby server is started or not; obtaining an operation and maintenance level index of the standby server according to the operation and maintenance information of the standby server;
obtaining a history distance correlation coefficient of the domain name according to the distance characteristic of the default server and the standby server and the difference characteristic of the daily access quantity of whether the standby server is started or not; obtaining a historical operation and maintenance correlation coefficient of the domain name according to whether the difference characteristic of the daily access quantity of the standby server and the difference characteristic of the operation and maintenance level index of the standby server are started or not; obtaining a distance weight and an operation and maintenance weight according to the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient;
Obtaining a current access pressure coefficient of a default server according to the access pressure critical value and the difference characteristic of the daily access quantity of the default server; obtaining distance verification coefficients of other servers according to the distance characteristics between the other servers currently connected with the domain name and a default server, the distance weight and the distance characteristics between the default server and a standby server; acquiring operation and maintenance verification coefficients of other servers according to the operation and maintenance weights and the difference characteristics of the operation and maintenance level indexes of the other servers and the standby server; and obtaining malicious link probabilities of the other servers according to the current access pressure coefficient, the distance verification coefficient and the operation and maintenance verification coefficient, and carrying out signing willingness authentication according to the malicious link probabilities.
2. The method of claim 1, wherein the step of obtaining the access pressure threshold of the default server according to a difference feature of a daily access amount of whether the standby server is enabled comprises:
calculating the average value of the daily access quantity of the default server when the standby server is not started, and obtaining the default daily access quantity; calculating the average value of the daily access quantity of the default server in all historical days of the same number of the standby servers started by the domain name to obtain the standby daily average access quantity;
Calculating the square of the difference value between the standby average daily access quantity and the default average daily access quantity to obtain an average daily access difference characterization value; and calculating the arithmetic square root of the average value of the corresponding average daily access difference characterization values when the standby servers of different quantity types are started, and obtaining the access pressure critical value.
3. The method for willingness authentication of an online subscription according to claim 1, wherein the step of obtaining an operation and maintenance level index of the standby server according to the operation and maintenance information of the standby server comprises:
the operation and maintenance information comprises hardware parameters, a network environment, performance parameters and an operating system; extracting representative features of the operation and maintenance information, inputting the representative features into a trained classification neural network, classifying and identifying the representative features of the operation and maintenance information by the classification neural network, and outputting the operation and maintenance level index from inferior to superior to zero to one.
4. The method of claim 2, wherein the step of obtaining a history distance correlation coefficient for the domain name comprises:
for a default server when the standby server is started at any time by the domain name, calculating a difference value between the daily access quantity of the default server and the default daily access quantity to obtain a default access quantity difference; calculating the reciprocal of the average Euclidean distance between the default server and the actual position of the corresponding enabled standby server to obtain a standby distance representation value, calculating the reciprocal of the average Euclidean distance between the default server and the actual positions of all the standby servers to obtain a conventional distance representation value, and calculating the difference between the standby distance representation value and the conventional distance representation value to obtain a standby distance difference representation value;
And calculating the product of the standard deviation of the default daily average access quantity and the standard deviation of the standby distance difference characterization value to obtain a first standard deviation characterization value, and calculating the absolute value of the ratio of the covariance of the default access quantity difference and the standby distance difference characterization value to the first standard deviation characterization value to obtain the history distance correlation coefficient.
5. The method of claim 4, wherein the step of obtaining historical operation and maintenance correlation coefficients for domain names comprises:
calculating the average value of the operation and maintenance level indexes of all standby servers to obtain an operation and maintenance level average value;
for the standby server started at any time of the domain name, calculating the average value of the operation and maintenance level indexes of the started standby server to obtain a standby operation and maintenance level average value; calculating the difference value between the standby operation and maintenance level average value and the operation and maintenance level average value to obtain a standby operation and maintenance level difference representation value;
calculating the product of the standard deviation of the default daily average access quantity and the standard deviation of the standby operation and maintenance level difference representation value to obtain a second standard deviation representation value; and calculating the absolute value of the ratio of the covariance of the default access quantity difference to the standby operation and maintenance level difference representation value to the second standard deviation representation value, and obtaining the historical operation and maintenance correlation coefficient.
6. The method of claim 1, wherein the step of obtaining distance weights and operation and maintenance weights from the historical distance correlation coefficients and the historical operation and maintenance correlation coefficients comprises:
calculating the sum of the historical distance correlation coefficient and the historical operation and maintenance correlation coefficient to obtain a correlation coefficient characterization value, and calculating the ratio of the historical distance correlation coefficient to the correlation coefficient characterization value to obtain the distance weight; and calculating the ratio of the historical operation and maintenance correlation coefficient to the correlation coefficient characterization value to obtain the operation and maintenance weight.
7. The method of claim 2, wherein the step of obtaining the current access pressure coefficient of the default server comprises:
calculating the absolute value of the difference value between the current daily access quantity of the default server and the default daily access quantity to obtain the current access quantity difference value; and calculating the ratio of the current access quantity difference value to the access pressure critical value to obtain the current access pressure coefficient.
8. The method of claim 4, wherein the step of obtaining the distance verification coefficients of the other servers comprises:
Calculating the reciprocal of Euclidean distance between the other servers and the default server to obtain other distance characterization values, and calculating the ratio of the other distance characterization values to the conventional distance characterization values to obtain other distance difference characterization values; and calculating the product of the other distance difference characterization values and the distance weights to obtain the distance verification coefficients of the other servers.
9. The method of claim 5, wherein the step of obtaining the operation and maintenance verification coefficients of the other servers comprises:
calculating the ratio of the operation and maintenance level index of the other servers to the operation and maintenance level average value to obtain other operation and maintenance difference characterization values, and calculating the product of the other operation and maintenance difference characterization values and the operation and maintenance weight to obtain the operation and maintenance verification coefficients of the other servers.
10. The method for online subscription willingness authentication of claim 1, wherein the step of obtaining the probability of malicious links of the other servers and performing subscription willingness authentication according to the probability of malicious links comprises:
calculating the sum of the distance verification coefficient and the operation and maintenance verification coefficient to obtain other server verification coefficients; calculating the product of the other server verification coefficients and the current access pressure coefficient, and calculating the absolute value of the difference value of the product of the constant 1 and the other server verification coefficients and the current access pressure coefficient to obtain the malicious link probability;
When the malicious link probability does not exceed a preset probability threshold, judging that the signing risk does not exist, and not performing willingness authentication of the user signing; and when the malicious link probability exceeds a preset probability threshold, judging that a signing risk exists, and authenticating and reminding the user signing will.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310855129.XA CN116582369B (en) | 2023-07-13 | 2023-07-13 | Willingness authentication method for online subscription |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310855129.XA CN116582369B (en) | 2023-07-13 | 2023-07-13 | Willingness authentication method for online subscription |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116582369A CN116582369A (en) | 2023-08-11 |
| CN116582369B true CN116582369B (en) | 2023-09-12 |
Family
ID=87538210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310855129.XA Active CN116582369B (en) | 2023-07-13 | 2023-07-13 | Willingness authentication method for online subscription |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116582369B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107113320A (en) * | 2016-01-29 | 2017-08-29 | 华为技术有限公司 | A kind of method, relevant device and system for downloading signed instrument |
| CN109257209A (en) * | 2018-09-04 | 2019-01-22 | 山东浪潮云投信息科技有限公司 | A kind of data center server centralized management system and method |
| CN112561475A (en) * | 2020-12-15 | 2021-03-26 | 北京孵家科技股份有限公司 | Electronic signing system and method |
| CN113419938A (en) * | 2021-07-01 | 2021-09-21 | 中国工商银行股份有限公司 | Control method, device and equipment for user concurrent access |
| CN115334554A (en) * | 2021-05-10 | 2022-11-11 | 中兴通讯股份有限公司 | Operation and maintenance method, device, system, server, electronic equipment and medium |
| CN115379448A (en) * | 2022-08-22 | 2022-11-22 | 中国联合网络通信集团有限公司 | Service provisioning method and server |
| CN116149954A (en) * | 2023-03-07 | 2023-05-23 | 上海众愿计算机技术有限公司 | Intelligent operation and maintenance system and method for server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107634945B (en) * | 2017-09-11 | 2018-06-22 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
-
2023
- 2023-07-13 CN CN202310855129.XA patent/CN116582369B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107113320A (en) * | 2016-01-29 | 2017-08-29 | 华为技术有限公司 | A kind of method, relevant device and system for downloading signed instrument |
| CN109257209A (en) * | 2018-09-04 | 2019-01-22 | 山东浪潮云投信息科技有限公司 | A kind of data center server centralized management system and method |
| CN112561475A (en) * | 2020-12-15 | 2021-03-26 | 北京孵家科技股份有限公司 | Electronic signing system and method |
| CN115334554A (en) * | 2021-05-10 | 2022-11-11 | 中兴通讯股份有限公司 | Operation and maintenance method, device, system, server, electronic equipment and medium |
| CN113419938A (en) * | 2021-07-01 | 2021-09-21 | 中国工商银行股份有限公司 | Control method, device and equipment for user concurrent access |
| CN115379448A (en) * | 2022-08-22 | 2022-11-22 | 中国联合网络通信集团有限公司 | Service provisioning method and server |
| CN116149954A (en) * | 2023-03-07 | 2023-05-23 | 上海众愿计算机技术有限公司 | Intelligent operation and maintenance system and method for server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116582369A (en) | 2023-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11005779B2 (en) | Method of and server for detecting associated web resources | |
| CN108989150B (en) | Login abnormity detection method and device | |
| CN101730903B (en) | Multi-dimensional reputation scoring | |
| CN109274632B (en) | Website identification method and device | |
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| JP5941163B2 (en) | Spam detection system and method using frequency spectrum of character string | |
| CA2633828A1 (en) | Email anti-phishing inspector | |
| CN104954372A (en) | Method and system for performing evidence acquisition and verification on phishing website | |
| CN101730904A (en) | Related and the analysis of entity attribute | |
| CN109495467B (en) | Method and device for updating interception rule and computer readable storage medium | |
| CN113704328B (en) | User behavior big data mining method and system based on artificial intelligence | |
| CN110162958B (en) | Method, apparatus and recording medium for calculating comprehensive credit score of device | |
| CN111125718A (en) | Unauthorized vulnerability detection method, device, equipment and storage medium | |
| CN116366374B (en) | Security assessment method, system and medium for power grid network management based on big data | |
| CN110798488A (en) | Web application attack detection method | |
| CN112839014A (en) | Method, system, device and medium for establishing model for identifying abnormal visitor | |
| CN114679292A (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
| CA3122975A1 (en) | Network device identification | |
| CN112995207A (en) | Fingerprint identification and exposed surface risk assessment method for network assets | |
| CN111628961A (en) | DNS (Domain name Server) anomaly detection method | |
| CN113704772B (en) | Safety protection processing method and system based on user behavior big data mining | |
| CN111107057A (en) | Abnormal user account detection method, device, equipment and storage medium | |
| CN108833348B (en) | Abnormity detection method and device based on log graph modeling | |
| CN116582369B (en) | Willingness authentication method for online subscription | |
| CN112671724A (en) | Terminal security detection analysis method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |