CN117675259A - Network identity determining method and device, computer equipment and storage medium - Google Patents

Network identity determining method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN117675259A
CN117675259A CN202211085990.4A CN202211085990A CN117675259A CN 117675259 A CN117675259 A CN 117675259A CN 202211085990 A CN202211085990 A CN 202211085990A CN 117675259 A CN117675259 A CN 117675259A
Authority
CN
China
Prior art keywords
user
network
determining
weight
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211085990.4A
Other languages
Chinese (zh)
Inventor
宋琪
向伟
吴一凡
李洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Chengdu ICT Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Chengdu ICT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Chengdu ICT Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202211085990.4A priority Critical patent/CN117675259A/en
Publication of CN117675259A publication Critical patent/CN117675259A/en
Pending legal-status Critical Current

Links

Abstract

The disclosure provides a network identity determination method and device, computer equipment and storage medium. Wherein the method comprises the following steps: acquiring network data of a user; determining the security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network; and determining the network identity of the user according to the security level. The method and the device can timely find potential safety hazards of the user and timely take safety countermeasures.

Description

Network identity determining method and device, computer equipment and storage medium
Technical Field
The present disclosure relates to, but not limited to, the field of communications technologies, and in particular, to a network identity determining method and apparatus, a computer device, and a storage medium.
Background
With the rapid development of network communication technology, the events of endless leakage of user identity information are increased, the user identity information corresponds to user privacy, and once the user is stolen in the information transmission process, serious consequences are serious. Based on the background, after triggering the user identity change condition, the current user can be logged off, the identity of the user in the communication process is changed, so that an attacker cannot accurately judge the user identity information, the purpose of decepting the attacker can be achieved, and the tracking and positioning preventing functions are realized.
In the related art, dynamic mapping or periodic dynamic mapping and other methods are adopted to realize dynamic change of the network identity corresponding to the user identity, but the condition under which the user network identity is transformed is not disclosed.
Disclosure of Invention
In view of this, embodiments of the present disclosure at least provide a network identity determining method and apparatus, a computer device, and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a network identity determining method, the method including:
acquiring network data of a user;
determining the security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network;
and determining the network identity of the user according to the security level.
In some embodiments, the method further comprises:
acquiring historical network data of different users;
clustering is carried out based on the historical network data of different users, and security level labels corresponding to the users are determined;
training the neural network according to the historical network data of each user and the security level label corresponding to each user, and determining the level prediction model.
In some embodiments, the clustering process based on the historical network data of the different users, determining the security level tag corresponding to each user includes:
Processing the historical network data of each user and determining the user characteristic information of each user;
and clustering the user characteristic information of all the users, and determining the security level label corresponding to each user.
In some embodiments, the clustering processing is performed on the user characteristic information of all the users, and determining the security level label corresponding to each user includes:
clustering is carried out on the user characteristic information of all users to obtain different clustering clusters; wherein the security levels of the different clusters are different;
for each cluster, determining average characteristic information corresponding to the cluster according to the user characteristic information of each user included in the cluster;
determining security level labels corresponding to the clusters based on average characteristic information corresponding to the clusters; the security level label of each user included in the cluster is the same as the security level label corresponding to the cluster.
In some embodiments, the historical network data includes network access information of the user, service data of the user, and network identity change data of the user;
the processing the historical network data of each user to determine the user characteristic information of each user comprises the following steps:
Determining a first weight for representing the importance degree of the identity grade of each user according to the network access information of the user;
determining a second weight used for representing the importance degree of the business data of the user according to the business data of the user;
determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user;
and determining the characteristic information of each user according to the first weight, the second weight and the third weight corresponding to each user.
In some embodiments, the determining the first weight for characterizing the importance degree of the identity level of the user according to the network access information of the user includes:
determining the identity grade of the user according to the network access information of the user;
and determining the first weight according to the identity grade of the user, a maximum value of a preset user identity grade and a minimum value of a preset user identity grade.
In some embodiments, the business data comprises: data of network service; wherein the data of the network service comprises: the number of sessions of the packet service, the number of sessions of all network services;
The determining, according to the service data of the user, a second weight for characterizing the importance degree of the service data of the user includes:
determining the proportion of the conversation times of the packet service in the conversation times of all network services;
and determining a second weight corresponding to the small packet service according to the proportion occupied by the small packet service.
In some embodiments, the business data comprises: the conversation times of all the services and the data of the voice service; wherein, the data of the voice service comprises: the number of conversations, the time of voice conversations, and the number of successful voice conversations for all voice services;
the determining, according to the service data of the user, a second weight for characterizing the importance degree of the service data of the user includes:
determining the proportion of the conversation times of the voice service in the conversation times of all the services;
determining the success rate of the voice conversation according to the conversation times of all the voice services and the successful times of the voice conversation;
and determining a second weight corresponding to the voice service according to the proportion occupied by the voice service, the voice session success rate and the voice session time.
In some embodiments, the network identity change data comprises: the number of times of network identity change and the time of first network identity change;
the determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user comprises the following steps:
determining the frequency of the network identity change according to the number of the network identity change and the time of the first network identity change;
and determining the third weight according to the frequency of the network identity change.
In some embodiments, the determining the feature information of each user according to the first weight, the second weight and the third weight corresponding to each user includes:
determining, for each user, a first tag for characterizing a security level of the user according to the first weight of the user; wherein the security level characterized by the first tag is positively correlated with the first weight;
determining a second tag for characterizing a security level of the user according to the second weight of the user; wherein the security level characterized by the second tag is positively correlated with the second weight;
Determining a third tag for characterizing a security level of the user according to the third weight of the user; wherein the security level characterized by the third tag is positively correlated with the third weight;
and constructing a feature vector based on the first weight, the second weight and the third weight of each user and the corresponding first label, second label and third label, and determining feature information of each user.
In some embodiments, the determining the network identity of the user according to the security level comprises:
if the security level is greater than or equal to a preset security level threshold, adjusting the network identity of the user;
and if the security level is smaller than the preset security level threshold, maintaining the network identity of the user unchanged.
In a second aspect, an embodiment of the present disclosure provides a network identity determining apparatus, the apparatus including:
the acquisition module is used for acquiring network data of a user;
the first determining module is used for determining the security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network;
And the second determining module is used for determining the network identity of the user according to the security level.
In a third aspect, embodiments of the present disclosure provide a computer device comprising: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to perform the method described in the first aspect.
In a fourth aspect, embodiments of the present disclosure provide a storage medium having stored thereon a computer program which, when executed by a processor, implements the method described in the first aspect.
The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:
in the embodiment of the disclosure, the security level of the user is determined according to the network data of the user and the trained level prediction model, and then the network identity of the user is adjusted according to the security level, so that the potential safety risk hazards of the user can be found in time, the occurrence of the condition of revealing the identity information of the user is reduced, and the network security is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the technical aspects of the disclosure.
Fig. 1 is a schematic implementation flow diagram of a network identity determining method according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a network identity determining method according to an embodiment of the present disclosure;
FIG. 3 is a schematic flow chart of model training according to an embodiment of the disclosure;
fig. 4 is a schematic flow chart of a clustering algorithm provided in an embodiment of the disclosure;
fig. 5 is a schematic diagram of a composition structure of a network identity determining apparatus according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of a hardware entity of a computer device according to an embodiment of the disclosure.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present disclosure more apparent, the technical solutions of the present disclosure are further elaborated below in conjunction with the drawings and the embodiments, and the described embodiments should not be construed as limiting the present disclosure, and all other embodiments obtained by those skilled in the art without making inventive efforts are within the scope of protection of the present disclosure.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
If a similar description of "first/second" appears in the application document, the following description is added: the terms "first/second/third" and "first/second/third" in reference to the present disclosure are merely distinguishing between similar objects and not representing a particular ordering of objects, it being understood that the "first/second/third" may be interchanged with a particular order or precedence, as allowed, to enable embodiments of the disclosure described herein to be implemented in other than those illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. The terminology used herein is for the purpose of describing the present disclosure only and is not intended to be limiting of the present disclosure.
Fig. 1 is a schematic implementation flow chart of a network identity determining method according to an embodiment of the present disclosure, as shown in fig. 1, where the method includes the following steps:
s101, acquiring network data of a user;
s102, determining the security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network;
s103, adjusting the network identity of the user according to the security level.
The network identity determining method of the embodiment of the disclosure can be applied to computer equipment, and the computer equipment can acquire the service data stream of the user in real time at a preset acquisition speed. The preset acquisition frequency is related to the data acquisition terminal, and for example, by using a gigabit acquisition card to acquire network data of a user, the acquisition speed can be set to 1000 megabytes per second. The computer device to which the embodiments of the present disclosure apply includes, but is not limited to, a network host, a single network server, a plurality of network server sets, or a cloud formed by a plurality of servers, etc., and the network to which the embodiments of the present disclosure apply includes, but is not limited to, the internet, a wide area network, a metropolitan area network, a local area network, a virtual private network, a wireless ad hoc network, etc.
In the embodiment of the disclosure, the data traffic of the user can be primarily identified based on the security application identification technology, and a detailed record of the service transmission process is generated. The security application identification technology comprises the following steps: deep packet inspection (Deep Packet Inspection, DPI), deep flow inspection (Deep Flow Inspection, DFI), etc.; the detailed record of the service transmission process may be recorded in the form of a bill data (x Detailed Record, XDR), and the user bill data includes: instant messaging (short message, micro message), video, application program, game, call, payment and other communication behaviors. Based on the detailed record of the service transmission process, the network data of the user can be extracted, wherein the network data comprises network access information of the user, service data of the user, network identity change data of the user and the like.
After the computer equipment acquires the network data of the user, the network data can be input into a preset level prediction model to obtain the security level of the user. The level prediction model is obtained by training a neural network, for example, after performing training and tuning on a network such as a convolutional neural network (Convolutional Neural Networks, CNN), a deep learning network (Deep Neural Networks, DNN), a generating countermeasure network (Generative Adversarial Network, GAN), a recurrent neural network (Recurrent Neural Network, RNN) and the like based on training sample data and a label value, wherein the training sample data may include historical network data of different users, and the label value is a preset security level.
After the computer equipment determines the security level of the user, the network identity of the user can be adjusted according to the security level. In a communication system, a network operator typically assigns each user a unique identification, i.e. the user's network identity. The network identity of the user includes: globally unique temporary UE identity (Globally Unique Temporary UE Identity, GUTI), international mobile subscriber identity (International Mobile Subscriber Identity, IMSI), subscriber permanent identifier (Subscription Permanent Identifier, SUPI), temporary mobile subscriber identity (Temporary Mobile Subscriber Identity, TMSI), etc. Under different network environments, the used identifiers are different, and the identifier in the 3G network and the 4G network can be an IMSI, the identifier in the 5G network can be a SUPI, the identifier in the 2G network and the 3G network can be a TMSI, the identifier in the 4G network and the identifier in the 5G network can be a GUTI, the distribution of the network identity of the user can be determined according to the specific situation in the communication process, and the embodiment of the disclosure is not limited.
In the embodiment of the disclosure, the purpose of spoofing an attacker can be achieved by changing the network identity in the user communication process, so that the attacker cannot judge accurate user identity information.
In some embodiments, the determining the network identity of the user according to the security level comprises:
if the security level is greater than or equal to a preset security level threshold, adjusting the network identity of the user;
and if the security level is smaller than the preset security level threshold, maintaining the network identity of the user unchanged.
In the embodiment of the disclosure, comparing the security level of the user with a preset security level threshold, wherein the preset security level threshold may be a critical value indicating that the risk of the network environment where the user is located is higher, and if the determined security level of the user is greater than or equal to the preset security level threshold, indicating that the risk of the network environment is higher, adjusting the network identity of the user is required; if the determined security level of the user is smaller than the preset security level threshold, the network environment where the user is located is characterized to be safer, the network identity of the user does not need to be adjusted, and the existing network identity can be maintained unchanged.
In the embodiment of the disclosure, the security level of the user is compared with the preset security level threshold value, the network identity of the user is adjusted, and the scheme is simple and effective.
In other embodiments, a mapping relationship between security level and frequency of change of network identity may be established, so as to reduce risk of tracking and locating the user by periodically changing the network identity of the user. For example, when the security level of the user is high, the number of the corresponding selectable network identities of the user is large, and the network identities of the user are periodically changed in a manner that the change frequency is greater than a preset frequency threshold; when the security level of the user is low, the number of the corresponding selectable network identities of the user is small, and the network identities of the user are periodically changed in a mode that the change frequency is smaller than or equal to a preset frequency threshold value.
In the related art, dynamic mapping or periodic dynamic mapping and other methods are adopted to realize dynamic change of IMSI or SUPI corresponding to the user identity, but the user network identity transformation is not disclosed under what conditions.
In contrast, in the embodiment of the disclosure, the security level of the user is determined according to the network data of the user and the trained level prediction model, and then the network identity of the user is adjusted according to the security level, so that potential safety hazards of the user can be found in time, the occurrence of the condition of leakage of the identity information of the user is reduced, and the network security is improved.
In some embodiments, the method further comprises:
acquiring historical network data of different users;
clustering is carried out based on the historical network data of different users, and security level labels corresponding to the users are determined;
training the neural network according to the historical network data of each user and the security level label corresponding to each user, and determining the level prediction model.
The network identity determining method of the embodiment of the disclosure can be applied to a multi-user network environment, in which the computer equipment can acquire the historical network data of different users, and based on the acquired historical network data of different users, a clustering algorithm is adopted to determine the security level label corresponding to the user. The clustering algorithm comprises the following steps: k mean clustering algorithm, aggregation hierarchical clustering, density-based noise application spatial clustering (Density-Based Spatial Clustering of Applications with Noise, DBSCAN), the embodiment of the disclosure does not limit the type of clustering algorithm; the preset time period may be set to 10 minutes, and embodiments of the present disclosure are not limited.
In the embodiment of the disclosure, the computer equipment can train the neural network by adopting the method based on the determined security level label corresponding to each user and combining the historical network data of each user, and then determine a level prediction model based on the level prediction model. The security level label is the label value. In some embodiments, the computer device trains the neural network based on historical network data for all/part of the users. In other embodiments, the computer device trains the neural network based on historical network data of a portion of the users, and verifies the neural network based on historical network data of another portion of the users to promote accuracy of the level preset model in determining the user security level.
It can be appreciated that the clustering algorithm belongs to a machine learning technology, in the embodiment of the present disclosure, the intrinsic law of the historical network data is found through the clustering process, and the security level label is automatically marked for the user, so that compared with the manual matching of the security level label of the user, the time can be saved, and the efficiency of determining the security level label corresponding to the user can be effectively improved.
In some embodiments, the clustering process based on the historical network data of the different users, determining the security level tag corresponding to each user includes:
processing the historical network data of each user and determining the user characteristic information of each user;
and clustering the user characteristic information of all the users, and determining the security level label corresponding to each user.
In the embodiment of the disclosure, a computer device processes historical network data of all users to obtain feature information of each user, then uses the user feature information of all users as input data of a clustering algorithm, discovers association rules from the feature information of the users, and divides the feature information of all users into different clustering clusters through the clustering algorithm, wherein each clustering cluster corresponds to different security level labels. Illustratively, the security level labels of users in the same cluster are the same, and the security level labels of users in different clusters are different. The characteristic information of the user may be network access characteristic information, for example, access location information, network environment of the user, and the like; the characteristic information of the user may be behavior habit characteristic information, such as a call making duration, a video watching time period, etc.; the feature information of the user may also be interest feature information, e.g. category of interest, application software of interest.
In the embodiment of the disclosure, the characteristic information of the user is determined according to the historical network data of the user, and the characteristic information of the user can be more accurately described, so that the characteristic information of the user is subjected to cluster analysis, and the more accurate safety level of the user can be obtained.
In some embodiments, the clustering processing is performed on the user characteristic information of all the users, and determining the security level label corresponding to each user includes:
clustering is carried out on the user characteristic information of all users to obtain different clustering clusters; wherein the security levels of the different clusters are different;
for each cluster, determining average characteristic information corresponding to the cluster according to the user characteristic information of each user included in the cluster;
determining security level labels corresponding to the clusters based on average characteristic information corresponding to the clusters; the security level label of each user included in the cluster is the same as the security level label corresponding to the cluster.
In the embodiment of the disclosure, the user characteristic information of the user can be used as the sample points, and different clustering clusters can be obtained by clustering the sample points of the user.
In the embodiment of the disclosure, the computer equipment adopts a clustering algorithm to divide the user characteristic information of different users into different clusters, the user characteristic information in the same cluster has stronger similarity, and the clustered result can be regarded as the division result of different users. In the embodiment of the disclosure, the security levels of users in the same cluster are the same. Obtaining average characteristic information corresponding to each cluster by calculating the average value of the user characteristic information of the users in each cluster, wherein the security level label of each user in each cluster is the same as the security level label corresponding to the cluster; wherein the average algorithm is not limited in the embodiments of the present disclosure.
Exemplary, the number of clusters is j, the number of users in cluster j is M, and the user characteristic information value x jM User characteristic information value of user M in characteristic cluster j, and cluster category is type j According to the user characteristic information of the users in the cluster, calculating the average of the clusterThe characteristic information is shown in the following formula (1):
wherein, type_value j Representing the average characteristic information value of cluster j.
In the embodiment of the disclosure, average value calculation is performed based on the user characteristic information of the users in the cluster to obtain the average characteristic information of the corresponding cluster, and the average characteristic information can comprehensively reflect the characteristic information of each user in the cluster, so that the accuracy of the security class classification corresponding to the cluster can be improved based on the average characteristic information, and the accuracy of the security class determination of the users is further improved.
In some embodiments, the historical network data includes network access information of the user, service data of the user, and network identity change data of the user;
the processing the historical network data of each user to determine the user characteristic information of each user comprises the following steps:
determining a first weight for representing the importance degree of the identity grade of each user according to the network access information of the user;
determining a second weight used for representing the importance degree of the business data of the user according to the business data of the user;
determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user;
and determining the characteristic information of each user according to the first weight, the second weight and the third weight corresponding to each user.
In the embodiment of the disclosure, the computer device may determine an identity level of the user based on the network access information of the user, and then determine the first weight according to the identity level of the user. In some embodiments, the computer device may derive the identity of the user from the networking information and determine the identity level based on the identity of the user. For example, a user with a higher security level of a communication carrier has a relatively higher identity level; the user with a lower security level of the communication carrier has a relatively low level of identity. In other embodiments, the computer device may obtain a network scenario of the user according to the network access information, and determine the identity level according to the network scenario of the user, for example, a private network is generally set up in a confidential unit, and should have the capability of coping with network risks, and have higher security; the public network is a communication network used by public users, people dial calls by mobile phones and browse information on web pages in life, the public network is used for paying attention to fairness among users, and network resources are equal to all users. The identity level of the user can be determined by the network scene in which the user is located, and the identity level of the private network user is relatively high and the identity level of the public network user is relatively low by way of example.
In embodiments of the present disclosure, the computer device may determine the second weight based on business data of the user. The service data of the user may include network service data, wherein the network service data includes a small packet service and a large packet service, and the network service having a data amount of small packet data amount may be regarded as the small packet service, for example, the network service having a data amount of less than or equal to 512 bytes may be regarded as the small packet service. For example, when the packet service is more, the influence of the network identity change on the service is smaller, and the perception of the user is better; when the packet service is less, the influence of network identity change on the service is larger, and the perception of the user is poorer. The service data of the user can also comprise voice service data, and when the current service is the voice service, if the network identity of the user changes, the voice service is interrupted, and the perception of the user is poor; when the current service is not voice service, if the network identity of the user changes, the perception of the user is better.
In an embodiment of the disclosure, the computer device may further determine a frequency of a change in the network identity of the user based on the network identity change data of the user, and determine the third weight according to the frequency of the change in the network identity of the user. The frequency of the user identity change can reflect the security of the network environment where the user is located, and the frequency of the user identity change is high to represent that the risk of the network environment of the user is high; the frequency of user identity change is lower, and the network environment risk for representing the user is smaller. The frequency of the user identity change can also reflect the security level of the user, and the frequency of the user identity change is high, so that the security level of the user is high, and the network environment risk which can be dealt with is high; the frequency of user identity change is low, the security level of the characterization user is low, and the network environment risk which can be dealt with is low.
In the embodiment of the disclosure, the weight corresponding to the user is determined according to the network access information, the service data and the network identity change data of the user, and the security level of the user is determined based on the weight, so that on one hand, the security of the user is ensured on the premise of considering the network service, and the perception of the user to the service is improved; on one hand, the influence of network access information and network identity change data on the security level of the user is enabled to be quantized, and therefore accuracy of determining the security level of the user is improved.
In some embodiments, the determining the first weight for characterizing the importance degree of the identity level of the user according to the network access information of the user includes:
determining the identity grade of the user according to the network access information of the user;
and determining the first weight according to the identity grade of the user, a maximum value of a preset user identity grade and a minimum value of a preset user identity grade.
In the embodiment of the disclosure, the computer device may preset the maximum value of the user Identity level to be Identity max Presetting a minimum value of user Identity level as Identity min Determining the Identity grade of the current user as Identity according to the network access information of the user current Calculating a first Weight representing importance degree of identity level of user by using normalization mode identity The following formula (2) shows:
wherein Q is identity ≤10,Q identity Is a preset variable parameter for adjusting the first weight.
From the above, the network access information of the user can reflect the identity level of the user, the computer device can determine the first weight according to the identity level of the user, the identity level of the user is positively correlated with the first weight, and the user has a higher identity level and a higher first weight value, so that higher security guarantee needs to be provided for the user, and the security level of the user is higher; the user identity level is lower, the first weight value is smaller, higher security guarantee is not needed to be provided for the user, and the security level of the user is lower.
In the embodiment of the disclosure, the identity grade is determined according to the network access information of the user, and the first weight for representing the importance degree of the identity grade is determined based on the identity grade, so that the influence of the identity grade of the user on the security grade of the user can be quantified, and the accuracy of determining the security grade of the user is improved.
In some embodiments, the business data comprises: data of network service; wherein the data of the network service comprises: the number of sessions of the packet service, the number of sessions of all network services;
the determining, according to the service data of the user, a second weight for characterizing the importance degree of the service data of the user includes:
Determining the proportion of the conversation times of the packet service in the conversation times of all network services;
and determining a second weight corresponding to the small packet service according to the proportion occupied by the small packet service.
In the disclosed embodiments, the traffic data may include data of network traffic. Wherein, the data of the network service comprises: the number of sessions of the packet service, the number of sessions of all network services.
In the embodiment of the disclosure, the computer equipment can be used for controlling the Number of sessions of the packet service according to the Number of sessions of the packet service packet Number of sessions of all network services network_service Calculating the Proportion Proportion of the packet service packet As shown in the following formula (3)The illustration is:
calculating a second Weight representing the importance degree of the service data of the user according to the proportion of the packet service packet_service The following formula (4) shows:
Weight packet_service =Proportion packet *(10-Q packet ) (4)
wherein Q is packet ≤10,Q packet And the variable parameter is a preset variable parameter and is used for adjusting a second weight corresponding to the packet service.
In the embodiment of the disclosure, the computer device may determine the second weight corresponding to the packet service according to the proportion of the packet service, where the proportion of the packet service is positively related to the second weight corresponding to the packet service, and as an example, the more the number of sessions of the packet service is, the higher the proportion of the packet service is, the larger the second weight value corresponding to the packet service is, and if the network identity of the user changes, the less influence on the network service is caused, and the network identity of the user can be frequently switched; the fewer the number of sessions of the packet service, the smaller the proportion of the packet service is, the smaller the second weight corresponding to the packet service is, if the network identity of the user changes, the influence on other network services is larger, and the network identity of the user cannot be frequently switched.
For this reason, in the embodiment of the disclosure, the proportion of the packet service is determined according to the network service of the user, and the second weight representing the importance degree of the service data is determined based on the proportion of the packet service, so that the influence of the packet service of the user on the security level of the user is quantified, thereby improving the accuracy of the security level determination of the user.
In some embodiments, the business data comprises: the conversation times of all the services and the data of the voice service; wherein, the data of the voice service comprises: the number of conversations, the time of voice conversations, and the number of successful voice conversations for all voice services;
the determining, according to the service data of the user, a second weight for characterizing the importance degree of the service data of the user includes:
determining the proportion of the conversation times of the voice service in the conversation times of all the services;
determining the success rate of the voice conversation according to the conversation times of all the voice services and the successful times of the voice conversation;
And determining a second weight corresponding to the voice service according to the proportion occupied by the voice service, the voice session success rate and the voice session time.
In the disclosed embodiments, the service data may include data of voice service. Wherein the voice service data comprises: the number of conversations for all voice services, the time of voice conversations, the number of successful voice conversations, etc.
In the embodiment of the disclosure, the computer device may determine the ratio of the voice service to the report according to the number of sessions N of all the voice services and the number of sessions M of all the services voice The following formula (5) shows:
can be based on the Number N of conversations of all the voice services and the Number of successful conversations voice_success Determining a success rate report of a voice session voice_success The following formula (6) shows:
the current Voice call duration voice_time can be obtained current And according to the average time mu of all voice conversations calculated by the voice conversation time, the occupied voice serviceRatio of Proportions of (C) voice Voice session success rate report voice_success The current Voice call duration Voice time_current Determining a second Weight corresponding to the voice service voice_service The following formula (7) shows:
Wherein Q is voice ≤10,Q voice And the second weight is used for adjusting the second weight corresponding to the voice service.
As can be seen from the above, the computer device may determine the second weight corresponding to the voice service according to the voice service data, where the proportion of the voice service and the session success rate are positively correlated with the second weight corresponding to the voice service. The number of conversations of the voice service is more, the success rate of the conversations is higher, the duration of the conversations is longer, the second weight value corresponding to the voice service is larger, the user is easier to track and locate, the risk of the corresponding user is higher, and the user needs to deal with the risk with higher security level; the number of conversations of the voice service is less, the conversation success rate is lower, the conversation duration is shorter, the second weight value corresponding to the voice service is smaller, the user is not easy to track and position, the risk of the corresponding user is lower, and the user does not need to deal with the risk with higher security level.
In the embodiment of the disclosure, the second weight representing the importance degree of the service data is determined according to the voice service of the user, so that the influence of the voice service of the user on the security level of the user is quantified, and the accuracy of determining the security level of the user is improved. .
In some embodiments, the network identity change data comprises: the number of times of network identity change and the time of first network identity change;
The determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user comprises the following steps:
determining the frequency of the network identity change according to the number of the network identity change and the time of the first network identity change;
and determining the third weight according to the frequency of the network identity change.
In the embodiment of the disclosure, the network identity change data may include the number of network identity changes and the time when the network identity is changed for the first time.
The computer equipment can obtain the time identity_switch of the current network Identity change time_current And according to the number K of network Identity change and the time identity_switch of the first change of the network Identity time_first Determining the network identity change Frequency of a user identity_switch The following formula (8) shows:
frequency can be changed according to the network identity of the user identity_switch Calculating a third Weight representing the importance degree of the network identity change of the user identity_switch The following formula (9) shows:
Weight identity_switch =Q identity_switch *Frequency identity_switch (9)
wherein Q is identity_switch ≤10,Q identity_switch Is a preset variable parameter for adjusting the third weight.
From the above, the computer device may determine the third weight according to the network identity change data, where the network identity change frequency is positively correlated with the third weight. The network identity change frequency is high, and the corresponding third weight value is high, so that the user has high safety guarantee, and the safety level of the user is high; the network identity change frequency is lower, the corresponding third weight value is smaller, the user has lower security guarantee, and the security level of the user is lower.
In the embodiment of the disclosure, the third weight for representing the importance degree of the network identity change of the user is determined based on the network identity change data, so that the influence of the identity grade of the user on the security grade of the user is quantified, and the accuracy of determining the security grade of the user is improved.
In some embodiments, the determining the feature information of each user according to the first weight, the second weight and the third weight corresponding to each user includes:
determining, for each user, a first tag for characterizing a security level of the user according to the first weight of the user; wherein the security level characterized by the first tag is positively correlated with the first weight;
determining a second tag for characterizing a security level of the user according to the second weight of the user; wherein the security level characterized by the second tag is positively correlated with the second weight;
determining a third tag for characterizing a security level of the user according to the third weight of the user; wherein the security level characterized by the third tag is positively correlated with the third weight;
and constructing a feature vector based on the first weight, the second weight and the third weight of each user and the corresponding first label, second label and third label, and determining feature information of each user.
In the embodiment of the disclosure, a computer device determines a first label according to a first weight, determines a second label according to a second weight, determines a third label according to a third weight, constructs a vector based on the first weight, the first label, the second weight, the second label, the third weight and the third label of each user, determines feature information of each user, and uses the feature information as input of a clustering algorithm to determine a security level label corresponding to each user.
In the embodiment of the disclosure, the computer device determines a first tag according to a first weight, the first weight is positively correlated with the first tag, and analysis of the relationship between the user network access information and the identity class of the user shows that the user identity class is positively correlated with the first weight, that is, the user identity class is positively correlated with the first tag, if the user identity class is higher, the first weight value is higher, and the security class of the corresponding user is higher; if the identity level of the user is lower, the first weight value is lower, and the security level of the corresponding user is lower. Wherein the first tag is set based on a user identity level, and illustratively, the first tag may be set to (the user identity level is high, and the user identity level is low in the user identity level).
In the embodiment of the disclosure, the computer device determines a second tag according to the second weight, the second weight is positively correlated with the second tag, and if the second weight value is higher, the corresponding security level of the user is higher; if the second weight value is lower, the corresponding user has a lower security level. Wherein the second tag is set based on the service data, and illustratively, the second tag may be set as (high frequency packet service, low frequency packet service) or (high frequency voice service, low frequency voice service).
In the embodiment of the disclosure, the computer device determines a third tag according to a third weight, the third weight and the third tag are positively correlated, and according to analysis of the relationship between the network identity change data and the security level of the user, it is known that the network identity change frequency of the user is positively correlated with a third weight value, and it is known that the network identity change frequency of the user is positively correlated with the third tag, if the network identity change frequency of the user is higher, the third weight value is higher, and the security level of the corresponding user is higher; if the network identity change frequency of the user is low, the third weight value is low, and the corresponding security level of the user is low. Wherein the third tag is set based on the user network identity change data, the third tag may be set (high frequency network identity change, low frequency network identity change) by way of example.
In the embodiment of the disclosure, the second weights include a second weight corresponding to the packet service and a second weight corresponding to the voice service, and the corresponding second labels include a second label corresponding to the network service and a second label corresponding to the voice service. After determining the first tag, the second tag, and the third tag, based on the first Weight of each user identity_i Second Weight corresponding to packet service packet_service_i Second right corresponding to voice serviceWeight voice_service_i Third Weight identity_switch_i And a first tag Profile identity_i Second label Profile corresponding to network service packet_service_i Second label Profile corresponding to voice service voice_service_i Third tag Profile identity_switch_i Constructing feature vectors to determine feature information x of each user i The following formula (10) shows:
in a multi-user network environment, feature information of all users can be represented by a vector matrix, as shown in the following formula (11):
X=(x 1 ,x 2 ,…,x i ,…,x n-1 ,x n ) T (11)
the first weight, the second weight and the third weight are all numerical data, and the first label, the second label and the third label are non-numerical data.
In the embodiment of the disclosure, since the labels (the first label, the second label and the third label) in the above formula (11) are non-numerical data, the labels cannot be calculated as input of a clustering algorithm, and the computer device can encode the label data by adopting One-Hot encoding (One-Hot encoding) to convert the label data into numerical data. Illustratively, the first label (high user identity level, low user identity level in the user identity level) may be converted to (001, 010, 100), the second label (high frequency packet traffic, low frequency packet traffic) may be converted to (01, 10), and the third label (high frequency network identity change, low frequency network identity change) may be converted to (01, 10), i.e. (high user identity level, low frequency packet traffic, high frequency network identity change) encoded and represented as (0,0,1,1,0,0,1).
In the embodiment of the disclosure, the weight corresponding to the user is determined according to the historical network data of the user, and then the label corresponding to the weight is automatically marked for the user according to the weight, so that the label of the security level of the user is determined. On the one hand, labels corresponding to network access information, service data and network identity change data are automatically marked for users, so that marking time can be saved, and the efficiency of determining corresponding labels is effectively improved; on one hand, the influence of the historical network data of the user on the security level of the user is enabled to be quantized, and therefore accuracy of determining the security level of the user is improved.
Fig. 2 is a schematic diagram of a network identity determining method according to an embodiment of the disclosure, as shown in fig. 2.
The network identity determining method of the embodiment of the disclosure can be applied to a wireless network, in the embodiment of the disclosure, the computer equipment identifies network data of a user through a security application identification technology module L201, and a security application identification technology of deep packet inspection can be adopted to primarily identify historical network data of the user in a preset time period. The preset time period may be set to 10 minutes, which is not limited in the embodiments of the present disclosure.
Based on the history network data after preliminary identification, the computer device can extract network access information of the user, service data of the user, network identity change data of the user and the like through the data preprocessing module L202, wherein the service data of the user comprises voice service data of the user and network service data of the user.
After acquiring the network data of the user, the computer device may acquire, through the user tag weight calculation module L203, a first weight corresponding to the network access information of the user, a second weight corresponding to the packet service corresponding to the network service data of the user, a second weight corresponding to the voice service data of the user, and a third weight corresponding to the network identity change data of the user, and may further determine the first tag based on the first weight, determine the second tag corresponding to the network service based on the second weight corresponding to the packet service, determine the second tag corresponding to the voice service based on the second weight corresponding to the voice service, and determine the third tag based on the third weight.
After the weight tag data (the first weight, the second weight, the third weight, the first tag, the second tag and the third tag) of all the users are obtained, the computer device can construct vectors based on the obtained weight tag data of all the users, and the feature information of all the users is divided through the clustering processing module L204. The constructed vector value can be used as input of a density-based noise application spatial clustering algorithm, characteristic information of users is divided to obtain different clusters, security levels of the users in each cluster are the same, the security levels of the users in the different clusters are different, and security level labels of the users are automatically marked after the security levels corresponding to the users are obtained.
After determining the security level tag of the user, the computer device may tune the neural network through the model training module L205 based on the user historical network data, the security level tag of the user, and the weight tag data of the user to train the neural network to obtain the level prediction model L206. Wherein the adjustable parameters include: the method comprises the steps of adjusting variable parameters of a first weight, adjusting variable parameters of a second weight corresponding to network service, adjusting variable parameters of a second weight corresponding to voice service, and adjusting variable parameters of a third weight.
After determining the level prediction model L206 according to the trained neural network, the computer device may obtain, based on the real-time network data of the user, the security level of the user within the current preset time period through the level prediction model L206, and may determine whether to adjust the network identity of the user according to the security level of the user.
In the embodiment of the disclosure, the security level of the user is determined according to the network data of the user and the trained level prediction model, and then the network identity of the user is adjusted according to the security level, so that the potential safety risk hazards of the user can be found in time, and the occurrence of the condition of revealing the identity information of the user is reduced.
Fig. 3 is a schematic flow chart of a clustering algorithm provided by an embodiment of the disclosure, as shown in fig. 3, including the following steps:
s301, selecting user characteristic information of a user as an initial sample point, and calculating the number of sample points in a preset radius threshold of the initial sample point;
s302, judging whether the calculated number of the sample points is larger than or equal to a preset sample point number threshold value; if yes, dividing the sample points in the preset radius threshold into the same cluster, and executing step S303; if not, executing step S304;
s303, recursively and repeatedly calculating the neighborhood of other sample points in a preset radius threshold to expand the cluster; after the recursive computation is finished, executing step S304;
s304, selecting another piece of user characteristic information which is not accessed by the user as an initial sample point, and calculating the number of sample points in a preset radius threshold value of the sample point; step S302 is performed.
In the embodiment of the disclosure, the computer device may determine the user characteristic information of each user based on the historical network data of each user, and perform clustering processing on the user characteristic information of all users to determine the security level tag corresponding to each user. In the clustering process, the steps of S301 to S304 may be adopted for clustering.
In the embodiment of the disclosure, the user characteristic information of the user is taken as a sample point of a clustering algorithm. The computer device adopts a clustering algorithm to divide the clusters according to the tightness degree of different sample points, and can use the distance measurement value among the sample points to represent whether the sample points are close to each other. The distance measurement may be calculated by euclidean distance formula, or manhattan distance formula, for example, and the distance algorithm is not limited by the embodiments of the present disclosure.
In the embodiment of the disclosure, the computer device may first arbitrarily select the user characteristic information of one user as a starting sample point, and then find all points whose starting sample point radius is within a preset radius threshold epsilon. If the number of sample points within the radius epsilon of the starting sample Point (i.e., the distance to the starting sample Point is less than or equal to epsilon) is less than the threshold number of sample points Point min Then this point is marked as noise, i.e. an outlier. If the number of sample points within the starting sample Point radius ε is greater than or equal to Point min The starting sample point is marked as a core sample point and assigned a new cluster, then other sample points within the radius epsilon of the core sample point are accessed and if they have not been assigned a cluster, they are partitioned And (3) recursively repeating calculation to access the sample points to the cluster where the core sample point is located, and gradually increasing the range of the cluster where the core sample point is located until the range of the cluster where the core sample point is located is not enlarged. Selecting a sample point which is not accessed yet, and repeating the same process.
If some sample points do not belong to any cluster by calculation, then these sample points are considered outliers. In embodiments of the present disclosure, the clustering process may also include processing of outliers, which may be labeled by human experts. The method comprises the steps of finding out the center point of each cluster, enabling the characteristics of the center point of each cluster to represent the user characteristics of the cluster, calculating the distance between the abnormal point and the center point for the detected abnormal user sample point data, correcting the abnormal point in a human expert intervention correction assisting mode, and manually marking the security level label of the user. Wherein the determination of the center point of the cluster is not described herein as prior art.
Fig. 4 is a schematic flow chart of model training provided in an embodiment of the disclosure, as shown in fig. 4, including the following steps:
s401, dividing user data with a preset first training proportion into training data, and dividing user data with a preset first verification proportion into verification data; wherein the user data includes: historical network data of the user and security level labels corresponding to the user;
S402, inputting training data into a neural network to obtain a corresponding training security level label;
s403, training the neural network according to the obtained training security level label and the security level label in the training data;
s404, inputting verification data into the trained neural network to obtain a corresponding verification security level label;
s405, determining the accuracy of the model according to the obtained verification security level label and the security level label in the verification data;
s406, judging whether the model accuracy is greater than or equal to a preset accuracy threshold; if yes, finishing model training; if not, go to step S407;
s407, adjusting the trained neural network according to the obtained verification security level label and the security level label in the verification data; step S404 is executed again.
In the embodiment of the disclosure, the computer equipment can train the neural network according to the historical network data of each user and the security level label corresponding to each user to determine the level prediction model.
In the embodiment of the disclosure, the computer device divides all users into a user with a preset first training proportion and a user with a preset first verification proportion, and takes user data with the preset first verification proportion as verification data of a verification set of the neural network, wherein at the moment, the sum of the preset first training proportion and the preset first verification proportion is 100%. For example, the first training ratio may be preset to 80% and the first verification ratio may be preset to 20%.
The computer equipment carries out training and parameter adjustment on the neural network based on the historical network data in the training data and the security level label of the user to obtain a trained neural network, and inputs the historical network data of the user in the verification data into the trained neural network to obtain the security level label of the corresponding user. And comparing the obtained security level label of the user with the security level label of the user in the verification data, further adjusting parameters of the neural network according to the comparison result until the level preset model determines that the accuracy of the security level of the user is greater than or equal to the preset accuracy threshold, and taking the neural network with the accuracy reaching the preset accuracy threshold as the level preset model. The preset accuracy threshold may be a critical value with higher accuracy for determining the user security level by using a characterization level preset model, which is not limited in the embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of a network identity determining apparatus according to an embodiment of the present disclosure, and as shown in fig. 5, a data analyzing apparatus 500 includes:
an obtaining module 501, configured to obtain network data of a user;
a first determining module 502, configured to determine a security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network;
A second determining module 503, configured to determine a network identity of the user according to the security level.
In some embodiments, the method further comprises:
a first obtaining module 504, configured to obtain historical network data of different users;
a third determining module 505, configured to perform clustering processing based on the historical network data of the different users, and determine security class labels corresponding to the users;
and a fourth determining module 506, configured to train the neural network according to the historical network data of each user and the security level label corresponding to each user, and determine the level prediction model.
In some embodiments, the third determining module 505 is further configured to process historical network data of each user to determine user characteristic information of each user; and clustering the user characteristic information of all the users, and determining the security level label corresponding to each user.
In some embodiments, the third determining module 505 is further configured to perform clustering processing on user feature information of all users to obtain different clusters; wherein the security levels of the different clusters are different; for each cluster, determining average characteristic information corresponding to the cluster according to the user characteristic information of each user included in the cluster; determining security level labels corresponding to the clusters based on average characteristic information corresponding to the clusters; the security level label of each user included in the cluster is the same as the security level label corresponding to the cluster.
In some embodiments, the historical network data includes network access information of the user, service data of the user, and network identity change data of the user; the third determining module 505 is further configured to determine, for each user, a first weight for characterizing an importance level of the identity level of the user according to the network access information of the user; determining a second weight used for representing the importance degree of the business data of the user according to the business data of the user; determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user; and determining the characteristic information of each user according to the first weight, the second weight and the third weight corresponding to each user.
In some embodiments, the third determining module 505 is further configured to determine an identity level of the user according to the network access information of the user; and determining the first weight according to the identity grade of the user, a maximum value of a preset user identity grade and a minimum value of a preset user identity grade.
In some embodiments, the business data comprises: data of network service; wherein the data of the network service comprises: the number of sessions of the packet service, the number of sessions of all network services; the third determining module 505 is further configured to determine a proportion of the number of sessions of the packet service in the number of sessions of all network services; and determining a second weight corresponding to the small packet service according to the proportion occupied by the small packet service.
In some embodiments, the business data comprises: the conversation times of all the services and the data of the voice service; wherein, the data of the voice service comprises: the number of conversations, the time of voice conversations, and the number of successful voice conversations for all voice services; the third determining module 505 is further configured to determine a proportion of the number of sessions of the voice service in the number of sessions of all services; determining the success rate of the voice conversation according to the conversation times of all the voice services and the successful times of the voice conversation; and determining a second weight corresponding to the voice service according to the proportion occupied by the voice service, the voice session success rate and the voice session time.
In some embodiments, the network identity change data comprises: the number of times of network identity change and the time of first network identity change; the third determining module 505 is further configured to determine a frequency of network identity change according to the number of network identity changes and the time of the first network identity change; and determining the third weight according to the frequency of the network identity change.
In some embodiments, the third determining module 505 is further configured to determine, for each user, a first tag for characterizing a security level of the user according to the first weight of the user; wherein the security level characterized by the first tag is positively correlated with the first weight; determining a second tag for characterizing a security level of the user according to the second weight of the user; wherein the security level characterized by the second tag is positively correlated with the second weight; determining a third tag for characterizing a security level of the user according to the third weight of the user; wherein the security level characterized by the third tag is positively correlated with the third weight; and constructing a feature vector based on the first weight, the second weight and the third weight of each user and the corresponding first label, second label and third label, and determining feature information of each user.
In some embodiments, the second determining module 503 is further configured to adjust the network identity of the user if the security level is greater than or equal to a preset security level threshold; and if the security level is smaller than the preset security level threshold, maintaining the network identity of the user unchanged.
Fig. 6 is a schematic diagram of a hardware entity of a computer device according to an embodiment of the disclosure, as shown in fig. 6, the hardware entity of the computer device 600 includes: a processor 601, a communication interface 602, and a memory 603, wherein: the processor 601 generally controls the overall operation of the computer device 600. The communication interface 602 may enable a computer device to communicate with other terminals or servers over a network.
The memory 603 is configured to store instructions and applications executable by the processor 601, and may also cache data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or processed by various modules in the processor 601 and the computer device 600, which may be implemented by a FLASH memory (FLASH) or a random access memory (Random Access Memory, RAM). Data transfer may be performed between the processor 601, the communication interface 602, and the memory 603 via the bus 604. Wherein the processor 601 is configured to perform some or all of the steps of the above method.
Accordingly, embodiments of the present disclosure provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs some or all of the steps of the above-described method.
It should be noted here that: the description of the storage medium and apparatus embodiments above is similar to that of the method embodiments described above, with similar benefits as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and apparatus of the present disclosure, please refer to the description of the embodiments of the method of the present disclosure for understanding.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in various embodiments of the present disclosure, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by their functions and internal logic, and should not constitute any limitation on the implementation of the embodiments of the present disclosure. The foregoing embodiment numbers of the present disclosure are merely for description and do not represent advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present disclosure may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read Only Memory (ROM), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present disclosure may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the present disclosure may be embodied essentially or in part in a form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the methods described in the embodiments of the present disclosure. And the aforementioned storage medium includes: various media capable of storing program codes, such as a removable storage device, a ROM, a magnetic disk, or an optical disk.
The foregoing is merely an embodiment of the present disclosure, but the protection scope of the present disclosure is not limited thereto, and any person skilled in the art can easily think about the changes or substitutions within the technical scope of the present disclosure, and should be covered by the protection scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (14)

1. A method for determining network identity, the method comprising:
acquiring network data of a user;
determining the security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network;
and determining the network identity of the user according to the security level.
2. The method according to claim 1, wherein the method further comprises:
acquiring historical network data of different users;
clustering is carried out based on the historical network data of different users, and security level labels corresponding to the users are determined;
training the neural network according to the historical network data of each user and the security level label corresponding to each user, and determining the level prediction model.
3. The method according to claim 2, wherein the determining the security level tag corresponding to each user based on the clustering process performed by the historical network data of the different users includes:
processing the historical network data of each user and determining the user characteristic information of each user;
and clustering the user characteristic information of all the users, and determining the security level label corresponding to each user.
4. A method according to claim 3, wherein the clustering the user characteristic information of all the users to determine security level labels corresponding to the users includes:
clustering is carried out on the user characteristic information of all users to obtain different clustering clusters; wherein the security levels of the different clusters are different;
for each cluster, determining average characteristic information corresponding to the cluster according to the user characteristic information of each user included in the cluster;
determining security level labels corresponding to the clusters based on average characteristic information corresponding to the clusters; the security level label of each user included in the cluster is the same as the security level label corresponding to the cluster.
5. A method according to claim 3, wherein the historical network data comprises network access information of the user, service data of the user and network identity change data of the user;
the processing the historical network data of each user to determine the user characteristic information of each user comprises the following steps:
determining a first weight for representing the importance degree of the identity grade of each user according to the network access information of the user;
Determining a second weight used for representing the importance degree of the business data of the user according to the business data of the user;
determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user;
and determining the characteristic information of each user according to the first weight, the second weight and the third weight corresponding to each user.
6. The method of claim 5, wherein determining a first weight for characterizing importance of the user's identity level based on the user's network access information comprises:
determining the identity grade of the user according to the network access information of the user;
and determining the first weight according to the identity grade of the user, a maximum value of a preset user identity grade and a minimum value of a preset user identity grade.
7. The method of claim 5, wherein the traffic data comprises: data of network service; wherein the data of the network service comprises: the number of sessions of the packet service, the number of sessions of all network services;
the determining, according to the service data of the user, a second weight for characterizing the importance degree of the service data of the user includes:
Determining the proportion of the conversation times of the packet service in the conversation times of all network services;
and determining a second weight corresponding to the small packet service according to the proportion occupied by the small packet service.
8. The method of claim 5, wherein the traffic data comprises: the conversation times of all the services and the data of the voice service; wherein, the data of the voice service comprises: the number of conversations, the time of voice conversations, and the number of successful voice conversations for all voice services;
the determining, according to the service data of the user, a second weight for characterizing the importance degree of the service data of the user includes:
determining the proportion of the conversation times of the voice service in the conversation times of all the services;
determining the success rate of the voice conversation according to the conversation times of all the voice services and the successful times of the voice conversation;
and determining a second weight corresponding to the voice service according to the proportion occupied by the voice service, the voice session success rate and the voice session time.
9. The method of claim 5, wherein the network identity change data comprises: the number of times of network identity change and the time of first network identity change;
The determining a third weight for representing the importance degree of the network identity change of the user according to the network identity change data of the user comprises the following steps:
determining the frequency of the network identity change according to the number of the network identity change and the time of the first network identity change;
and determining the third weight according to the frequency of the network identity change.
10. The method of claim 5, wherein determining the feature information of each user according to the first weight, the second weight, and the third weight corresponding to each user comprises:
determining, for each user, a first tag for characterizing a security level of the user according to the first weight of the user; wherein the security level characterized by the first tag is positively correlated with the first weight;
determining a second tag for characterizing a security level of the user according to the second weight of the user; wherein the security level characterized by the second tag is positively correlated with the second weight;
determining a third tag for characterizing a security level of the user according to the third weight of the user; wherein the security level characterized by the third tag is positively correlated with the third weight;
And constructing a feature vector based on the first weight, the second weight and the third weight of each user and the corresponding first label, second label and third label, and determining feature information of each user.
11. The method of claim 1, wherein said determining the network identity of the user based on the security level comprises:
if the security level is greater than or equal to a preset security level threshold, adjusting the network identity of the user;
and if the security level is smaller than the preset security level threshold, maintaining the network identity of the user unchanged.
12. A network identity determining apparatus, the apparatus comprising:
the acquisition module is used for acquiring network data of a user;
the first determining module is used for determining the security level of the user according to the network data and a preset level prediction model; the level prediction model is trained by a neural network;
and the second determining module is used for determining the network identity of the user according to the security level.
13. A computer device comprising a memory and a processor, the memory storing a computer program executable on the processor, characterized in that the processor implements the steps of the method of any of claims 1 to 11 when the program is executed.
14. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 11.
CN202211085990.4A 2022-09-06 2022-09-06 Network identity determining method and device, computer equipment and storage medium Pending CN117675259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211085990.4A CN117675259A (en) 2022-09-06 2022-09-06 Network identity determining method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211085990.4A CN117675259A (en) 2022-09-06 2022-09-06 Network identity determining method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117675259A true CN117675259A (en) 2024-03-08

Family

ID=90081357

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211085990.4A Pending CN117675259A (en) 2022-09-06 2022-09-06 Network identity determining method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117675259A (en)

Similar Documents

Publication Publication Date Title
CN113159288B (en) Coding model training method and device for preventing private data leakage
US20220038332A1 (en) System and method for anomaly detection with root cause identification
CN110209820B (en) User identification detection method, device and storage medium
CN110022454B (en) Method for identifying identity in video conference and related equipment
CN108768695B (en) KQI problem positioning method and device
Papadopoulos et al. A novel graph-based descriptor for the detection of billing-related anomalies in cellular mobile networks
CN110381509B (en) Combined authentication method and server suitable for dynamic connection scene
CN112261021B (en) DDoS attack detection method under software defined Internet of things
CN110944349A (en) Heterogeneous wireless network selection method based on intuitive fuzzy number and TOPSIS
Wang et al. QoE Management in Wireless Networks
CN113379176A (en) Telecommunication network abnormal data detection method, device, equipment and readable storage medium
US11496442B2 (en) System and method for detecting and responding to theft of service devices
CN110611831B (en) Video transmission method and device
Zhou et al. Human-behavior and QoE-aware dynamic channel allocation for 5G networks: A latent contextual bandit learning approach
US20210352516A1 (en) Estimating apparatus, system, method, and computer-readable medium, and learning apparatus, method, and computer-readable medium
CN117156097B (en) Intelligent conference audio data processing method and system based on Internet of things perception
CN111368858B (en) User satisfaction evaluation method and device
CN117675259A (en) Network identity determining method and device, computer equipment and storage medium
Ganewattha et al. Confidence aware deep learning driven wireless resource allocation in shared spectrum bands
CN114466215B (en) Data processing method and device
CN113055333A (en) Network flow clustering method and device capable of self-adaptively and dynamically adjusting density grids
CN113840157B (en) Access detection method, system and device
Saki et al. Machine learning based frame classification for videos transmitted over mobile networks
CN109753599B (en) Method and device for recommending service
CN115578765A (en) Target identification method, device, system and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination