CN116894222A - Abnormal user identification method, device, system, computing equipment and storage medium - Google Patents

Abnormal user identification method, device, system, computing equipment and storage medium Download PDF

Info

Publication number
CN116894222A
CN116894222A CN202310892125.9A CN202310892125A CN116894222A CN 116894222 A CN116894222 A CN 116894222A CN 202310892125 A CN202310892125 A CN 202310892125A CN 116894222 A CN116894222 A CN 116894222A
Authority
CN
China
Prior art keywords
user
algorithm
target algorithm
abnormal
execution result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310892125.9A
Other languages
Chinese (zh)
Inventor
罗星
何治
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Bilibili Technology Co Ltd
Original Assignee
Shanghai Bilibili Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Bilibili Technology Co Ltd filed Critical Shanghai Bilibili Technology Co Ltd
Priority to CN202310892125.9A priority Critical patent/CN116894222A/en
Publication of CN116894222A publication Critical patent/CN116894222A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/2433Single-class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures

Abstract

The embodiment of the invention discloses an abnormal user identification method, an abnormal user identification device, an abnormal user identification system, a computing device and a storage medium. The method comprises the following steps: the method comprises the steps that a server side obtains a user risk level corresponding to a user side and determines a target algorithm of matching the calculation power level with the user risk level; the method comprises the steps of sending algorithm information of a target algorithm to a user side, and obtaining a user side execution result of the target algorithm after the target algorithm is executed in the user side; and receiving a user end execution result fed back by the user end, and judging whether the user corresponding to the user end is an abnormal user or not according to the user end execution result. According to the method and the device, the abnormal user can be automatically identified, the identification efficiency of the abnormal user is improved, the labor cost is saved, the influence of the abnormal user identification process on the normal user can be avoided through dynamically issuing a target algorithm with the calculation power level matched with the user risk level, and the abnormal behavior of the high-risk user can be interfered.

Description

Abnormal user identification method, device, system, computing equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of data processing, in particular to an abnormal user identification method, an abnormal user identification device, an abnormal user identification system, a computing device and a storage medium.
Background
With the continuous development of science and technology and society, the appearance of various internet services greatly enriches the actions and lives of people. In some internet services (such as game services, etc.), there are usually some abnormal users such as number brushing, illegal account transaction, etc., and the occurrence of such abnormal users can affect fairness of the internet services such as games, etc., and reduce service experience of normal users.
However, the prior art identifies these abnormal users by means of manual identification. The identification method has low identification efficiency and high labor cost.
Disclosure of Invention
In view of the technical problems of low recognition efficiency and/or high labor cost of the abnormal users in the prior art, embodiments of the present invention are provided to provide an abnormal user recognition method, apparatus, system, computing device and storage medium that overcome or at least partially solve the above problems.
According to a first aspect of an embodiment of the present invention, there is provided an abnormal user identification method, where the method is performed at a server, and the method includes:
acquiring a user risk level corresponding to a user terminal;
determining a target algorithm of which the computing power level is matched with the user risk level;
The algorithm information of the target algorithm is sent to the user side so that a user side execution result of the target algorithm can be obtained after the target algorithm is executed in the user side;
receiving the user side execution result fed back by the user side;
judging whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
In an alternative embodiment, before the sending the algorithm information of the target algorithm to the user side, the method further includes: encrypting the algorithm information of the target algorithm;
the sending the algorithm information of the target algorithm to the user terminal further includes: and sending the algorithm information of the target algorithm after the encryption processing to a user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest.
In an optional implementation manner, the determining, according to the execution result of the user side, whether the user corresponding to the user side is an abnormal user further includes:
executing the target algorithm to obtain a server-side execution result of the target algorithm;
comparing the execution result of the server with the execution result of the user, and if the execution result of the server is inconsistent with the execution result of the user, determining that the user corresponding to the user is an abnormal user.
In an alternative embodiment, the method further comprises: receiving the execution time length of the user side of the target algorithm fed back by the user side;
comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, and judging whether the user corresponding to the user side is an abnormal user or not according to the comparison result.
In an optional implementation manner, before the comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, the method further includes:
acquiring the terminal type of the user terminal;
and searching a standard duration range corresponding to the target algorithm matched with the terminal type.
According to a second aspect of an embodiment of the present invention, there is provided an abnormal user identification method, the method being performed at a user side, the method including:
sending a user verification request to a server;
receiving algorithm information of a target algorithm fed back by a server; the computing power level of the target algorithm is matched with the user risk level corresponding to the user side;
executing the target algorithm based on the algorithm information of the target algorithm, and obtaining a user end execution result of the target algorithm;
And sending the execution result of the user terminal to the server terminal so that the server terminal can judge whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest;
the executing the target algorithm based on the algorithm information of the target algorithm further includes: and calling an algorithm analyzer to analyze the algorithm abstract so as to obtain a target algorithm, and executing the target algorithm by utilizing the algorithm analyzer.
In an alternative embodiment, after the obtaining the user end execution result of the target algorithm, the method further includes: encrypting the execution result of the user side;
the sending the execution result of the user end to the server end further includes: and sending the encrypted user side execution result to the server side.
In an alternative embodiment, the method further comprises: recording the execution duration of the user side of the target algorithm, and sending the execution duration of the user side to a server side.
According to a third aspect of an embodiment of the present invention, there is provided an abnormal user identification apparatus, the apparatus being disposed at a server, the apparatus including:
The grade acquisition module is used for acquiring a user risk grade corresponding to the user side;
the algorithm determining module is used for determining a target algorithm of which the computing power level is matched with the user risk level;
the sending module is used for sending the algorithm information of the target algorithm to the user side so as to obtain a user side execution result of the target algorithm after the target algorithm is executed in the user side;
the receiving module is used for receiving the user side execution result fed back by the user side;
and the identification module is used for judging whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
In an alternative embodiment, the apparatus further comprises: the encryption module is used for carrying out encryption processing on the algorithm information of the target algorithm;
the sending module is used for: and sending the algorithm information of the target algorithm after the encryption processing to a user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest.
In an alternative embodiment, the identification module is configured to: executing the target algorithm to obtain a server-side execution result of the target algorithm;
comparing the execution result of the server with the execution result of the user, and if the execution result of the server is inconsistent with the execution result of the user, determining that the user corresponding to the user is an abnormal user.
In an alternative embodiment, the receiving module is configured to: receiving the execution time length of the user side of the target algorithm fed back by the user side;
the identification module is used for: comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, and judging whether the user corresponding to the user side is an abnormal user or not according to the comparison result.
In an alternative embodiment, the identification module is configured to: acquiring the terminal type of the user terminal;
and searching a standard duration range corresponding to the target algorithm matched with the terminal type.
According to a fourth aspect of an embodiment of the present invention, there is provided an abnormal user identification apparatus, the apparatus being disposed at a user side, the apparatus including:
the request sending module is used for sending a user verification request to the server;
the receiving module is used for receiving the algorithm information of the target algorithm fed back by the server side; the computing power level of the target algorithm is matched with the user risk level corresponding to the user side;
the execution module is used for executing the target algorithm based on the algorithm information of the target algorithm and obtaining a user side execution result of the target algorithm;
and the data sending module is used for sending the execution result of the user terminal to the server terminal so that the server terminal can judge whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest;
the execution module is used for: and calling an algorithm analyzer to analyze the algorithm abstract so as to obtain a target algorithm, and executing the target algorithm by utilizing the algorithm analyzer.
In an alternative embodiment, the apparatus further comprises: the encryption module is used for encrypting the execution result of the user side;
the data sending module is used for: and sending the encrypted user side execution result to the server side.
In an alternative embodiment, the apparatus further comprises: the recording module is used for recording the execution time of the user side of the target algorithm;
the data sending module is used for: and sending the execution duration of the user side to a server side.
According to a fourth aspect of an embodiment of the present invention, there is provided an abnormal user identification system including: the server side and the user side.
According to a fifth aspect of embodiments of the present invention, there is provided a computing device comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the abnormal user identification method.
According to a sixth aspect of the embodiments of the present invention, there is provided a computer storage medium having at least one executable instruction stored therein, the executable instruction causing a processor to perform operations corresponding to the above-described abnormal user identification method.
In the embodiment of the invention, the server dynamically issues the target algorithm with the computing power level matched with the user risk level according to the user risk level of the user side, so that a low-risk or risk-free user can execute a simple algorithm, the influence of an abnormal user identification process on a normal user is avoided, and the user experience is improved; for high-risk users, complex algorithms can be executed to interfere with abnormal behaviors of the high-risk users, so that safety protection of target services is realized; in addition, the embodiment of the invention is a dynamic issuing algorithm, the algorithms executed by the user terminals with different user risk levels are different, the obtained user terminal execution results are also different, the abnormal user can be effectively identified by judging the user terminal execution results, the identification efficiency of the abnormal user is improved, the labor cost is saved, the cracking difficulty of the abnormal user to the identification method is also increased, and the stability of the abnormal user identification method is improved.
According to the embodiment of the invention, the server side encrypts the algorithm information of the target algorithm and/or the user side encrypts the execution result of the user side, so that the target algorithm and the execution result of the user side are prevented from being stolen and tampered, the safety of the abnormal user identification process is ensured, and the abnormal user identification precision is improved.
In the embodiment of the invention, the server can send the algorithm abstract of the target algorithm to the user terminal, so that on one hand, transmission resources can be saved, and on the other hand, interception of the whole content of the target algorithm can be avoided.
The embodiment of the invention can also identify the abnormal user according to the execution time length of the user end of the target algorithm, thereby improving the identification precision of the abnormal user.
In the process of identifying the user based on the execution duration of the user terminal, the embodiment of the invention can obtain the standard duration range matched with the terminal type of the user terminal, improve the rationality of the standard duration range and improve the accuracy of identifying the abnormal user.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present invention can be more clearly understood, and the following specific implementation of the embodiments of the present invention will be more apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a schematic flow chart of an abnormal user identification method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of another abnormal user identification method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another abnormal user identification method according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating an execution process of an abnormal user identification method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an abnormal user identification device according to an embodiment of the present invention;
FIG. 6 is a schematic diagram illustrating a structure of another abnormal user identification apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an abnormal user identification system according to an embodiment of the present invention;
FIG. 8 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that embodiments of the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the embodiments to those skilled in the art.
Fig. 1 shows a flow chart of an abnormal user identification method according to an embodiment of the present invention.
The abnormal user identification method provided in the embodiment may be executed by a preset abnormal user identification system.
Specifically, as shown in fig. 1, the method includes the steps of:
in step S110, the user end sends a user verification request to the server end.
The abnormal user identification system comprises at least one user terminal and at least one service terminal. The client comprises a client, an applet, a quick application and the like of a target service, wherein the target service can be a game service, namely the embodiment of the invention is used for identifying abnormal users in the target service.
In the implementation process, the user side can send a user verification request to the server side when loading the client side of the target service, so that the server side can conveniently determine whether the user corresponding to the user side is an abnormal user or not.
Step S120, the server acquires a user risk level corresponding to the user terminal.
And pre-establishing a mapping relation between the user and the user risk level. Specifically, a corresponding user risk level can be allocated to the user according to the historical behavior data and/or user portrait data of the user, and a mapping relationship between the user and the corresponding user risk level is established. For example, if a user frequently swipes a number in the same device a plurality of times, a label of a high risk level is assigned to the user. The specific determination mode of the user risk level is not limited in the embodiment of the invention.
The server receives a user verification request sent by the user terminal, and analyzes user information corresponding to the user terminal, such as a user identifier and the like, from the user verification request. By searching the pre-established mapping relation between the user and the user risk level, the user risk level corresponding to the current user side can be rapidly and accurately obtained.
In step S130, the server determines a target algorithm with a computing power level matching the user risk level.
The server is pre-configured with candidate algorithms of different calculation power levels, that is, the server is configured with a plurality of candidate algorithms, each candidate algorithm corresponds to one calculation power level, and one calculation power level can correspond to one or a plurality of candidate algorithms. The calculation forces required by candidate algorithms of the same calculation force level are the same or close, and the calculation force ranges corresponding to different calculation force levels are different. The higher the computational power level, the more complex the corresponding candidate algorithm, the higher the computational power required, the higher the CPU computational power required to execute the candidate algorithm corresponding to the computational power level, or the longer the time required to execute the candidate algorithm under the same computational power; the lower the computational power level, the simpler the corresponding candidate algorithm, the lower the computational power required, the lower the CPU computational power required to execute the candidate algorithm corresponding to the computational power level, or the shorter the time required to execute the candidate algorithm at equivalent computational power. For example, ten levels L1-L10 may be set, each level corresponding to 20-80 different candidate algorithms. Different candidate algorithms with the same level have the same or close difficulties, the required CPU cost is the same or close, and the higher the level is, the larger the calculated amount of the corresponding candidate algorithm is, and the larger the CPU cost is.
The mapping relation between the computing power level and the user risk level is established in advance, and after the risk level corresponding to the user side is determined, the computing power level matched with the user risk level corresponding to the current user side can be rapidly and accurately determined by searching the mapping relation.
And further screening candidate algorithms belonging to the matched computational power level from the candidate algorithms, and selecting one or more algorithms from the screened candidate algorithms as target algorithms. I.e. the calculation power level of the target algorithm is matched with the corresponding user risk level of the user side. Optionally, in order to further improve the cracking difficulty of the target algorithm, after determining the computing power level matched with the user risk level corresponding to the current user end, if the computing power level corresponds to a plurality of candidate algorithms, searching the algorithm issued by the history to the user end, and selecting the algorithm different from the history issued from the plurality of candidate algorithms as the target algorithm. For example, if the history issues the L1-level No. 1 and the L2-level algorithms to the current user terminal, and if it is determined that the computing power level matched with the user risk level corresponding to the current user terminal is L1, the current issued target algorithm is different from the L1-level No. 1 and the L2-level No. 1, for example, the L1-level No. 3 algorithm may be issued.
In step S140, the server sends the algorithm information of the target algorithm to the client.
The server side sends the algorithm information of the target algorithm to the user side through communication connection with the user side. The algorithm information of the target algorithm may include: algorithm digests, algorithm identifications, and/or algorithm content. The algorithm abstract is brief information of an algorithm, such as an adopted algorithm identifier, parameters in the algorithm and the like; the algorithm identification is an ID or name of the algorithm, etc.; algorithm content is specific content information of an algorithm. If the algorithm abstract of the target algorithm is sent to the user side, on one hand, the data transmission resources between the server side and the user side can be saved, and on the other hand, the risk that the target algorithm is intercepted by all malicious agents can be reduced, and the safe proceeding of the identification process is ensured; if the algorithm content is sent to the user terminal, the user terminal can be enabled to be free from loading a corresponding algorithm analyzer, and therefore resources of the user terminal are saved.
In an optional implementation manner, the server side can encrypt the algorithm information of the target algorithm and send the algorithm information of the target algorithm after the encryption to the user side, so that the risk that the target algorithm is intercepted maliciously can be reduced, and the safety of an abnormal user identification process is ensured. The specific encryption processing manner is not limited in this embodiment, for example, an asymmetric encryption algorithm may be used to encrypt, for example, the server performs public key encryption, and the client stores the private key to decrypt; alternatively, the encryption process may be performed using a symmetric encryption algorithm, and so on.
Step S150, the user side executes the target algorithm according to the algorithm information of the target algorithm, and obtains the user side execution result of the target algorithm.
If the server side sends the algorithm content of the target algorithm, the user side executes the target algorithm to obtain an execution result of the user side; if the service side sends the algorithm identification or the algorithm abstract of the target algorithm, the user side is loaded with a corresponding algorithm analyzer, and the algorithm analyzer can obtain the complete target algorithm according to the algorithm identification or the algorithm abstract and execute the target algorithm. The result obtained by the user end after executing the target algorithm is the execution result of the user end.
For example, if the algorithm abstract of the target algorithm is "rule_a=" [ L ] [1] [2|3] ", the algorithm analyzer in the user side can determine that the target algorithm is the algorithm 1 with the level L1, various algorithms are built in the algorithm analyzer, and parameters in the target algorithm are 2 and 3, the parameters 2 and 3 are substituted into the algorithm 1 with the level L1 for execution, so as to obtain the execution result of the user side. If the algorithm abstract of the target algorithm is "rule_b=" [ L ] [10] [1024|2|256] + [ L ] [2] [583|4|7|9] ", the target algorithm can be determined by the analysis of the algorithm analyzer in the user side by overlapping the number 2 algorithm of the level L2 with the number 1 algorithm of the level L10, and when the target algorithm is executed, specifically, the parameters 1024, 2 and 256 are substituted into the number 1 algorithm of the level L10, and the parameters 583, 4, 7 and 9 are substituted into the number 2 algorithm of the level L2, and the execution result of the user side is obtained after the operation. Furthermore, in an alternative embodiment, parameters in the target algorithm may be dynamically generated in order to increase the difficulty of cracking the algorithm.
In an alternative embodiment, if the server sends the algorithm information of the target algorithm after the encryption processing, the algorithm information of the target algorithm is restored after the decryption processing, and then the target algorithm is executed again.
In step S160, the ue sends the ue execution result to the server.
In an alternative embodiment, after the client obtains the client execution result of the target algorithm, the client execution result may be further encrypted, where the specific encryption algorithm is not limited in this embodiment. The user end further sends the encrypted user end execution result to the server end, so that the subsequent server end can obtain the user end execution result after decrypting by adopting a corresponding decryption algorithm, the difficulty in tamper-proofing of the user end execution result is ensured, and malicious interception of the user end execution result is avoided.
Step S170, the server judges whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
Specifically, the server executes the target algorithm to obtain a server execution result of the target algorithm, compares the server execution result corresponding to the target algorithm with a user execution result, and determines that a user corresponding to the user is an abnormal user if the server execution result is inconsistent with the user execution result.
In an optional implementation manner, in order to ensure normal operation of other services, in an idle state (for example, the CPU utilization rate is lower than a preset threshold, or a preset idle period, etc.), the server determines whether a user corresponding to the user terminal is an abnormal user according to an execution result of the user terminal. For example, the user side which initiates the user verification request on the previous day can be uniformly identified for the abnormal user in the early morning period of each day, so that the delay or abnormality of the normal online service caused by the identification of the abnormal user is avoided.
In an alternative embodiment, because in the prior art, abnormal behavior of multiple users in the same device for number brushing is simulated, the execution of the target algorithm consumes device calculation power, so that when the number of users simulated by the device is large, the execution time of the target algorithm corresponding to some users is too long. Particularly, when the user is marked as a high-risk-level user, the target algorithm is complex, and the device consumes more computing power to execute the target algorithm, so that the execution time of the target algorithm corresponding to other users in the device is too long. In view of this, the target ue in this embodiment further records the ue execution duration of the target algorithm, where the ue execution duration is the execution duration of the target algorithm at the ue. And the user end sends the user end execution time length of the target algorithm to the server end. The server compares the execution time length of the user end with the standard time length range corresponding to the target algorithm, and judges whether the user corresponding to the user end is an abnormal user or not according to the comparison result. Specifically, the standard duration range corresponding to the target algorithm is the time consumption of executing the target algorithm in the normal user side under the normal condition. If the execution time of the user terminal exceeds the standard time range corresponding to the target algorithm, the current user terminal is indicated to execute the target algorithm beyond the normal range, and the user corresponding to the user terminal is determined to be an abnormal user. The embodiment can be used as an auxiliary recognition mode for judging whether the user corresponding to the user terminal is an abnormal user according to the execution result of the user terminal, for example, if the user corresponding to the user terminal is judged not to be the abnormal user according to the execution result of the user terminal, whether the user is the abnormal user is further determined according to the execution duration of the user terminal in the embodiment.
Further optionally, the execution time periods when different terminal types execute different candidate algorithms are obtained in advance, so that the execution time periods under different terminal type-candidate algorithm combinations are obtained, wherein each combination corresponds to one terminal type and one candidate algorithm. For any one of the terminal type-candidate algorithm combinations, the execution duration belonging to the combination is obtained, for example, the combination of Hua is mate3-L1_1, which corresponds to the terminal type Hua is mate3 and the candidate algorithm L1_1, the execution duration T1 of the candidate algorithm L1_1 executed at the terminal 1 (Hua is mate 3-L1_1) is recorded, the execution duration T2 of the candidate algorithm L1_1 executed at the terminal 2 (Hua is mate 3-L1_1) is recorded, and the T1 and T2 are the execution durations of the combination of Hua is mate 3-L1_1. And further obtaining a duration range corresponding to the combination according to the minimum value and the maximum value in the execution duration belonging to the combination.
Further, before comparing the execution duration of the user terminal with the standard duration range corresponding to the target algorithm, the terminal type of the user terminal is obtained, and the standard duration range corresponding to the target algorithm matched with the terminal type is searched. Specifically, a terminal type-candidate algorithm combination matched with the terminal type of the user terminal and the target algorithm is searched, and a time length range corresponding to the combination is used as a standard time length range corresponding to the target algorithm matched with the terminal type, so that the rationality of the standard time length range is improved, and the identification precision of identifying abnormal users based on the execution time length of the user terminal is improved.
Further optionally, in order to reduce the misjudgment rate of the abnormal user, in this embodiment, the user side may further report its own network state data to the server side, and after determining that the user corresponding to the user side is abnormal based on the execution duration of the user side, the server side further obtains the network state data to determine whether the user side has a network abnormality currently. If the fact that the network abnormality does not exist at the user end currently is determined, the user corresponding to the user end is determined to be a real abnormal user; if the fact that the user terminal has network abnormality currently is determined, the fact that the timeout of the execution duration of the user terminal is possibly caused by network abnormality factors is indicated, and the fact that the user corresponding to the user terminal is not an abnormal user is determined.
In an alternative embodiment, after determining that the user corresponding to the user terminal is an abnormal user, the user risk level of the user corresponding to the user terminal is adjusted. For example, if the user risk level corresponding to the original user side is a medium risk, after determining that the user corresponding to the user side is an abnormal user according to the embodiment, the user risk level of the user is adjusted to be high risk. Further optionally, if the user corresponding to the user terminal is identified as an abnormal user N times under the current user risk level, the user risk level of the user corresponding to the user terminal is adjusted, so that frequent modification of the user risk level is avoided, and the overall stability of the implementation method is ensured.
In an alternative embodiment, if the risk level of the user corresponding to the original user terminal exceeds the preset level, and it is determined by the execution result of the user terminal and/or the execution duration of the user terminal that the user corresponding to the user terminal is not an abnormal user, the number of misjudgment times of the user corresponding to the user terminal is updated, that is, the number of misjudgment times is accumulated by 1. And when the misjudgment times of a certain user are larger than the preset times, changing the user risk level of the user. For example, if it is determined that the risk level of the user U1 is a high risk level (exceeds a preset level) according to the user historical behavior data, the user U1 initiates a user verification request after opening the game application for a certain time, and if the server determines that the user is not an abnormal user according to the execution result of the user side and/or the execution duration of the user side, the parameter WP is increased by 1. When the WP of the user U1 reaches three times, it indicates that the current user risk level of the user is not adapted to the actual situation, and the user risk level of the user can be properly reduced.
In an optional implementation manner, if the user end execution result data fed back by the user end is received within a preset time period, the user end processing timeout is indicated, and the user corresponding to the user end can be determined to be an abnormal user.
In an alternative embodiment, when the ue sends the ue execution result and/or the ue execution duration to the server, the ue may splice the ue identifier and/or the application signature of the ue with the ue execution result and/or the ue execution duration, so as to generate a token, and send the token to the server. Further optionally, a corresponding interference item may be further added to the token, for example, the cumulative number of requests from the user side to the server side may be added, so that on one hand, the difficulty in obtaining the user execution result and/or the user execution duration in the token by a malicious cracker may be increased, on the other hand, the server side may compare the cumulative number of requests from the user side recorded by the server side with the cumulative number of requests in the token, if not, it indicates that the token is tampered, or the token is generated by an abnormal user such as a brush number, so that whether the corresponding user of the user side is an abnormal user may be judged without using the user execution result and/or the user execution duration in the token, that is, recognition by using dirty data is avoided, recognition accuracy of the abnormal user is improved, and resource waste is avoided.
Therefore, in the abnormal user identification method provided by the embodiment of the invention, the server dynamically issues the target algorithm with the computing power level matched with the user risk level according to the user risk level of the user side, so that a low-risk or risk-free user can execute a simple algorithm, the influence of the abnormal user identification process on the normal user is avoided, and the user experience is improved; for high-risk users, complex algorithms can be executed to interfere with abnormal behaviors of the high-risk users, so that safety protection of target services is realized; in addition, the embodiment of the invention is a dynamic issuing algorithm, the algorithms executed by the user terminals with different user risk levels are different, the obtained user terminal execution results are also different, the abnormal user can be effectively identified by judging the user terminal execution results, the identification efficiency of the abnormal user is improved, the labor cost is saved, the difficulty of cracking the identification method by the abnormal user can be increased, and the stability of the identification method of the abnormal user is improved.
Fig. 2 is a schematic flow chart of another abnormal user identification method according to an embodiment of the present invention.
The abnormal user identification method provided in the embodiment may be executed at the server.
Specifically, as shown in fig. 2, the method includes the steps of:
step S210, obtaining a user risk level corresponding to the user terminal.
Step S220, determining a target algorithm with the computing power level matched with the user risk level.
Step S230, the algorithm information of the target algorithm is sent to the user side, so that the user side execution result of the target algorithm is obtained after the target algorithm is executed in the user side.
Step S240, receiving a user end execution result fed back by the user end.
Step S250, judging whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
In an alternative embodiment, before the sending the algorithm information of the target algorithm to the user side, the method further includes: encrypting the algorithm information of the target algorithm;
the sending the algorithm information of the target algorithm to the user terminal further includes: and sending the algorithm information of the target algorithm after the encryption processing to a user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest.
In an optional implementation manner, the determining, according to the execution result of the user side, whether the user corresponding to the user side is an abnormal user further includes:
executing the target algorithm to obtain a server-side execution result of the target algorithm;
comparing the execution result of the server with the execution result of the user, and if the execution result of the server is inconsistent with the execution result of the user, determining that the user corresponding to the user is an abnormal user.
In an alternative embodiment, the method further comprises: receiving the execution time length of the user side of the target algorithm fed back by the user side;
comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, and judging whether the user corresponding to the user side is an abnormal user or not according to the comparison result.
In an optional implementation manner, before the comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, the method further includes:
acquiring the terminal type of the user terminal;
and searching a standard duration range corresponding to the target algorithm matched with the terminal type.
Therefore, in the abnormal user identification method provided by the embodiment of the invention, the server dynamically issues the target algorithm with the computing power level matched with the user risk level according to the user risk level of the user side, so that a low-risk or risk-free user can execute a simple algorithm, the influence of the abnormal user identification process on the normal user is avoided, and the user experience is improved; for high-risk users, complex algorithms can be executed to interfere with abnormal behaviors of the high-risk users, so that safety protection of target services is realized; in addition, the embodiment of the invention is a dynamic issuing algorithm, the algorithms executed by the user terminals with different user risk levels are different, the obtained user terminal execution results are also different, the abnormal user can be effectively identified by judging the user terminal execution results, the identification efficiency of the abnormal user is improved, the labor cost is saved, the cracking difficulty of the abnormal user to the identification method is also increased, and the stability of the abnormal user identification method is improved.
Fig. 3 is a schematic flow chart of another abnormal user identification method according to an embodiment of the present invention.
The abnormal user identification method provided in the embodiment may be executed at the user side.
Specifically, as shown in fig. 3, the method includes the steps of:
step S310, a user verification request is sent to a server.
Step S320, receiving algorithm information of a target algorithm fed back by a server side; the computing power level of the target algorithm is matched with the user risk level corresponding to the user side.
Step S330, executing the target algorithm based on the algorithm information of the target algorithm, and obtaining the user end execution result of the target algorithm.
Step S340, the execution result of the user terminal is sent to the server terminal, so that the server terminal can judge whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest;
the executing the target algorithm based on the algorithm information of the target algorithm further includes: and calling an algorithm analyzer to analyze the algorithm abstract so as to obtain a target algorithm, and executing the target algorithm by utilizing the algorithm analyzer.
In an alternative embodiment, after the obtaining the user end execution result of the target algorithm, the method further includes: encrypting the execution result of the user side;
the sending the execution result of the user end to the server end further includes: and sending the encrypted user side execution result to the server side.
In an alternative embodiment, the method further comprises: recording the execution duration of the user side of the target algorithm, and sending the execution duration of the user side to a server side.
Therefore, in the abnormal user identification method provided by the embodiment of the invention, a low-risk or no-risk user can execute a simple algorithm, so that the influence of the abnormal user identification process on a normal user is avoided, and the user experience is improved; for high-risk users, complex algorithms can be executed to interfere with abnormal behaviors of the high-risk users, so that safety protection of target services is realized; the algorithm executed by the user end of different user risk grades is different, the obtained user end execution result is also different, the abnormal user can be effectively identified through judging the user end execution result, the identification efficiency of the abnormal user is improved, the labor cost is saved, the cracking difficulty of the abnormal user to the identification method can be increased, and the stability of the abnormal user identification method is improved.
Fig. 4 is a schematic diagram illustrating an execution process of an abnormal user identification method according to an embodiment of the present invention.
As shown in fig. 4, the server encrypts a rule, which is specifically a target algorithm matching the risk level of the user. The server dynamically transmits the encryption rule to the client through the API. The client inputs the rule into an algorithm analyzer, the algorithm analyzer analyzes the rule, obtains the execution result of the user, encrypts the data (encrypts the execution result of the user), and outputs the token.
The client requests a password (token) to be reported through the interface. The server adopts an offline computing mode of T+1, and analyzes and verifies in the idle window period of the server, namely, the token of the previous day is uniformly verified when the server is idle every day. And finally, matching is carried out according to the token reported by the client and the server execution result obtained by the server calculation, and the like, so as to obtain a matching result. The matching result further enters a risk intervention link, namely, for the token which is not matched in the matching result, the corresponding client user is determined to be an abnormal user, and corresponding risk evaluation processing is carried out on the user in the risk intervention link.
Fig. 5 shows a schematic structural diagram of an abnormal user identification device according to an embodiment of the present invention.
The abnormal user identification device in the embodiment is arranged at the server. As shown in fig. 5, the apparatus 500 includes: a rank acquisition module 510, an algorithm determination module 520, a transmission module 530, a reception module 540, and an identification module 550.
The level obtaining module 510 is configured to obtain a user risk level corresponding to a user terminal;
an algorithm determining module 520, configured to determine a target algorithm with a computing power level matching the user risk level;
A sending module 530, configured to send algorithm information of the target algorithm to the user side, so that a user side execution result of the target algorithm is obtained after the target algorithm is executed in the user side;
a receiving module 540, configured to receive the user side execution result fed back by the user side;
and the identification module 550 is configured to determine whether the user corresponding to the user terminal is an abnormal user according to the execution result of the user terminal.
In an alternative embodiment, the apparatus further comprises: an encryption module (not shown in the figure) for encrypting the algorithm information of the target algorithm;
the sending module 530 is configured to: and sending the algorithm information of the target algorithm after the encryption processing to a user terminal.
In an alternative embodiment, the algorithm information includes an algorithm digest.
In an alternative embodiment, the identification module 550 is configured to: executing the target algorithm to obtain a server-side execution result of the target algorithm;
comparing the execution result of the server with the execution result of the user, and if the execution result of the server is inconsistent with the execution result of the user, determining that the user corresponding to the user is an abnormal user.
In an alternative embodiment, the receiving module 540 is configured to: receiving the execution time length of the user side of the target algorithm fed back by the user side;
the identification module 550 is configured to: comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, and judging whether the user corresponding to the user side is an abnormal user or not according to the comparison result.
In an alternative embodiment, the identification module 550 is configured to: acquiring the terminal type of the user terminal; and searching a standard duration range corresponding to the target algorithm matched with the terminal type.
Therefore, in the abnormal user identification device provided by the embodiment of the invention, the server dynamically issues the target algorithm with the computing power level matched with the user risk level according to the user risk level of the user side, so that a low-risk or risk-free user can execute a simple algorithm, the influence of the abnormal user identification process on the normal user is avoided, and the user experience is improved; for high-risk users, complex algorithms can be executed to interfere with abnormal behaviors of the high-risk users, so that safety protection of target services is realized; in addition, the embodiment of the invention is a dynamic issuing algorithm, the algorithms executed by the user terminals with different user risk levels are different, the obtained user terminal execution results are also different, the abnormal user can be effectively identified by judging the user terminal execution results, the identification efficiency of the abnormal user is improved, the labor cost is saved, the difficulty of cracking the identification method by the abnormal user can be increased, and the stability of the identification method of the abnormal user is improved.
Fig. 6 is a schematic structural diagram of another abnormal user identification apparatus according to an embodiment of the present invention.
The abnormal user identification device in this embodiment is disposed at the user terminal. As shown in fig. 6, the apparatus 600 includes: a request sending module 610, a receiving module 620, an executing module 630, and a data sending module 640.
A request sending module 610, configured to send a user verification request to a server;
the receiving module 620 is configured to receive algorithm information of a target algorithm fed back by the server; the computing power level of the target algorithm is matched with the user risk level corresponding to the user side;
an execution module 630, configured to execute the target algorithm based on algorithm information of the target algorithm, and obtain a user end execution result of the target algorithm;
and the data sending module 640 is configured to send the execution result of the user side to the server side, so that the server side determines whether the user corresponding to the user side is an abnormal user according to the execution result of the user side.
In an alternative embodiment, the algorithm information includes an algorithm digest;
the execution module 630 is configured to: and calling an algorithm analyzer to analyze the algorithm abstract so as to obtain a target algorithm, and executing the target algorithm by utilizing the algorithm analyzer.
In an alternative embodiment, the apparatus further comprises: an encryption module (not shown in the figure) for encrypting the execution result of the user terminal;
the data transmitting module 640 is configured to: and sending the encrypted user side execution result to the server side.
In an alternative embodiment, the apparatus further comprises: a recording module (not shown in the figure) for recording the execution duration of the user side of the target algorithm;
the data transmitting module 640 is configured to: and sending the execution duration of the user side to a server side.
Therefore, in the abnormal user identification device provided by the embodiment of the invention, a low-risk or no-risk user can execute a simple algorithm, so that the influence of the abnormal user identification process on a normal user is avoided, and the user experience is improved; for high-risk users, complex algorithms can be executed to interfere with abnormal behaviors of the high-risk users, so that safety protection of target services is realized; the algorithm executed by the user end of different user risk grades is different, the obtained user end execution result is also different, the abnormal user can be effectively identified through judging the user end execution result, the identification efficiency of the abnormal user is improved, the labor cost is saved, the cracking difficulty of the abnormal user to the identification method can be increased, and the stability of the abnormal user identification method is improved.
Fig. 7 is a schematic structural diagram of an abnormal user identification system according to an embodiment of the present invention. As shown in fig. 7, the system 700 includes: a server 710 and a client 720. The server 710 includes the abnormal user identification apparatus 500 shown in fig. 5, and the user 720 includes the abnormal user identification apparatus 600 shown in fig. 6.
FIG. 8 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention. Embodiments of the invention are not limited to a particular implementation of a computing device.
As shown in fig. 8, the computing device may include: a processor (processor) 802, a communication interface (Communications Interface) 804, a memory (memory) 806, and a communication bus 808.
Wherein: processor 802, communication interface 804, and memory 806 communicate with each other via a communication bus 808. A communication interface 804 for communicating with network elements of other devices, such as clients or other servers. The processor 802 is configured to execute the program 810, and may specifically perform the relevant steps in the above-described embodiment of the method for identifying an abnormal user.
In particular, program 810 may include program code including computer operating instructions.
The processor 802 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the computing device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 806 for storing a program 810. The memory 806 may include high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory. Program 810 may be specifically operative to cause processor 802 to perform the methods of any of the method embodiments described above.
An embodiment of the present invention provides a non-volatile computer storage medium storing at least one executable instruction that is capable of executing the abnormal user identification method in any of the above method embodiments.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of embodiments of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the embodiments of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., an embodiment of the invention that is claimed, requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of embodiments of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). Embodiments of the present invention may also be implemented as a device or apparatus program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the embodiments of the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. Embodiments of the invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

Claims (15)

1. An abnormal user identification method, wherein the method is executed at a server, and the method comprises the following steps:
Acquiring a user risk level corresponding to a user terminal;
determining a target algorithm of which the computing power level is matched with the user risk level;
the algorithm information of the target algorithm is sent to the user side so that a user side execution result of the target algorithm can be obtained after the target algorithm is executed in the user side;
receiving the user side execution result fed back by the user side;
judging whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
2. The method of claim 1, wherein prior to said sending the algorithm information of the target algorithm to the user side, the method further comprises: encrypting the algorithm information of the target algorithm;
the sending the algorithm information of the target algorithm to the user terminal further includes: and sending the algorithm information of the target algorithm after the encryption processing to a user terminal.
3. The method according to claim 1 or 2, wherein the algorithm information comprises an algorithm digest.
4. The method according to any one of claims 1-3, wherein the determining, according to the result of the execution of the user terminal, whether the user corresponding to the user terminal is an abnormal user further includes:
Executing the target algorithm to obtain a server-side execution result of the target algorithm;
comparing the execution result of the server with the execution result of the user, and if the execution result of the server is inconsistent with the execution result of the user, determining that the user corresponding to the user is an abnormal user.
5. The method according to any one of claims 1-4, further comprising: receiving the execution time length of the user side of the target algorithm fed back by the user side;
comparing the execution duration of the user side with the standard duration range corresponding to the target algorithm, and judging whether the user corresponding to the user side is an abnormal user or not according to the comparison result.
6. The method of claim 5, wherein before comparing the client execution duration with the standard duration range corresponding to the target algorithm, the method further comprises:
acquiring the terminal type of the user terminal;
and searching a standard duration range corresponding to the target algorithm matched with the terminal type.
7. An abnormal user identification method, wherein the method is executed at a user terminal, and the method comprises the following steps:
Sending a user verification request to a server;
receiving algorithm information of a target algorithm fed back by a server; the computing power level of the target algorithm is matched with the user risk level corresponding to the user side;
executing the target algorithm based on the algorithm information of the target algorithm, and obtaining a user end execution result of the target algorithm;
and sending the execution result of the user terminal to the server terminal so that the server terminal can judge whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
8. The method of claim 7, wherein the algorithm information comprises an algorithm digest;
the executing the target algorithm based on the algorithm information of the target algorithm further includes: and calling an algorithm analyzer to analyze the algorithm abstract so as to obtain a target algorithm, and executing the target algorithm by utilizing the algorithm analyzer.
9. The method according to claim 7 or 8, wherein after the obtaining the user side execution result of the target algorithm, the method further comprises: encrypting the execution result of the user side;
the sending the execution result of the user end to the server end further includes: and sending the encrypted user side execution result to the server side.
10. The method according to any one of claims 7-9, further comprising: recording the execution duration of the user side of the target algorithm, and sending the execution duration of the user side to a server side.
11. An abnormal user identification device, wherein the device is disposed at a server, the device comprising:
the grade acquisition module is used for acquiring a user risk grade corresponding to the user side;
the algorithm determining module is used for determining a target algorithm of which the computing power level is matched with the user risk level;
the sending module is used for sending the algorithm information of the target algorithm to the user side so as to obtain a user side execution result of the target algorithm after the target algorithm is executed in the user side;
the receiving module is used for receiving the user side execution result fed back by the user side;
and the identification module is used for judging whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
12. An abnormal user identification device, wherein the device is disposed at a user terminal, the device comprising:
the request sending module is used for sending a user verification request to the server;
The receiving module is used for receiving the algorithm information of the target algorithm fed back by the server side; the computing power level of the target algorithm is matched with the user risk level corresponding to the user side;
the execution module is used for executing the target algorithm based on the algorithm information of the target algorithm and obtaining a user side execution result of the target algorithm;
and the data sending module is used for sending the execution result of the user terminal to the server terminal so that the server terminal can judge whether the user corresponding to the user terminal is an abnormal user or not according to the execution result of the user terminal.
13. An abnormal user identification system, comprising:
a server comprising the abnormal user identification apparatus as claimed in claim 11, and a client comprising the abnormal user identification apparatus as claimed in claim 12.
14. A computing device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the abnormal user identification method according to any one of claims 1 to 10.
15. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the abnormal user identification method of any one of claims 1-10.
CN202310892125.9A 2023-07-19 2023-07-19 Abnormal user identification method, device, system, computing equipment and storage medium Pending CN116894222A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310892125.9A CN116894222A (en) 2023-07-19 2023-07-19 Abnormal user identification method, device, system, computing equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310892125.9A CN116894222A (en) 2023-07-19 2023-07-19 Abnormal user identification method, device, system, computing equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116894222A true CN116894222A (en) 2023-10-17

Family

ID=88309716

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310892125.9A Pending CN116894222A (en) 2023-07-19 2023-07-19 Abnormal user identification method, device, system, computing equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116894222A (en)

Similar Documents

Publication Publication Date Title
US9497210B2 (en) Stateless attestation system
CN109522726A (en) Method for authenticating, server and the computer readable storage medium of small routine
US10958657B2 (en) Utilizing transport layer security (TLS) fingerprints to determine agents and operating systems
CN108521405B (en) Risk control method and device and storage medium
CN110276198B (en) Embedded variable granularity control flow verification method and system based on probability prediction
EP3852327A1 (en) Exception access behavior identification method and server
CN109547426B (en) Service response method and server
US10560364B1 (en) Detecting network anomalies using node scoring
CN107666470B (en) Verification information processing method and device
CN116938590B (en) Cloud security management method and system based on virtualization technology
CN109145651B (en) Data processing method and device
CN111431908B (en) Access processing method and device, management server and readable storage medium
CN108234441B (en) Method, apparatus, electronic device and storage medium for determining forged access request
CN109885790B (en) Method and device for acquiring satisfaction evaluation data
CN115147956A (en) Data processing method and device, electronic equipment and storage medium
CN108092777B (en) Method and device for supervising digital certificate
CN108282551B (en) Message identification processing method and device, monitoring equipment and readable storage medium
CN109446053A (en) Test method, computer readable storage medium and the terminal of application program
US20060120292A1 (en) Method and apparatus for adaptive monitoring and management of distributed systems
CN109788349B (en) Method and related device for detecting computing capability
CN111200591A (en) Multiple man-machine verification method, device, equipment and storage medium
CN116894222A (en) Abnormal user identification method, device, system, computing equipment and storage medium
CN114257451A (en) Verification interface replacing method and device, storage medium and computer equipment
CN114428955A (en) Method and system for judging abnormal risk based on operation information and electronic equipment
CN111786938B (en) Method, system and electronic equipment for preventing malicious resource acquisition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination