CN117131488A - Early warning method and device for face recognition attack, computer equipment and storage medium - Google Patents

Early warning method and device for face recognition attack, computer equipment and storage medium Download PDF

Info

Publication number
CN117131488A
CN117131488A CN202311093246.3A CN202311093246A CN117131488A CN 117131488 A CN117131488 A CN 117131488A CN 202311093246 A CN202311093246 A CN 202311093246A CN 117131488 A CN117131488 A CN 117131488A
Authority
CN
China
Prior art keywords
account
risk
equipment
risk degree
face recognition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311093246.3A
Other languages
Chinese (zh)
Inventor
李雅娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202311093246.3A priority Critical patent/CN117131488A/en
Publication of CN117131488A publication Critical patent/CN117131488A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The application relates to the technical field of artificial intelligence, in particular to a face recognition attack early warning method, a face recognition attack early warning device, computer equipment, a storage medium and a computer program product. The method comprises the following steps: responding to a face recognition image sent by an equipment account, and acquiring account identity information corresponding to the equipment account and equipment identity information; obtaining a corresponding equipment risk degree according to equipment identity information query, wherein the equipment risk degree is generated in advance based on equipment risk behaviors related to the equipment identity information; obtaining corresponding account risk degree and business risk degree according to the account identity information query, wherein the account risk degree is generated by historical login equipment associated with the account identity information in advance, and the business risk degree is generated by business operation behaviors associated with the account identity information in advance; and generating an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree. By adopting the method, the early warning timeliness of face recognition attack can be improved.

Description

Early warning method and device for face recognition attack, computer equipment and storage medium
Technical Field
The application relates to the technical field of artificial intelligence, in particular to a face recognition attack early warning method, a face recognition attack early warning device, computer equipment, a storage medium and a computer program product.
Background
Face recognition is a biological recognition technology for carrying out identity recognition based on facial feature information of people. The method is generally realized by a series of technical means such as a camera or a camera for collecting images or video streams containing human faces, automatically detecting and tracking the human faces in the images, and further carrying out face recognition on the detected human faces. But currently, there are attack behaviors that lawbreakers attack face recognition by adopting various means, and illegally impersonate the identity of users to achieve the purposes of stealing property and the like.
In the conventional technology, a plurality of historical face recognition records within a preset time are generally used as a basis, behavior characteristics of corresponding equipment information or user information are analyzed and recorded by each historical face recognition record, equipment or users suspected to have attack behaviors are marked, and therefore early warning of face recognition attack initiated by the same equipment or the same user is achieved. However, when the early warning means in the traditional technology is adopted, certain early warning hysteresis exists.
Disclosure of Invention
Based on the foregoing, it is necessary to provide a method, an apparatus, a computer device, a computer readable storage medium and a computer program product for early warning of face recognition attack with high timeliness.
In a first aspect, the present application provides a method for early warning of face recognition attacks. The method comprises the following steps:
responding to a face recognition image sent by an equipment account, and acquiring account identity information and equipment identity information corresponding to the equipment account;
obtaining a corresponding equipment risk degree according to the equipment identity information query, wherein the equipment risk degree is generated in advance based on equipment risk behaviors related to the equipment identity information;
inquiring according to the account identity information to obtain a corresponding account risk degree and a business risk degree, wherein the account risk degree is generated in advance based on historical login equipment associated with the account identity information, and the business risk degree is generated in advance based on business operation behaviors related to the account identity information;
and generating an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree.
In one embodiment, the generating, according to the device risk degree, the account risk degree, and the service risk degree, an early warning result corresponding to the face recognition request includes:
determining the risk level of face recognition attack according to the equipment risk level, the account risk level and the service risk level;
and generating the early warning result according to the risk level, and executing early warning operation related to the risk level.
In one embodiment, the method further comprises:
responding to the risk level reaching a preset level, displaying the face recognition image and receiving a labeling result of the face recognition image;
displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that face recognition attack does not exist;
receiving adjustment information of the equipment risk degree, the account risk degree and the service risk degree;
and updating a generation strategy related to the equipment risk degree, the account risk degree and the service risk degree according to the adjustment information.
In one embodiment, the method for generating the device risk degree includes:
Responding to the login operation of the equipment account, and collecting the operation information of the terminal where the equipment account is located;
determining equipment risk behaviors according to a matching result of preset attack equipment characteristics and the running information;
and generating the equipment risk degree according to the equipment risk behaviors.
In one embodiment, the method for generating the account risk degree includes:
acquiring historical login equipment associated with the account identity information;
and generating the account risk degree according to the equipment risk degree of the historical login equipment.
In one embodiment, the method for generating the business risk degree includes:
acquiring business operation behaviors related to the account identity information;
and generating the business risk degree according to a matching result of the preset attack behavior characteristics and the business operation behaviors.
In a second aspect, the application further provides a device for early warning face recognition attack. The device comprises:
the information acquisition module is used for responding to the face recognition image sent by the equipment account to acquire account identity information corresponding to the equipment account and equipment identity information;
the equipment risk module is used for inquiring and obtaining corresponding equipment risk degrees according to the equipment identity information, wherein the equipment risk degrees are generated in advance based on equipment risk behaviors related to the equipment identity information;
The account risk module is used for inquiring and obtaining corresponding account risk degree and service risk degree according to the account identity information, wherein the account risk degree is generated on the basis of historical login equipment associated with the account identity information in advance, and the service risk degree is generated on the basis of service operation behaviors related to the account identity information in advance;
and the attack early warning module is used for generating an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree.
In one embodiment, the attack early warning module is further configured to determine a risk level of the face recognition attack according to the equipment risk level, the account risk level and the service risk level, generate the early warning result according to the risk level, and perform early warning operation related to the risk level.
In one embodiment, the apparatus further comprises:
the early warning rechecking module is used for displaying the face recognition image in response to the risk level reaching a preset level, receiving a labeling result of the face recognition image, and displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that no face recognition attack exists;
And the early warning adjustment module is used for receiving adjustment information of the equipment risk degree, the account risk degree and the service risk degree, and updating a generation strategy related to the equipment risk degree, the account risk degree and the service risk degree according to the adjustment information.
In one embodiment, the device risk module is further configured to, in response to a login operation of the device account, collect operation information of a terminal where the device account is located, determine a device risk behavior according to a matching result of a preset attack device feature and the operation information, and generate the device risk degree according to the device risk behavior.
In one embodiment, the account risk module is further configured to obtain a historical login device associated with the account identity information, and generate the account risk degree according to the device risk degree of the historical login device.
In one embodiment, the account risk module is further configured to obtain a service operation behavior related to the account identity information, and generate the service risk degree according to a matching result of a preset attack behavior feature and the service operation behavior.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the early warning method of the face recognition attack according to any one of the embodiments of the first aspect.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium stores a computer program, and the computer program when executed by a processor implements the early warning method for face recognition attack according to any one of the embodiments of the first aspect.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program, and the computer program realizes the early warning method of the face recognition attack according to any one of the embodiments of the first aspect when being executed by a processor.
According to the early warning method, device, computer equipment, storage medium and computer program product for face recognition attack, through responding to the face recognition image sent by the equipment account, account identity information corresponding to the equipment account and equipment identity information are obtained, corresponding equipment risk is obtained according to equipment identity information query, the equipment risk is generated in advance based on equipment risk behaviors related to the equipment identity information, corresponding account risk and business risk are obtained according to account identity information query, the account risk is generated in advance based on historical login equipment related to the account identity information, the business risk is generated in advance based on business operation behaviors related to the account identity information, and early warning results corresponding to face recognition requests are generated according to the equipment risk, the account risk and the business risk, and when face recognition requests are initiated, the account risk and the equipment identity information can be used for quickly querying the pre-generated equipment risk and the pre-alarm account, so that the generation efficiency and timeliness of the early warning results are improved.
In addition, when the early warning method for the face recognition attack is adopted, the equipment with the face recognition attack behavior can be early warned by generating the equipment risk degree based on the equipment risk behavior related to the equipment identity information in advance, the early warning of the face recognition attack behavior when the account logs in on the equipment for the first time can be realized by generating the account risk degree based on the historical login equipment related to the account identity information in advance, and the early warning of the account with the face recognition attack behavior for the first time can be realized by generating the service risk degree based on the service operation behavior related to the account identity information in advance. Furthermore, when the face recognition attack early warning method provided by the application is adopted, various face recognition attack situations can be dealt with, and the robustness and the accuracy of the face recognition attack early warning method are improved.
Drawings
FIG. 1 is an application environment diagram of a method for early warning of face recognition attacks in one embodiment;
fig. 2 is a flow chart of a method for early warning of face recognition attack in one embodiment;
FIG. 3 is a flow diagram of the generate policy adjustment step in one embodiment;
FIG. 4 is a flow chart of a device risk level generation step in one embodiment;
Fig. 5 is a flow chart of a pre-warning method for face recognition attack in another embodiment;
FIG. 6 is a block diagram of a device for early warning of face recognition attacks in one embodiment;
fig. 7 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.
The early warning method for face recognition attack provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server.
Specifically, the server 104 may obtain account identity information corresponding to the device account and device identity information in response to a face recognition image sent by the device account on the terminal 102. And inquiring the data storage system of the server 104 according to the equipment identity information to obtain the corresponding equipment risk degree. The device risk level may be generated by the server 104 in advance based on device risk behaviors related to the device identity information.
Similarly, the server 104 may query the data storage coefficient of the server 104 according to the account identity information to obtain a corresponding account risk degree and a corresponding service risk degree. The account risk degree may be generated by the server 104 based on the historical login device associated with the account identity information in advance. The business risk level may also be generated by the server 104 in advance based on the business operation behavior related to the account identity information.
The server 104 may generate an early warning result corresponding to the current face recognition request according to the device risk degree, the account risk degree and the service risk degree.
The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, portable wearable devices, and the internet of things devices may be smart televisions, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, a method for early warning of face recognition attack is provided, and the method is applied to the server 104 in fig. 1 for illustration, and includes the following steps:
step S202, in response to a face recognition image sent by the equipment account, acquiring account identity information corresponding to the equipment account and equipment identity information.
The device account number may represent an account number logged in on the current terminal. It will be appreciated that different accounts may be logged on the same terminal, and the same account may also be logged on different terminals.
The account identity information may represent a unique identity of the device account in the service system, and may include, but is not limited to, a name, an ID (Identity document, abbreviated as an identification number) of the device account, and the like.
The device identity information may represent a unique identity of the terminal, and may include, but is not limited to, a device manufacturer, a location where the device is located, a media access control address (MAC address for short), an international mobile equipment identity (IMEI code for short International Mobile Equipment Identity), and the like.
Specifically, the server may parse the face recognition request in response to the face recognition image sent by the device account logged in on the terminal to obtain account identity information corresponding to the device account and device identity information. Optionally, in some embodiments, the face recognition request may be triggered by a visual interface of the service system after the device account logs in to the corresponding service system on the terminal.
Step S204, obtaining corresponding equipment risk degree according to the equipment identity information query.
The device risk degree may represent the risk degree of whether the face recognition attack exists at the terminal where the current device account is located.
The device risk level may be generated in advance based on device risk behavior associated with the device identity information. Device risk behavior may include, but is not limited to, the installation of a virus application on the terminal, security vulnerabilities in the operating environment of the terminal, the firewall of the terminal not being open, the security authentication algorithm of the terminal being too simple, etc.
Specifically, after the device account logs in the terminal, the server may collect information such as the running environment security, whether a virus application program exists, whether a virus threat exists, etc. of the terminal where the current device account is located in real time, so as to confirm whether the device risk behavior exists in the terminal where the current device account logs in. Based on the acquired equipment risk behaviors, the server can pre-generate equipment risk degrees corresponding to the equipment identity information before the face recognition request is initiated, and store the generated equipment risk degrees to corresponding positions in the database.
After the equipment account initiates the face recognition request, the server can directly query the database by adopting the equipment identity information as a query main key to obtain the equipment risk degree corresponding to the current equipment identity information.
Step S206, obtaining corresponding account risk degree and business risk degree according to the account identity information query.
The account risk degree may represent a risk degree of the device account for face recognition attack. The account risk level may be generated in advance based on a historical login device associated with account identity information.
The business risk degree can represent the risk degree of face recognition attack of the equipment account when the business system executes business operation behaviors such as transfer, remittance, balance inquiry and transaction. The business risk level may be generated in advance based on business operations behavior related to account identity information.
Specifically, after the device account logs in at the terminal, the server may query and obtain a history login device associated with the account identity information (indicating that the account corresponding to the account identity information in the service system logs in at the terminal before the current moment). And generating an account risk degree corresponding to the current account identity information according to whether the history login equipment has the record of face recognition attack or not, and storing the account risk degree to a corresponding position in a database.
After the equipment account logs in at the terminal, the server can also collect service operation information related to the account identity information in real time. And according to preset business rules and business operation information, confirming whether the face recognition attack behavior exists when the corresponding account in the business system executes business operation, thereby generating and storing the business risk degree corresponding to the account identity information.
After the equipment account initiates the face recognition request, the server can directly query in the database by adopting the account identity information of the current equipment account as a query main key to obtain the account risk degree and the service risk degree corresponding to the current account identity information.
Step S208, generating an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree.
The device risk level, account risk level, and business risk level may be a specific value (e.g., 73), or may be a level (e.g., low, medium, or high).
Specifically, the server may generate an early warning result of the face recognition attack corresponding to the face recognition image sent by the current device account when any one of the device risk degree, the account risk degree or the service risk degree exceeds the risk threshold. Or, the server can also determine the risk level corresponding to the current face recognition request according to the equipment risk level, the account risk level and the service risk level, so as to generate an early warning result of face recognition attack aiming at the face recognition request with high risk level and medium risk level.
According to the early warning method for the face recognition attack, the account identity information and the equipment identity information corresponding to the equipment account are obtained through responding to the face recognition image sent by the equipment account, the corresponding equipment risk degree is obtained according to the equipment identity information query, the equipment risk degree is generated in advance based on equipment risk behaviors related to the equipment identity information, the corresponding account risk degree and service risk degree are obtained according to the account identity information query, the account risk degree is generated in advance based on historical login equipment related to the account identity information, the service risk degree is generated in advance based on service operation behaviors related to the account identity information, and the early warning result corresponding to the face recognition request is generated according to the equipment risk degree, the account risk degree and the service risk degree, and the equipment risk degree which are generated in advance can be quickly queried by using the account identity information and the equipment identity information when the face recognition request is initiated, so that the generation efficiency and timeliness of the early warning result are improved.
In addition, when the early warning method for the face recognition attack is adopted, the equipment with the face recognition attack behavior can be early warned by generating the equipment risk degree based on the equipment risk behavior related to the equipment identity information in advance, the early warning of the face recognition attack behavior when the account logs in on the equipment for the first time can be realized by generating the account risk degree based on the historical login equipment related to the account identity information in advance, and the early warning of the account with the face recognition attack behavior for the first time can be realized by generating the service risk degree based on the service operation behavior related to the account identity information in advance. Furthermore, when the face recognition attack early warning method provided by the application is adopted, various face recognition attack situations can be dealt with, and the robustness and the accuracy of the face recognition attack early warning method are improved.
In one embodiment, step S208, generating an early warning result corresponding to the face recognition request according to the device risk degree, the account risk degree, and the service risk degree includes: and determining the risk level of the face recognition attack according to the equipment risk level, the account risk level and the service risk level, generating an early warning result according to the risk level, and executing early warning operation related to the risk level.
Specifically, the server may generate a risk assessment score corresponding to the current device account according to the device risk degree, the account risk degree, and the service risk degree. For example, in the case where the device risk degree, the account risk degree, and the business risk degree are the degree levels, a risk assessment score corresponding to the current device account is generated according to the number of risk degrees of the medium or high degree levels that exist. Or taking the average value of the three risk degrees as a risk assessment score under the condition that the equipment risk degree, the account risk degree and the service risk degree are specific numerical values.
And determining that the risk level of the face recognition attack is a low risk level under the condition that the risk assessment score is lower than a first threshold value. And determining that the risk level of the face recognition attack is a medium risk level in the case that the risk assessment score is higher than the first threshold value and smaller than the second threshold value. And under the condition that the risk assessment score is higher than a second threshold value, determining that the risk level of the face recognition attack is a high risk level.
And generating a corresponding early warning result according to the risk level. And under the low risk level, directly releasing the currently transmitted face recognition image, and returning the face recognition result. Under the risk level, the currently transmitted face recognition image is intercepted, and the early warning result of face recognition attack is displayed. And under the high risk level, directly rejecting the face recognition image which is currently transmitted, and recording the equipment identity information and the account identity information of the equipment account.
In the embodiment, the risk level of the face recognition attack is determined by integrating the risk levels in a plurality of aspects, the corresponding early warning result is generated by using the risk level and the early warning operation related to the risk level is executed, the accuracy of the early warning of the face recognition attack can be improved,
in one embodiment, as shown in fig. 3, the early warning method for face recognition attack provided by the present application may further include:
and step S302, displaying the face recognition image in response to the risk level reaching the preset level, and receiving a labeling result of the face recognition image.
Specifically, the server may store a preset level related to review of the early warning result. After the early warning operation related to the risk level is performed, an early warning result review process may be entered in response to the risk level reaching a preset level (which may be set to a medium risk level and/or a high risk level). And displaying the face recognition image sent by the equipment account in a visual interface, and receiving the labeling result of the face recognition image. The labeling result may include the existence of a face recognition attack, and the absence of a face recognition attack.
And step S304, displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that the face recognition attack does not exist.
Step S306, receiving adjustment information of equipment risk degree, account risk degree and business risk degree.
Specifically, the server may display the device risk degree, the account risk degree, and the service risk degree corresponding to the current device account in the visual interface when the labeling result indicates that the face recognition attack does not exist. And receiving the adjustment information of the equipment risk degree, the account risk degree and the service risk degree through a visual interface. The adjustment information may include, but is not limited to, a risk level that is too high or a risk level that is too low.
Step S308, updating a generation strategy related to the equipment risk degree, the account risk degree and the service risk degree according to the adjustment information.
Specifically, the server may update the generation policy related to the device risk degree such that the device risk degree obtained based on the adjusted generation policy is lower than the device risk degree generated before adjustment, in the case where the adjustment information corresponding to the device risk degree is that the risk degree is too high. And updating the generation strategy related to the equipment risk degree under the condition that the adjustment information corresponding to the equipment risk degree is too low in risk degree, so that the equipment risk degree obtained based on the adjusted generation strategy is higher than the equipment risk degree generated before adjustment.
Similarly, the server may also update the generation policy related to the account risk degree and the service risk degree according to the adjustment information by referring to the generation policy adjustment manner of the device risk degree.
In this embodiment, after the early warning operation is performed, the visual display is performed on the face recognition image with the risk level reaching the preset level, and under the condition that the received labeling result is that no face recognition attack exists, the device risk degree, the account risk degree and the service risk degree are visually displayed, and corresponding adjustment information is received to update the generation strategy of the corresponding risk degree, so that the subsequent risk degree error can be reduced.
In one embodiment, as shown in fig. 4, there is provided a method for generating a device risk, including:
step S402, in response to login operation of the equipment account, operation information of the terminal where the equipment account is located is collected.
Step S404, determining equipment risk behaviors according to a matching result of preset attack equipment characteristics and running information.
The running information may include, but is not limited to, application running information, system version, network environment, firewall running version, etc.
The attack device characteristics may be generated according to device behavior information of the terminal in which the face recognition attack behavior has occurred. The aggressor device features may include aggressor device features and victim device features.
Specifically, the server may collect operation information of a terminal where the device account is located in response to a login operation of the device account. And matching with the currently acquired operation information according to the preset characteristics of the attack equipment to obtain a corresponding matching result. And determining the equipment risk behavior by using the matching result.
Step S406, generating the equipment risk degree according to the equipment risk behaviors.
Specifically, the server may generate the device risk degree to be low or 20% (the higher the risk degree threshold is 100%, the higher the value) in the case that the determined device risk behavior is that the firewall version in which the terminal operates is low. And under the condition that the determined equipment risk behavior is that the terminal runs the virus application, generating the equipment risk degree to be high or 80% (the upper limit of the risk degree threshold is 100%, and the higher the value is, the higher the risk degree is). And storing the mapping relation between the equipment risk degree and the current equipment identity information.
In this embodiment, by responding to a login operation of the device account, operation information of a terminal where the device account is located is collected, device risk behaviors are determined according to a preset matching result of attack device features and the operation information, and device risk degrees are generated according to risk levels of the device risk behaviors, so that risk degree evaluation of the terminal can be realized based on the operation information, and a terminal with face recognition attack occurring for the first time is avoided.
In one embodiment, the method for generating the account risk degree may include: and acquiring the historical login equipment associated with the account identity information, and generating the account risk degree according to the equipment risk degree of the historical login equipment.
Specifically, the server may query for the historical login device associated with the account identity information. The equipment identity information of the historical login equipment can be used for inquiring in a database to obtain the corresponding equipment risk degree. And generating an account risk degree corresponding to the account identity information according to the equipment risk degree of the historical login equipment, and storing a mapping relation between the account identity information and the account risk degree. For example, the account risk degree may be generated to be low risk when the device risk degree of the history login device is low risk. And under the condition that the equipment risk degree of the historical login equipment is high risk, generating an account risk degree is high risk.
In this embodiment, by acquiring the historical login device associated with the account identity information, and generating the account risk degree of the current account information according to the device risk degree of the historical login device, the traceability of the login device of the account identity information can be realized, so that the possible face recognition attack risk of missing the account logged in on the terminal with the face recognition attack can be avoided.
In one embodiment, the method for generating the account risk degree may include: and acquiring service operation behaviors related to the account identity information, and generating a service risk degree according to a matching result of preset attack behavior characteristics and the service operation behaviors.
The attack behavior feature may be generated according to the service operation behavior of the account number on which the face recognition attack has occurred. The attack behavior feature may include an aggressor behavior feature, a victim behavior feature, and the like.
Specifically, the server may store preset attack behavior characteristics. And acquiring the business operation behavior related to the account identity information in the business system according to the account identity information. And performing feature matching according to the preset attack behavior features and the business operation behaviors to obtain corresponding matching results. And generating a service risk degree by using the matching result, and storing the mapping relation between the service risk degree and the account identity information.
In this embodiment, by acquiring the service operation behavior related to the account identity information, and generating the service risk according to the matching result of the preset attack behavior feature and the service operation behavior, the risk assessment can be performed on the account based on the service operation behavior, so as to avoid missing the account with face recognition attack for the first time.
In one embodiment, as shown in fig. 5, there is provided a method for early warning of face recognition attack, including:
step S502, responding to the login operation of the equipment account, and collecting the operation information of the terminal where the equipment account is located.
Step S504, determining equipment risk behaviors according to a preset matching result of the attack equipment characteristics and the running information, and generating equipment risk degrees according to the equipment risk behaviors.
Specifically, the server may initialize a software development kit (Software Development Kit, abbreviated as SDK) of the service system in response to a login operation of the device account in the service system, so as to collect operation information of a terminal where the device account is located. And matching the preset characteristics of the attack equipment with the running information, and determining equipment risk behaviors according to the obtained matching result. And generating the equipment risk degree according to the equipment risk behaviors, and storing the mapping relation between the equipment risk degree and the equipment identity information.
Step S506, acquiring the historical login equipment associated with the account identity information, and generating the account risk degree according to the equipment risk degree of the historical login equipment.
Specifically, the server may obtain a history login device associated with account identity information. And inquiring the equipment identity information of the historical login equipment to obtain the equipment risk degree of the historical login equipment. And generating an account risk degree corresponding to the account identity information by using the equipment risk degree of the historical login equipment, and storing a mapping relation between the account risk degree and the account identity information.
Step S508, obtaining service operation behaviors related to account identity information, and generating service risk according to a matching result of preset attack behavior characteristics and the service operation behaviors.
Specifically, the server may obtain a service operation behavior related to account identity information in the service system. And matching the preset attack behavior characteristics with the currently acquired business operation behaviors, generating a business risk degree corresponding to the account identity information according to the obtained matching result, and storing the mapping relation between the account risk degree and the account identity information.
Optionally, in some embodiments, a plurality of databases may be deployed in the server to store device risk behaviors and device risk degrees, historical login device and account risk degrees, business operation behaviors and business risk degrees, respectively.
Optionally, in some embodiments, the server may further trace back the historical login device associated with the account identity information of the device account if it is determined that there is a device risk behavior. Under the condition of higher risk of the account, the related business operation behavior of the account identity information in the business system is traced back.
Step S510, responding to the face recognition image sent by the equipment account, and inquiring according to the account identity information corresponding to the equipment account and the equipment identity information to obtain corresponding equipment risk, account risk and business risk.
Step S512, determining the risk level of the face recognition attack according to the equipment risk level, the account risk level and the service risk level, generating an early warning result according to the risk level, and executing early warning operation related to the risk level.
Specifically, the server may respond to the face recognition image sent by the device account, and obtain the corresponding device risk degree, the account risk degree and the service risk degree generated in advance according to the account identity information corresponding to the device account and the device identity information query. And carrying out operation processing on the equipment risk degree, the account risk degree and the service risk degree, and determining the risk level of face recognition attack. And generating a corresponding early warning result according to the risk level, and executing early warning operation related to the risk level.
Optionally, in some embodiments, the server may further display face recognition in response to the risk level reaching a preset level, and receive a labeling result of the face recognition image. And displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that the face recognition attack does not exist. And receiving adjustment information of the equipment risk degree, the account risk degree and the service risk degree. And updating a generation strategy related to the equipment risk degree, the account risk degree and the business risk degree according to the adjustment information.
In this embodiment, by responding to the login operation of the device account, acquiring the operation information of the device account, tracing the historical login device, and recording the business operation behavior of the device account, so as to generate the risk degrees corresponding to the device account in advance under different dimensions, responding to the face recognition graph sent by the device account, inquiring according to the account identity information and the device identity information of the device account to obtain the corresponding device risk degrees, the account risk degrees and the business risk degrees, further determining the risk level with the face recognition risk, generating the corresponding early warning result according to the risk level and executing the corresponding early warning operation, so that the effective early warning before the face recognition attack occurs can be realized, the missing of the device or the account with the face recognition attack occurring for the first time is avoided, and the timeliness and accuracy of the early warning of the face recognition attack are improved.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a face recognition attack early warning device for realizing the face recognition attack early warning method. The implementation scheme of the solution to the problem provided by the device is similar to the implementation scheme described in the above method, so the specific limitation in the embodiment of the early warning device for one or more face recognition attacks provided below can be referred to the limitation of the early warning method for face recognition attacks hereinabove, and will not be repeated here.
In one embodiment, as shown in fig. 6, there is provided a pre-warning device 600 for face recognition attack, including: an information acquisition module 602, a device risk module 604, an account risk module 606, and an attack pre-warning module 608, wherein:
the information obtaining module 602 is configured to obtain account identity information corresponding to the device account and device identity information in response to a face recognition image sent by the device account.
The device risk module 604 is configured to obtain a corresponding device risk degree according to the device identity information query, where the device risk degree is generated in advance based on a device risk behavior related to the device identity information.
The account risk module 606 is configured to query according to account identity information to obtain a corresponding account risk degree and a service risk degree, where the account risk degree is generated in advance based on a history login device associated with the account identity information, and the service risk degree is generated in advance based on a service operation behavior associated with the account identity information.
Attack early warning module 608 is configured to generate an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree.
In one embodiment, the attack early-warning module 608 is further configured to determine a risk level of the face recognition attack according to the device risk level, the account risk level, and the service risk level, generate an early-warning result according to the risk level, and perform an early-warning operation related to the risk level.
In one embodiment, the early warning device 600 for face recognition attack further includes:
and the early warning rechecking module is used for displaying the face recognition image in response to the risk level reaching the preset level, receiving the labeling result of the face recognition image, and displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that the face recognition attack does not exist.
The early warning adjustment module is used for receiving adjustment information of the equipment risk degree, the account risk degree and the service risk degree, and updating a generation strategy related to the equipment risk degree, the account risk degree and the service risk degree according to the adjustment information.
In one embodiment, the device risk module 604 is further configured to, in response to a login operation of the device account, collect operation information of a terminal where the device account is located, determine a device risk behavior according to a matching result of a preset attack device feature and the operation information, and generate a device risk degree according to the device risk behavior.
In one embodiment, the account risk module 606 is further configured to obtain a historical login device associated with the account identity information, and generate an account risk degree according to the device risk degree of the historical login device.
In one embodiment, the account risk module 606 is further configured to obtain a business operation behavior related to account identity information, and generate a business risk degree according to a matching result of a preset attack behavior feature and the business operation behavior.
All or part of the modules in the early warning device for face recognition attack can be realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing data such as equipment risk degree, account risk degree, service risk degree, equipment identity information, account identity information and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by the processor is used for realizing a face recognition attack early warning method.
It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit of the application, which are within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (15)

1. The early warning method for the face recognition attack is characterized by comprising the following steps:
responding to a face recognition image sent by an equipment account, and acquiring account identity information and equipment identity information corresponding to the equipment account;
obtaining a corresponding equipment risk degree according to the equipment identity information query, wherein the equipment risk degree is generated in advance based on equipment risk behaviors related to the equipment identity information;
Inquiring according to the account identity information to obtain a corresponding account risk degree and a business risk degree, wherein the account risk degree is generated in advance based on historical login equipment associated with the account identity information, and the business risk degree is generated in advance based on business operation behaviors related to the account identity information;
and generating an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree.
2. The method according to claim 1, wherein the generating the early warning result corresponding to the face recognition request according to the device risk degree, the account risk degree, and the service risk degree includes:
determining the risk level of face recognition attack according to the equipment risk level, the account risk level and the service risk level;
and generating the early warning result according to the risk level, and executing early warning operation related to the risk level.
3. The method according to claim 2, wherein the method further comprises:
responding to the risk level reaching a preset level, displaying the face recognition image and receiving a labeling result of the face recognition image;
Displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that face recognition attack does not exist;
receiving adjustment information of the equipment risk degree, the account risk degree and the service risk degree;
and updating a generation strategy related to the equipment risk degree, the account risk degree and the service risk degree according to the adjustment information.
4. A method according to any one of claims 1 to 3, wherein the method for generating the device risk comprises:
responding to the login operation of the equipment account, and collecting the operation information of the terminal where the equipment account is located;
determining equipment risk behaviors according to a matching result of preset attack equipment characteristics and the running information;
and generating the equipment risk degree according to the equipment risk behaviors.
5. A method according to any one of claims 1 to 3, wherein the method for generating the account risk comprises:
acquiring historical login equipment associated with the account identity information;
and generating the account risk degree according to the equipment risk degree of the historical login equipment.
6. A method according to any one of claims 1 to 3, wherein the method for generating a business risk comprises:
acquiring business operation behaviors related to the account identity information;
and generating the business risk degree according to a matching result of the preset attack behavior characteristics and the business operation behaviors.
7. An early warning device for face recognition attack, characterized in that the device comprises:
the information acquisition module is used for responding to the face recognition image sent by the equipment account to acquire account identity information corresponding to the equipment account and equipment identity information;
the equipment risk module is used for inquiring and obtaining corresponding equipment risk degrees according to the equipment identity information, wherein the equipment risk degrees are generated in advance based on equipment risk behaviors related to the equipment identity information;
the account risk module is used for inquiring and obtaining corresponding account risk degree and service risk degree according to the account identity information, wherein the account risk degree is generated on the basis of historical login equipment associated with the account identity information in advance, and the service risk degree is generated on the basis of service operation behaviors related to the account identity information in advance;
And the attack early warning module is used for generating an early warning result corresponding to the face recognition request according to the equipment risk degree, the account risk degree and the service risk degree.
8. The apparatus of claim 7, wherein the attack pre-warning module is further configured to determine a risk level of a face recognition attack according to the device risk level, the account risk level, and the service risk level, generate the pre-warning result according to the risk level, and perform a pre-warning operation related to the risk level.
9. The apparatus of claim 7, wherein the apparatus further comprises:
the early warning rechecking module is used for displaying the face recognition image in response to the risk level reaching a preset level, receiving a labeling result of the face recognition image, and displaying the equipment risk degree, the account risk degree and the service risk degree under the condition that the labeling result is that no face recognition attack exists;
and the early warning adjustment module is used for receiving adjustment information of the equipment risk degree, the account risk degree and the service risk degree, and updating a generation strategy related to the equipment risk degree, the account risk degree and the service risk degree according to the adjustment information.
10. The apparatus according to any one of claims 7 to 9, wherein the device risk module is further configured to, in response to a login operation of the device account, collect operation information of a terminal in which the device account is located, determine a device risk behavior according to a result of matching a preset attack device feature with the operation information, and generate the device risk degree according to the device risk behavior.
11. The apparatus according to any one of claims 7 to 9, wherein the account risk module is further configured to obtain a historical login device associated with the account identity information, and generate the account risk degree according to a device risk degree of the historical login device.
12. The apparatus according to any one of claims 7 to 9, wherein the account risk module is further configured to obtain a service operation behavior related to the account identity information, and generate the service risk degree according to a matching result of a preset attack behavior feature and the service operation behavior.
13. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
14. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
15. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
CN202311093246.3A 2023-08-28 2023-08-28 Early warning method and device for face recognition attack, computer equipment and storage medium Pending CN117131488A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311093246.3A CN117131488A (en) 2023-08-28 2023-08-28 Early warning method and device for face recognition attack, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311093246.3A CN117131488A (en) 2023-08-28 2023-08-28 Early warning method and device for face recognition attack, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117131488A true CN117131488A (en) 2023-11-28

Family

ID=88852299

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311093246.3A Pending CN117131488A (en) 2023-08-28 2023-08-28 Early warning method and device for face recognition attack, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117131488A (en)

Similar Documents

Publication Publication Date Title
WO2016145993A1 (en) Method and system for user device identification
CN114693192A (en) Wind control decision method and device, computer equipment and storage medium
CN112738018A (en) ARP spoofing attack detection method, device, computer equipment and storage medium
CN112073444A (en) Data set processing method and device and server
CN111324883A (en) Internet-based E-commerce platform intrusion detection method and computer equipment
CN117061254B (en) Abnormal flow detection method, device and computer equipment
CN114598514A (en) Industrial control threat detection method and device
CN117131488A (en) Early warning method and device for face recognition attack, computer equipment and storage medium
CN114465816A (en) Detection method and device for password spray attack, computer equipment and storage medium
CN114826726B (en) Network asset vulnerability detection method, device, computer equipment and storage medium
CN116206372A (en) Living body detection method, system, computer device and storage medium
CN116244292A (en) Data quality marking method, device, computer equipment and storage medium
CN116167005A (en) Abnormality judgment method and device for target account, computer equipment and storage medium
CN117151855A (en) Fraud risk prediction method, apparatus, computer device, and readable storage medium
CN116628679A (en) Tamper-resistant method, apparatus, computer device, storage medium, and program product
CN116846655A (en) Security detection method and device for login behavior, computer equipment and storage medium
CN118071512A (en) Penetration risk analysis method, penetration risk analysis device, computer equipment and storage medium
CN117879926A (en) Webpage login security verification method and device and computer equipment
CN117196628A (en) Method, apparatus, computer device and readable storage medium for detecting group fraud
CN117217760A (en) Abnormal resource transfer data detection method and device and computer equipment
CN117236948A (en) Asset processing method, device, computer equipment and storage medium
CN116909785A (en) Processing method, device, equipment, storage medium and program product for abnormal event
CN117436057A (en) Security verification method, security verification device, computer equipment and storage medium
CN116910069A (en) Database updating method, device, computer equipment and storage medium
CN117235722A (en) Method, apparatus, computer device and storage medium for countering anti-sandboxed program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination