TW202113694A - User ticket buying behavior detection method and device - Google Patents

User ticket buying behavior detection method and device Download PDF

Info

Publication number
TW202113694A
TW202113694A TW109116688A TW109116688A TW202113694A TW 202113694 A TW202113694 A TW 202113694A TW 109116688 A TW109116688 A TW 109116688A TW 109116688 A TW109116688 A TW 109116688A TW 202113694 A TW202113694 A TW 202113694A
Authority
TW
Taiwan
Prior art keywords
ticket purchase
page
user
access
ticket
Prior art date
Application number
TW109116688A
Other languages
Chinese (zh)
Other versions
TWI740507B (en
Inventor
周榮旺
楊程遠
張恒
楊志雄
Original Assignee
大陸商支付寶(杭州)信息技術有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商支付寶(杭州)信息技術有限公司 filed Critical 大陸商支付寶(杭州)信息技術有限公司
Publication of TW202113694A publication Critical patent/TW202113694A/en
Application granted granted Critical
Publication of TWI740507B publication Critical patent/TWI740507B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a user ticket buying behavior detection method and device. The user ticket buying behavior detection method comprises the steps of collecting page access data of a user on a ticket buying page; analyzing the page access data to determine the access abnormality of the user on the ticket buying page; inputting the access exception degree into an access exception measurement function corresponding to a ticket buying dimension to which the ticket buying page belongs to perform access exception calculation; and under the condition that the calculated access abnormality measurement value of the ticket buying dimension is smaller than a preset measurement threshold of the ticket buying dimension, inputting the page access data into a ticket buying behavior detection model to carry out ticket buying behavior detection, and obtaining an output ticket buying behavior detection result of the user. According to the user ticket buying behavior detection method, the ticket buying behavior detection model is adopted to detect the ticket buying behavior of the user, false seat occupation conditions are effectively prevented and controlled, and the defect that a large amount of manpower and a large number of material resources are needed is overcome.

Description

用戶購票行為檢測方法以及裝置Method and device for detecting ticket purchase behavior of user

本發明涉及網際網路資訊管理技術領域,特別涉及一種用戶購票行為檢測方法。本發明同時涉及一種用戶購票行為檢測裝置,一種計算設備,以及一種電腦可讀取儲存媒體。The invention relates to the technical field of Internet information management, in particular to a method for detecting user ticket purchase behavior. The invention also relates to a user ticket purchase behavior detection device, a computing device, and a computer readable storage medium.

隨著網際網路技術的發展,生活中各種服務都開啟了網路服務,用戶通過網路即可得到需要的服務,尤其是在購票維度中,只要用戶在購票服務頁面添加正確的身份資訊以及購票資訊,並支付相應的購票金額,即可獲得需要購買的票。 然而,隨著網路購票服務對用戶購票需求的簡化,存在著一部分非正常用戶利用網路購票服務進行虛假占座以此獲利,導致正常用戶在需要購票時,無票可買,不僅會對正常用戶產生影響,並且也會引發售票機構的票難賣、積壓的情況發生。 為了避免非正常用戶虛假占座的情況發生,現有技術中,會對用戶購票過程引入用戶可見的驗證機制,例如通過滑動驗證或者簡訊驗證的方式對用戶的購票行為進行行為驗證,但是引入驗證機制進行購票驗證對於售票機構來說也是一筆很大的開銷,並且還需要人工對購票過程進行監督,既浪費物力又浪費人力。With the development of Internet technology, various services in life have opened network services, users can get the services they need through the Internet, especially in the ticket purchase dimension, as long as the user adds the correct identity on the ticket purchase service page Information and ticket purchase information, and pay the corresponding ticket purchase amount, you can get the ticket that needs to be purchased. However, as the online ticketing service simplifies the ticket purchase needs of users, there are some abnormal users who use the online ticketing service to falsely occupy seats in order to make profits. As a result, normal users have no tickets available when they need to buy tickets. Buying will not only have an impact on normal users, but will also cause the ticketing agencies to sell tickets and backlog. In order to avoid false occupancy by abnormal users, in the prior art, a user-visible verification mechanism is introduced to the user's ticket purchase process, such as sliding verification or SMS verification to verify the user's ticket purchase behavior, but the introduction The verification mechanism for ticket purchase verification is also a large expense for the ticketing agency, and manual supervision of the ticket purchase process is also required, which is a waste of material and manpower.

有鑑於此,本發明實施例提供了一種用戶購票行為檢測方法。本發明同時涉及一種用戶購票行為檢測裝置,一種計算設備,以及一種電腦可讀取儲存媒體,以解決現有技術中存在的技術缺陷。 根據本發明實施例的第一方面,提供了一種用戶購票行為檢測方法,包括: 採集用戶在購票頁面的頁面存取資料; 通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 可選的,該通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度,包括: 通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈; 在該行為鏈中提取該用戶存取的購票節點以及在該購票節點的存取時間; 基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度。 可選的,該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟執行之後,還包括: 在該購票行為檢測結果為非正常的情況下,將該用戶添加至非正常用戶名單,採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面; 採集該用戶在該蜜罐購票頁面的頁面存取資料; 通過對該用戶在該蜜罐購票頁面的頁面存取資料進行解析,確定該購票頁面的頁面漏洞; 基於該頁面漏洞對該購票頁面進行修復。 可選的,該將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算步驟執行之後,該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟執行之前,還包括: 在計算獲得的該存取異常衡量數值大於或等於該衡量閾值的情況下,將該購票頁面跳轉至驗證頁面,對該用戶的購票行為進行二次驗證; 在該用戶未通過該二次驗證的情況下,將該用戶添加至購票行為異常名單; 在該用戶通過該二次驗證的情況下,執行該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟。 可選的,該購票行為檢測模型通過如下方式訓練: 採集歷史用戶在該購票頁面的歷史頁面存取資料以及歷史購票行為結果; 對該歷史頁面存取資料對應的歷史購票行為結果添加行為標簽,將添加該行為標簽的歷史購票行為結果以及對應的歷史頁面存取資料作為訓練樣本; 將該訓練樣本輸入至基於該歷史頁面存取資料與該歷史購票行為結果的關聯關係構建的購票行為檢測模型進行訓練,獲得該購票行為檢測模型。 可選的,該採集用戶在購票頁面的頁面存取資料步驟執行之後,還包括: 根據該頁面存取資料確定該用戶的購票帳戶; 檢測該購票帳戶中的購票記錄,確定該用戶在購票時間內的購票數目; 在該購票時間小於預設的時間閾值並該購票數目大於預設的數目閾值的情況下,凍結該購票帳戶。 可選的,該購票維度預設的衡量閾值通過如下方式確定: 獲取歷史用戶在該購票維度的歷史存取異常衡量數值; 計算該歷史存取異常衡量數值的平均值作為該購票維度預設的衡量閾值。 可選的,該基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度,包括: 根據該頁面存取資料確定該用戶點擊的購票節點的第一節點數目,以及確定在該行為鏈中提取的該用戶存取的購票節點的第二節點數目; 計算該第一節點數目與該第二節點數目二者的比值,確定為該用戶的存取節點概率; 根據該頁面存取資料確定該用戶開啟該購票頁面的時間以及該用戶支付購票金額的時間; 基於該開啟該購票頁面的時間以及該用戶支付購票金額的時間確定該用戶購票的總時間,以及該用戶存取該購票節點的存取總時間; 計算該總時間與該存取總時間二者的比值,確定為該用戶的存取時間概率; 將該存取節點概率以及該存取時間概率進行乘積,根據乘積結果確定該存取異常度。 可選的,該採集用戶在購票頁面的頁面存取資料,包括: 通過在承載該購票頁面的平台嵌入資料採集包,在承載該購票頁面的平台創建資料採集介面; 通過調用該資料採集介面採集該頁面存取資料。 可選的,該通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度,包括: 讀取該頁面存取資料中包含的頁面點擊資料、頁面存取時間資料以及頁面跳轉資料; 根據該頁面點擊資料確定該用戶點擊該購票頁面的點擊次數,根據該頁面存取時間資料確定該用戶在該購票頁面的停留時間,以及根據該頁面跳轉資料確定該用戶在該購票頁面的跳轉次數; 計算該點擊次數與預設的點擊權重係數二者的乘積,該停留時間與預設的時間權重係數二者的乘積,以及該跳轉次數與預設的跳轉權重係數二者的乘積; 將乘積結果進行求和,並計算求和結果與預設的存取異常標準值二者的比值,作為該存取異常度。 根據本發明實施例的第二方面,提供了一種用戶購票行為檢測裝置,包括: 採集模組,被配置為採集用戶在購票頁面的頁面存取資料; 確定模組,被配置為通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 計算模組,被配置為將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 檢測模組,被配置為在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 可選的,該確定模組,包括: 解析單元,被配置為通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈; 提取單元,被配置為在該行為鏈中提取該用戶存取的購票節點以及在該購票節點的存取時間; 計算單元,被配置為基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度。 可選的,該用戶購票行為檢測裝置,還包括: 跳轉模組,被配置為在該購票行為檢測結果為非正常的情況下,將該用戶添加至非正常用戶名單,採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面; 採集頁面存取資料模組,被配置為採集該用戶在該蜜罐購票頁面的頁面存取資料; 確定頁面漏洞模組,被配置為通過對該用戶在該蜜罐購票頁面的頁面存取資料進行解析,確定該購票頁面的頁面漏洞; 修復模組,被配置為基於該頁面漏洞對該購票頁面進行修復。 根據本發明實施例的第三方面,提供了一種計算設備,包括: 記憶體和處理器; 該記憶體用於儲存電腦可執行指令,該處理器用於執行該電腦可執行指令: 採集用戶在購票頁面的頁面存取資料; 通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 根據本發明實施例的第四方面,提供了一種電腦可讀取儲存媒體,其儲存有電腦可執行指令,該指令被處理器執行時實現任意一項所述用戶購票行為檢測方法的步驟。 本發明提供的用戶購票行為檢測方法,採集用戶在購票頁面的頁面存取資料;通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度;將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算;在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 本發明提供的用戶購票行為檢測方法中,根據該用戶在該購票頁面的頁面存取資料確定存取異常度,實現了初步對用戶的購票行為進行檢測,並且在該存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,採用該購票行為檢測模型再次對該用戶的購票行為進行檢測,實現了可以準確的確定該用戶的購票行為,並且在對該用戶的購票行為進行檢測時是在用戶購票過程中進行的,做到了對用戶的購票行為進行無痕檢測,大大的減少了對用戶的購票流程的干擾,優化了用戶的體驗效果。In view of this, an embodiment of the present invention provides a method for detecting a user's ticket purchase behavior. The invention also relates to a user ticket purchase behavior detection device, a computing device, and a computer readable storage medium to solve the technical defects in the prior art. According to a first aspect of the embodiments of the present invention, there is provided a method for detecting a user's ticket purchase behavior, including: Collect user access data on the ticket purchase page; By analyzing the access data of the page, determine the abnormal degree of the user's access to the ticket purchase page; Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output of the The user's ticket purchase behavior detection result. Optionally, determining the user's access abnormality on the ticket purchase page by analyzing the page access data includes: By analyzing the access data of the page, the behavior chain of the user on the ticket purchase page is obtained; Extract the ticket purchase node accessed by the user and the access time at the ticket purchase node in the behavior chain; The access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree. Optionally, the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection, and obtaining the output of the user's ticket purchasing behavior detection result after the step is executed, further includes: When the result of the ticket purchase behavior is abnormal, the user is added to the list of abnormal users, and the honeypot mechanism is used to jump the ticket purchase page to the honeypot ticket purchase page; Collect the user's page access data on the honeypot ticket purchase page; By analyzing the user's page access data on the honeypot ticket purchase page, determine the page vulnerability of the ticket purchase page; Repair the ticket purchase page based on the page vulnerability. Optionally, input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform the access anomaly calculation step, and then input the page access data into the ticket purchase behavior detection The model performs ticket purchase behavior detection, and obtains the output of the user's ticket purchase behavior detection result before the step is executed, including: In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, the ticket purchase page is redirected to the verification page, and the user's ticket purchase behavior is verified again; If the user fails the second verification, add the user to the list of abnormal ticket purchase behaviors; In the case that the user passes the secondary verification, the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained. Optionally, the ticket purchase behavior detection model is trained in the following way: Collect historical user access data on the historical page of the ticket purchase page and the results of historical ticket purchase behavior; Add a behavior tag to the historical ticket purchase behavior result corresponding to the historical page access data, and use the historical ticket purchase behavior result with the behavior tag added and the corresponding historical page access data as a training sample; The training sample is input into a ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket purchase behavior result for training, and the ticket purchase behavior detection model is obtained. Optionally, after the step of accessing data on the page of the ticket purchase page by the collecting user is executed, the method further includes: Determine the user's ticket purchase account according to the page access data; Check the ticket purchase records in the ticket purchase account to determine the number of tickets purchased by the user during the ticket purchase time; In the case that the ticket purchase time is less than the preset time threshold and the number of tickets purchased is greater than the preset number threshold, the ticket purchase account is frozen. Optionally, the preset measurement threshold of the ticket purchase dimension is determined in the following manner: Obtain the historical abnormal measurement value of historical users in the ticket purchase dimension; Calculate the average value of the historical access abnormality measurement value as the preset measurement threshold of the ticket purchase dimension. Optionally, the calculation of the access anomaly degree based on the ticket purchasing node and the access time, and the calculation result as the access anomaly degree, includes: Determine the number of the first node of the ticket purchase node clicked by the user according to the page access data, and determine the number of the second node of the ticket purchase node accessed by the user extracted from the behavior chain; Calculate the ratio between the number of the first node and the number of the second node, and determine it as the access node probability of the user; Determine the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount according to the page access data; Determine the total time for the user to purchase tickets and the total time for the user to access the ticket purchasing node based on the time when the ticket purchase page is opened and the time when the user pays for the ticket purchase amount; Calculate the ratio of the total time to the total access time, and determine it as the user's access time probability; The access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result. Optionally, the data collected by the user on the page of the ticket purchase page includes: By embedding a data collection package on the platform hosting the ticket purchase page, create a data collection interface on the platform hosting the ticket purchase page; Collect the access data of this page by calling the data collection interface. Optionally, determining the user's access abnormality on the ticket purchase page by analyzing the page access data includes: Read the page click data, page access time data and page jump data contained in the page access data; Determine the number of clicks the user clicks on the ticket purchase page according to the page click data, determine the user’s stay time on the ticket page according to the page access time data, and determine the user’s stay on the ticket page according to the page jump data The number of jumps; Calculate the product of the number of clicks and the preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the product of the number of jumps and the preset jump weighting factor; The product result is summed, and the ratio of the sum result and the preset access abnormality standard value is calculated as the access abnormality degree. According to a second aspect of the embodiments of the present invention, there is provided a user ticket purchase behavior detection device, including: The collection module is configured to collect user access data on the ticket purchase page; The determining module is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data; The calculation module is configured to input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; The detection module is configured to input the page access data into the ticket purchase behavior detection model to purchase tickets when the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension Behavior detection, to obtain the output of the user's ticket purchase behavior detection result. Optionally, the determining module includes: The parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by analyzing the page access data; The extraction unit is configured to extract the ticket purchasing node accessed by the user and the access time at the ticket purchasing node in the behavior chain; The calculation unit is configured to calculate the access abnormality degree based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality degree. Optionally, the user ticket purchase behavior detection device further includes: The jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot ticket purchase page; The page access data collection module is configured to collect the page access data of the user on the honeypot ticket purchase page; The page vulnerability determination module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user's ticket purchase page on the honeypot; The repair module is configured to repair the ticket purchase page based on the page vulnerability. According to a third aspect of the embodiments of the present invention, there is provided a computing device, including: Memory and processor; The memory is used to store computer executable instructions, and the processor is used to execute the computer executable instructions: Collect user access data on the ticket purchase page; By analyzing the access data of the page, determine the abnormal degree of the user's access to the ticket purchase page; Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output of the The user's ticket purchase behavior detection result. According to a fourth aspect of the embodiments of the present invention, there is provided a computer-readable storage medium, which stores computer-executable instructions that, when executed by a processor, implement any of the steps of the user ticket buying behavior detection method. The user's ticket purchase behavior detection method provided by the present invention collects the user's page access data on the ticket purchase page; analyzes the page access data to determine the user's access abnormality on the ticket purchase page; Take the anomaly degree and input it into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement of the ticket purchase dimension In the case of a threshold, the page access data is input into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection, and the output of the user's ticket purchasing behavior detection result is obtained. In the method for detecting user ticket purchase behavior provided by the present invention, the access abnormality degree is determined according to the user's page access data on the ticket purchase page, which realizes preliminary detection of the user's ticket purchase behavior, and measures the access abnormality. When the value is less than the preset measurement threshold of the ticket purchase dimension, the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user's ticket purchase behavior can be accurately determined, and the user's ticket purchase behavior can be accurately determined. The user's ticket purchase behavior is detected during the user's ticket purchase process, and the user's ticket purchase behavior is detected without trace, which greatly reduces the interference to the user's ticket purchase process and optimizes the user experience effect .

在下面的描述中闡述了很多具體細節以便於充分理解本發明。但是本發明能夠以很多不同於在此描述的其它方式來實施,本領域技術人員可以在不違背本發明內涵的情況下做類似推廣,因此本發明不受下面公開的具體實施的限制。 在本發明一個或多個實施例中使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本發明一個或多個實施例。在本發明一個或多個實施例和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本發明一個或多個實施例中使用的術語“和/或”是指並包含一個或多個相關聯的列出項目的任何或所有可能組合。 應當理解,儘管在本發明一個或多個實施例中可能採用術語第一、第二等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本發明一個或多個實施例範圍的情況下,第一也可以被稱為第二,類似地,第二也可以被稱為第一。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“回應於確定”。 首先,對本發明一個或多個實施例涉及的名詞術語進行解釋。 蜜罐機制:本質上是一種對攻擊方進行欺騙的技術,通過佈置一些作為誘餌的主機、網路服務或者資訊,誘使攻擊方對它們實施攻擊,從而可以對攻擊行為進行捕獲和分析,瞭解攻擊方所使用的工具與方法,推測攻擊意圖和動機,能夠讓防禦方清晰地瞭解他們所面對的安全威脅,並通過技術和管理手段來增強實際系統的安全防護能力。 在本發明中,提供了一種用戶購票行為檢測方法,本發明同時涉及一種用戶購票行為檢測裝置,一種計算設備,以及一種電腦可讀取儲存媒體,在下面的實施例中逐一進行詳細說明。 下面結合圖式1,圖式2、圖式3和圖式4對本發明提供的用戶購票行為檢測方法進行描述。圖1示出了根據本發明一實施例提供的一種用戶購票行為檢測方法的流程圖;圖2示出了根據本發明一實施例提供的一種用戶購票行為檢測方法中採集頁面存取資料過程的示意圖;圖3示出了根據本發明一實施例提供的一種用戶購票行為檢測方法中行為鏈的結構示意圖;圖4示出了根據本發明一實施例提供的一種用戶購票行為檢測方法中計算存取異常衡量數值過程的示意圖;其中圖2包括圖2(a)和圖(b),圖1包括步驟102至步驟108。 步驟102:採集用戶在購票頁面的頁面存取資料。 本發明一實施例中該購票頁面可以是銷售航旅票的購票頁面,銷售比賽票的購票頁面,銷售旅遊景點票的購票頁面或者銷售演唱會票的購票頁面等,相應的,該頁面存取資料可以是用戶存取銷售航旅票的購票頁面的存取資料,用戶存取銷售比賽票的購票頁面的存取資料,用戶存取銷售旅遊景點票的購票頁面的存取資料或者用戶存取銷售演唱會票的購票頁面的存取資料等;其中該存取資料可以是用戶在對應的購票頁面的點擊次數、瀏覽時間、購票數量等資料。 例如,用戶在銷售火車票的A網頁購買從甲地點到乙地點的火車票,可以確定用戶購買的車票資訊為甲地點到乙地點,用戶的身份資訊,用戶在A網頁購買車票花費時間以及用戶在A網頁瀏覽內容,均為用戶在A網頁的頁面存取資料。 此處,以該購票頁面為購買飛機票頁面為例,對該用戶購票行為檢測方法進行描述,基於此,在用戶通過購買飛機票的頁面購買飛機票的過程中,為了避免該用戶是虛假占座的非正常用戶,需要對用戶的購票行為進行實時檢測,在此過程中,用戶在購買飛機票的過程中,通過設定驗證介面,防止用戶通過軟體進行虛假占座,可以使得有真正需求的用戶買到飛機票,可見,在用戶購票的過程中對用戶的購票行為進行檢測,使得用戶可以購買到需要的飛機票,在此過程中,有效的驗證用戶的購票行為有著很重要的作用。 本發明提供的用戶購票行為檢測方法,為了能夠使得用戶在購買飛機票的過程中,可以節省購票行為的驗證流程,並且還可以對虛假占座的情況進行防控,通過對用戶在購買飛機票頁面的頁面存取資料進行解析,獲得用戶在購買飛機票頁面的存取異常度,在通過將存取異常度輸入至存取異常衡量函數進行存取機場計算,可以初步的判斷出用戶在購買飛機票的過程中是否屬於正常購票行為,在用戶屬於正常購票行為的情況下,再通過購票行為檢測模型對用戶的購票行為進行進一步的檢測,實現了可以準確的確定用戶購買飛機票的行為狀態,進而實現了對用戶購買飛機票的行為進行無痕檢測,在不擾亂用戶購買飛機票的情況下,對用戶的購票行為進行了驗證,並且避免出現虛假占座而導致飛機票滯銷的情況發生,為用戶購買飛機票的過程節省了時間,以及為銷售飛機票的銷售方節省了人力和物力。 本實施例的一個或多個實施方式中,採集該用戶在該購票頁面的頁面存取資料,具體實現方式如下該: 通過在承載該購票頁面的平台嵌入資料採集包,在承載該購票頁面的平台創建資料採集介面; 通過調用該資料採集介面採集該頁面存取資料。 具體的,為了能夠獲得該用戶的足夠準確的頁面存取資料,通過在承載該購票頁面的平台嵌入資料採集包,該資料採集包掛載至平台,可以實現自動採集用戶的頁面存取資料,該資料採集包可以是SDK(軟體開發工具包, Software Development Kit)格式或者是js(JavaScript)程式碼片段,在用戶通過該購票頁面進行購票的過程中,平台將自動調用資料採集介面,即通過嵌入的資料採集包對應的採集功能,採集該用戶的頁面存取資料。 具體實施時,在將該資料採集包嵌入該購票頁面的平台之後,需要對該資料採集包進行解壓,獲得資料採集包中的程式碼片段,再通過將程式碼片段加載至購票頁面對應的開發端,即可實現在該購票頁面自動採集頁面存取資料。 實際應用中,參見圖2,圖2(a)是用戶購票的購票頁面的示意圖,可以確定,用戶在購票的情況下,需要先添加購票人的資訊,在用戶填寫購票資訊的過程中,購票頁面會根據後台運行的資料採集介面對應的程式碼獲得用戶在購票頁面的頁面存取資料,通過資料採集介面採集到的頁面存取資料對應的程式碼如圖2(b)所示,根據圖2(b)所示內容,可以確定用戶在購票頁面中的坐標(1182,273)處,time:4068,開始輸入證件號,證件號為1,8…。 通過在該購票頁面的平台嵌入該資料採集包,使得該購票頁面可以實時的自動採集該用戶在該購票頁面的頁面存取資料,提高了對用戶進行購票行為檢測的效率。 在上述採集該頁面存取資料的基礎上,進一步的,本實施例的一個或多個實施方式中,可以初步的對該用戶的購票帳戶進行檢測,在該購票帳戶存在異常的情況下,可以對該購票帳戶進行凍結,具體實現方式如下該: 根據該頁面存取資料確定該用戶的購票帳戶; 檢測該購票帳戶中的購票記錄,確定該用戶在購票時間內的購票數目; 在該購票時間小於預設的時間閾值並該購票數目大於預設的數目閾值的情況下,凍結該購票帳戶。 具體的,通過該頁面存取資料確定用戶在該購票頁面登錄的購票帳戶,檢測該購票帳戶中的購票記錄,確定該用戶在每次購票時間內的購票數目,通過判斷該購票時間是否小於該時間閾值,並且該購票數目是否大於數目閾值,以此來判斷用戶是否購票行為屬於異常行為。 若該用戶的購票時間小於時間閾值,並且購票數目大於數目閾值,說明用戶可能通過非正常方式進行了購票,例如通過軟體進行大範圍占票情況,此時,可以確定該用戶的購票帳戶可能是非正常用戶用來占票的帳戶,將該購票帳戶進行凍結即可,凍結該購票帳戶具體是指禁止該購票帳戶再次購票,並且會提醒用戶凍結時間。 基於此,只有在該用戶的購票時間小於時間閾值,該購票數目大於數目閾值兩個比較過程同時滿足的情況下,才能夠說明用戶的購票帳戶異常,除此之外的其他情況下,均可以表示為用戶的購票帳戶正常。 實際應用中,以購票帳戶A通過網頁B購買了5張飛機票為例,對購票帳戶是否存在異常行為進行描述,其中,購票帳戶A通過在網頁B的銷售飛機票頁面分別為用戶甲、用戶乙、用戶丙、用戶丁、用戶戊購票了從城市A飛往城市B的5張飛機票,共用了30秒時間,網頁B設定的時間閾值為5分鐘,數目閾值為3張飛機票,通過比較確定購票帳戶A屬於異常購票行為,可以初步判定購票帳戶A存在占座的嫌疑,則對購票帳戶A進行凍結,禁止再進行購票。 通過對該用戶的購票帳戶中的購票記錄進行檢測,可以判斷出該用戶的購票帳戶是否存在過非正常購票的情況出現,若存在的情況下,及時對該購票帳戶進行凍結,避免用戶繼續使用該購票帳戶進行非正常購票行為,使得銷售票方的利益得到了有效的保護。 除此之外,在對該購票帳戶進行凍結之後,若用戶存在異議,可以通過與人工客服進行交涉的方式解凍該購票帳戶,但是前提是用戶需要提供有效的證明,例如提供購票人身份證件複印件或者對用戶進行人臉識別來確定用戶無問題的情況下,才能夠對該購票帳戶進行解凍。 步驟104:通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度。 具體的,根據上述採集的該頁面存取資料,進一步的,通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度,該存取異常度具體是指用戶在該購票頁面進行購票的過程中,出現的存取異常概率,例如,正常情況下買票時間大概在300秒,而用戶實際買票花了30秒,則該用戶在購票頁面的存取異常度為1-(30/300)* 100%=90%。 本實施例的一個或多個實施方式中,該用戶的存取異常度可以通過如下方式確定: 通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈; 在該行為鏈中提取該用戶存取的購票節點以及在該購票節點的存取時間; 基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度。 具體的,根據上述採集的該頁面存取資料的基礎上,進一步的通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈,該行為鏈具體是指用戶在該購票頁面進行購票過程中所產生的行為組成的鏈路,該行為鏈中存在用戶的存取路徑以及用戶的存取時間等資料,再提取該行為鏈中用戶的存取該購票頁面的購票節點,以及該用戶在該購票節點的存取時間,基於該購票節點以及該存取時間進行存取異常度計算,根據計算結果確定該用戶的存取異常度。 基於此,該購票節點為用戶在該購票頁面購票的過程中需要經過的節點,即用戶的活動點。首先預測用戶在購票的過程中需要經過的購票節點得到用戶的預測購票序列,再根據用戶該頁面存取資料確定用戶已經存取的購票節點,確定用戶的實際購票序列,最後基於實際購票序列對預測購票序列進行調整,刪除預測購票序列中用戶不可能出現的購票節點,獲得該行為鏈。 參見圖3示出了行為鏈的結構示意圖,其中四邊形表示用戶在活動點(購票節點)的停留時間(存取時間),圓形表示用戶存取的活動點,參見圖3可見用戶在活動點1停留時間為15s,用戶在活動點2停留時間為20s,用戶在活動點3停留時間為25s......,以此類推,確定用戶的在購票頁面存取的購票節點以及存取時間。 在上述提取該用戶存取的購票節點以及在該購票節點的存取時間的基礎上,進一步的,本實施例的一個或多個實施方式中,計算該存取異常度的第一種實現方式如下該: 根據該頁面存取資料確定該用戶點擊的購票節點的第一節點數目,以及確定在該行為鏈中提取的該用戶存取的購票節點的第二節點數目; 計算該第一節點數目與該第二節點數目二者的比值,確定為該用戶的存取節點概率; 根據該頁面存取資料確定該用戶開啟該購票頁面的時間以及該用戶支付購票金額的時間; 基於該開啟該購票頁面的時間以及該用戶支付購票金額的時間確定該用戶購票的總時間,以及該用戶存取該購票節點的存取總時間; 計算該總時間與該存取總時間二者的比值,確定為該用戶的存取時間概率; 將該存取節點概率以及該存取時間概率進行乘積,根據乘積結果確定該存取異常度。 具體的,根據該頁面存取資料確定該用戶點擊的購票節點的第一節點數目,該第一節點數目為用戶點擊過的購票節點數目,同時確定該行為鏈中提取的用戶存取的節點的第二節點數目,該第二節點數目為用戶存取過的購票節點數目,通過計算該第一節點數目與該第二節點數目二者的比值,確定該用戶的存取節點概率,該存取節點概率具體是指用戶打開並存取的購票節點數目占用戶總點擊的購票節點數目的比值,即為該存取節點概率; 根據該頁面存取資料確定該用戶進入該購票頁面的時間,以及該用戶針對購票進行支付購票金額的時間,通過該支付購票金額的時間減去該進入該購票頁面的時間,確定為該用戶在本次購票的過程中所花費的總時間,同時對該用戶在本次購票過程中在每個購票節點的存取時間進行求和,確定該用戶的存取總時間,基於此,計算該總時間與該存取總時間二者的比值,作為該用戶存取該購票頁面的存取時間概率; 基於上述計算獲得的該存取節點概率與該存取時間概率,通過計算該存取節點概率與該存取時間概率二者的乘積,將乘積結果作為該存取異常度。 具體實施時,該存取節點概率具體是用於描述該用戶在該購票頁面存取購票節點異常的概率,該存取時間概率具體是用於描述該用戶在該購票頁面存取購票節點花費時間異常的概率。 通過將時間維度和行為維度相結合以計算該用戶在該購票頁面的存取異常度,能夠更加準確的確定該用戶是否為非正常用戶,通過該存取異常度能夠更加體現出用該用戶的購票行為。 在上述提取該用戶存取的購票節點以及在該購票節點的存取時間的基礎上,進一步的,本實施例的一個或多個實施方式中,計算該存取異常度的第二種實現方式如下該: 讀取該頁面存取資料中包含的頁面點擊資料、頁面存取時間資料以及頁面跳轉資料; 根據該頁面點擊資料確定該用戶點擊該購票頁面的點擊次數,根據該頁面存取時間資料確定該用戶在該購票頁面的停留時間,以及根據該頁面跳轉資料確定該用戶在該購票頁面的跳轉次數; 計算該點擊次數與預設的點擊權重係數二者的乘積,該停留時間與預設的時間權重係數二者的乘積,以及該跳轉次數與預設的跳轉權重係數二者的乘積; 將乘積結果進行求和,並計算求和結果與預設的存取異常標準值二者的比值,作為該存取異常度。 具體的,根據採集的該頁面存取資料,進一步的,讀取該頁面存取資料中包含的該頁面點擊資料、該頁面存取時間資料以及該頁面跳轉資料,其中,該頁面點擊資料具體是指用戶在該購票頁面點擊的次數,該頁面存取時間資料具體是指用戶在該購票頁面存取總時間,該頁面跳轉資料具體是指用戶在該購票頁面購票過程中跳轉購票頁面包含的子頁面次數; 根據該頁面點擊資料確定該用戶點擊該購票頁面的點擊次數,根據該頁面存取時間資料確定該用戶在該購票頁面的停留時間,以及根據該頁面跳轉資料確定該用戶在該購票頁面的跳轉次數;在該購票頁面中預設有與頁面點擊資料、頁面存取時間資料以及頁面跳轉資料對應的權重係數; 基於此,計算該點擊次數與該頁面點擊資料維度對應的點擊權重係數二者的乘積,將計算結果作為第一計算結果,該第一計算結果用於表示在該頁面點擊資料維度的權重值;計算該停留時間與該頁面存取時間資料維度對應的時間權重係數二者的乘積,將計算結果作為第二計算結果,該第二計算結果用於表示在該頁面存取時間資料維度的權重值;計算該跳轉次數與該頁面跳轉資料維度對應的跳轉權重係數二者的乘積,將計算結果作為第三計算結果,該第三計算結果用於表示在該頁面跳轉維度的權重值; 再通過將該第一計算結果、該第二計算結果和該第三計算結果進行求和,將求和結果與該存取異常標準值進行相除,將結果作為該存取異常度,該存取異常標準值可以通過採集大量歷史用戶在不同維度的資料,根據上述計算過程確定在不同維度的權重值,將權重值求和之後,計算大量歷史用戶權重值求和的平均值,作為該存取異常標準值,實際應用中該存取異常標準值可以根據實際應用場景進行設定,本發明在此不做任何限定。 為了能夠在後續為用戶的購票行為預測的更加準確,通過讀取該頁面存取資料中包含的頁面點擊資料、頁面存取時間資料以及頁面跳轉資料,並分別根據該頁面點擊資料、該頁面存取時間資料以及該頁面跳轉資料計算權重值,以此來計算該用戶的存取異常度,在後續檢測該用戶的購票行為過程中,能夠更加準確的確定該用戶的購票行為。 步驟106:將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算。 具體的,在上述確定該用戶在該購票頁面的存取異常度的基礎上,進一步的,確定該購票頁面所屬的購票維度對應的存取異常衡量函數,該購票維度具體是指不同購票種類的購票場景,例如,用戶在購買火車票的頁面購買火車票,則將會確定在火車票購票維度的存取異常衡量函數;基於此,將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數,根據該存取異常衡量函數對用戶進行存取異常度計算,確定該存取異常衡量數值。 具體實施時,與該購票維度對應的存取異常衡量函數可以是MAX函數、MIN函數或者AVG函數;可以通過該MAX函數計算該存取異常衡量數值的最大值,可以通過該MIN函數計算該存取異常衡量數值的最小值或者通過該AVG函數計算該存取異常衡量數值的品均值;與該購票維度對應的存取異常衡量函數可以根據實際應用場景進行設定,本發明在此不做任何限定。 例如,一趟飛往丙地的飛機賣出了n張票,n為與飛機座位票對應的數值,航空公司為了避免出現虛假占座的情況發生,需要計算每張飛機票對應購買用戶的購票行為,通過採集每個購票用戶的購票資料,確定每個購票用戶的存取異常度,將每個用戶的存取異常度輸入至飛機票購票維度對應的存取異常衡量函數Hn=AVG0<n<m (P1,P2,Pn…Pm)中;其中Hn表示每個用戶的存取異常衡量數值,P1,P2,Pn…Pm表示每個用戶的存取異常度,採用AVG函數計算用戶的存取異常衡量數值的平均值,參見圖4,示出了計算存取異常衡量數值過程的示意圖,通過存取異常衡量函數Hn計算每個用戶的存取異常衡量數值H1,H2,…Hn,再根據後續的處理過程確定每個用戶是否存在虛假占座情況。 在上述通過與該購票維度對應的存取異常衡量函數計算獲得該存取異常衡量數值的基礎上,進一步的,本實施例的一個或多個實施方式中,將計算獲得的該存取異常衡量數值與預設的衡量閾值進行比較,在計算獲得的該存取異常衡量數值大於或等於該衡量閾值的情況下,需要對用戶進行二次驗證,具體實現方式如下該: 在計算獲得的該存取異常衡量數值大於或等於該衡量閾值的情況下,將該購票頁面跳轉至驗證頁面,對該用戶的購票行為進行二次驗證; 在該用戶未通過該二次驗證的情況下,將該用戶添加至購票行為異常名單; 在該用戶通過該二次驗證的情況下,執行該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟。 具體的,將計算獲得的該存取異常衡量數值與預設的衡量閾值進行比較,在計算獲得的該存取異常衡量數值大於或等於該衡量閾值的情況下,說明該用戶的購票行為存在異常,需要對該用戶進行二次驗證,該二次驗證具體是指通過跳轉至二次驗證頁面,請求用戶進行驗證,其中驗證方式可以是輸入驗證碼,並且二次驗證過程需要用戶手動完成; 基於此,在該用戶未通過該二次驗證的情況下,說明該用戶的本次購票行為可能是虛假占座的情況,則將該用戶添加至該購票行為異常名單,該購票行為異常名單是指在初次驗證的情況下,未通過驗證的用戶創建的名單;在該用戶通過二次驗證的情況下,說明該用戶的購票行為正常,執行後續步驟108即可。 除此之外,還可以將在計算獲得的該存取異常衡量數值大於該衡量閾值的情況下,直接將該用戶加入至該購票行為異常名單,將在計算獲得的該存取異常衡量數值等於該衡量閾值的情況下,將該用戶進行二次驗證,進一步的對用戶的購票行為進行分級別驗證,使得驗證過程變得更加快速。 例如,A航空公司對用戶X和用戶Y的購票行為進行驗證以避免出現虛假占座的情況,通過採集用戶X和用戶Y的購票資料,確定用戶X的存取異常衡量數值為7,用戶Y的存取異常衡量數值為9,其中衡量閾值為8,根據比較確定用戶X的存取異常衡量數值小於衡量閾值,則可以確定用戶X的購票行為初步判斷為正常,進行後續購票行為驗證即可,用戶Y的存取異常衡量數值大於衡量閾值,需要對用戶Y進行二次驗證,通過跳轉至預設的二次驗證介面,對用戶Y進行驗證,在用戶Y驗證通過的情況下,說明用戶Y的本次購票行為初步判斷為正常,進行後續的購票行為驗證即可,在用戶Y驗證未通過的情況下,說明用戶Y的本次購票行為初步判斷為非正常,將用戶Y加入至購票行為異常名單。 在採用該購票行為檢測模型進行購票行為檢測之前,通過根據該用戶的存取異常衡量數值對該用戶進行二次驗證,可以初步的判斷出用戶的購票行為是否正常,直接在初步判斷過程可以將非正常購票行為的用戶進行剔除,避免了出現在後續的購票行為檢測過程中對已經存在非正常購票行為的用戶進行二次驗證,不僅節省了對用戶的購票行為進行檢測的檢測時間,還節省了賣票方在驗證過程所產生的費用。 步驟108:在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 具體的,在上述通過該購票維度對應的存取異常衡量函數進行存取異常計算的基礎上,進一步的,根據該存取異常衡量函數確定該用戶的存取異常衡量數值,將該方位異常衡量數值與該衡量閾值進行比較,在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,說明在初步判斷該用戶的購票行為時,初步判斷結果為通過的,再將該頁面存取資料輸入至該購票行為檢測模型,對該用戶的購票行為進行進一步的檢測,該購票行為檢測模型輸出該用戶的購票行為檢測結果,該購票行為檢測結果包括用戶正常購票,用戶異常購票和用戶非正常購票; 其中,用戶正常購票具體是指用戶通過該購票頁面正常購買需要的票,用戶異常購票具體是指用戶通過該購票頁面正常購票需要票的情況下,產生了異常的購票行為,例如購買票的速度過快,可能導致用戶異常購票,在用戶異常購票的情況下可以對用戶進行二次驗證,驗證通過的情況下,並不影響用戶購票,用戶非正常購票具體是指用戶通過該購票頁面通過非正常手段進行虛假占座。 在上述計算獲得的該購票維度的存取異常度衡量數值與該購票維度預設的衡量閾值進行比較的基礎上,進一步的,本實施例的一個或多個實施方式中,該購票維度預設的衡量閾值通過如下方式確定: 獲取歷史用戶在該購票維度的歷史存取異常衡量數值; 計算該歷史存取異常衡量數值的平均值作為該購票維度預設的衡量閾值。 具體的,在對該存取異常衡量數值進行比較之前,需要確定該購票維度的衡量閾值,不同購票維度對應有不同的衡量閾值,具體預設過程均可參見下述內容,通過獲取該購票頁面的大量歷史用戶,採集該大量歷史用戶在該購票頁面所屬的購票維度的歷史存取異常衡量數值,通過將大量歷史用戶的歷史存取異常衡量數值取平均值,作為該購票維度預設的衡量閾值。 除此之外,該衡量閾值還可以通過反饋匿名函詢法進行預設,該反饋匿名函詢法即專家調查法,具體是指由承載購票頁面的平台組成一個專門進行預測的機構,其中包括若干專家和購票預測者,按照規定的程序,背靠背地徵詢專家對購票用戶的意見和判斷,進而進行確定該衡量閾值的方法。 在上述通過該購票行為檢測模型對該用戶的購票行為進行檢測的基礎上,進一步的,本實施例的一個或多個實施方式中,該購票行為檢測模型通過如下方式訓練: 採集歷史用戶在該購票頁面的歷史頁面存取資料以及歷史購票行為結果; 對該歷史頁面存取資料對應的歷史購票行為結果添加行為標簽,將添加該行為標簽的歷史購票行為結果以及對應的歷史頁面存取資料作為訓練樣本; 將該訓練樣本輸入至基於該歷史頁面存取資料與該歷史購票行為結果的關聯關係構建的購票行為檢測模型進行訓練,獲得該購票行為檢測模型。 具體的,該購票行為檢測模型為有監督學習模型,基於此,採集歷史用戶在該購票頁面的歷史頁面存取資料以及歷史購票行為結果,通過對該歷史頁面存取資料對應的歷史購票行為結果添加行為標簽,將添加該行為標簽的歷史購票行為結果以及對應的歷史頁面存取資料作為訓練樣本,該訓練樣本中包含每個歷史用戶的歷史頁面存取資料以及其對應的歷史購票行為結果,將該訓練樣本輸入至基於該歷史頁面存取資料與該歷史購票行為結果的關聯關係構建的購票行為檢測模型進行訓練,即可獲得該購票行為檢測模型。 通過採用有監督的購票行為檢測模型對該用戶的購票行為進行檢測,保證了對該用戶的購票行為進行檢測的準確性,減少了出現虛假占座的情況發生,有效的減少了賣票方的損失。 在上述獲得該購票行為檢測模型輸出的購票行為檢測結果的基礎上,進一步的,本實施例的一個或多個實施方式中,在該購票行為檢測結果為非正常的情況下,該用戶存在虛假占座的情況,說明該購票頁面存在頁面漏洞需要進行修復,具體確定該頁面漏洞的過程如下該: 在該購票行為檢測結果為非正常的情況下,將該用戶添加至非正常用戶名單,採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面; 採集該用戶在該蜜罐購票頁面的頁面存取資料; 通過對該用戶在該蜜罐購票頁面的頁面存取資料進行解析,確定該購票頁面的頁面漏洞; 基於該頁面漏洞對該購票頁面進行修復。 具體的,在該購票行為檢測模型輸出的購票行為檢測結果為非正常的情況下,說明該用戶存在虛假占座情況,則將該用戶添加至非正常用戶名單,該非正常用戶名單具體是指被承載該購票頁面的平台確定為非正常用戶加入的名單,被加入該非正常用戶名單的用戶在設定時間內是不允許通過該購票頁面進行買票的;在該用戶的購票行為是非正常的情況下,說明該購票頁面存在頁面漏洞,被用戶所利用,則需要對該頁面漏洞進行修復,通過採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面,採集用戶在該蜜罐購票頁面的頁面存取資料,通過對該頁面存取資料進行解析,可以確定用戶破解購票頁面的方式,以及用戶繞過購票頁面防控機制的方法,以此來確定該購票頁面存在的頁面漏洞,通過將用戶利用的頁面漏洞進行修復,提升該購票頁面的防控能力。 具體實施時,該用戶利用該頁面漏洞的方式可能是對該購票頁面的某些地方進行了破解,在此情況下可以通過對被破解的地方進行進一步的加密,防止在次被該用戶破解,進而避免了出現虛假占座情況發生。 實際應用中,仍以上述A航空公司通過購票行為檢測模型對用戶Y的購票行為進行檢測為例,對修復頁面漏洞的過程進行描述,其中,通過購票行為檢測模型的輸出購票行為檢測結果確定,用戶Y此次購票行為是非正常行為,則將用戶Y添加至A航空公司設定的非正常用戶名單,限定用戶Y在3年內不允許通過A航空公司的購票頁面進行購票,並且將A航空公司的購票頁面跳轉至蜜罐購票頁面,採集用戶在蜜罐購票頁面的頁面存取資料,進一步的確定A航空公司購票頁面存在的頁面漏洞,通過頁面漏洞進行修復,避免其他用戶利用頁面漏洞而造成A航空公司產生經濟損失。 除此之外,還可以根據該用戶在該蜜罐購票頁面的頁面存取資料,獲取該用戶的更多資料,例如用戶的社交資料,確定該用戶是否以此在進行非正常手段的售票行為,可以根據採集用戶的資料對用戶進行舉報,避免該用戶利用非正常的手段造成更多賣票方的損失。 通過引入蜜罐機制採集該用戶在該蜜罐購票頁面的頁面存取資料,可以有效的確定該購票頁面存在的頁面漏洞,在確定該頁面漏洞的情況下,可以對該頁面漏洞進行修復,避免產生更多的損失。 本發明提供的用戶購票行為檢測方法,通過對用戶在該購票頁面的頁面存取資料進行解析,確定該存取異常度,實現了初步對該用戶的購票行為進行檢測,並且在該存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,採用該購票行為檢測模型再次對該用戶的購票行為進行檢測,實現了可以準確的確定該用戶的購票行為,並且在對該用戶的購票行為進行檢測時是在用戶購票過程中進行的,做到了對用戶的購票行為進行無痕檢測,大大的減少了對用戶的購票流程的干擾,優化了用戶的體驗效果,同時引入蜜罐機制對存在非正常購票行為的用戶進行防控,可以有效的減少賣票方的經濟損失,並且可以對該購票頁面存在的漏洞進行修復,防止了其他非正常購票行為的用戶再次利用頁面漏洞進行虛假占座的情況發生。 下述結合圖式5,以本發明提供的用戶購票行為檢測方法在航空公司對乘客的購票行為進行檢測的應用為例,對該用戶購票行為檢測方法進行進一步說明。其中,圖5示出了本發明一實施例提供的一種用戶購票行為檢測方法的處理過程流程圖,具體步驟包括步驟502至步驟528。 步驟502:採集乘客P在飛機票購票頁面的頁面存取資料。 具體的,乘客P需要在飛機票購票頁面購買一張飛機票; 基於此,乘客P在購票頁面進行購票操作產生頁面存取資料,承載飛機票購票頁面的平台為了防止出現虛假占座情況發生,會對每名乘客的購票行為進行檢測,通過採集乘客P的頁面存取資料,對乘客P的購票行為進行檢測。 步驟504:通過對頁面存取資料進行解析,獲得乘客P在飛機票購票頁面的行為鏈。 具體的,乘客P在飛機票購票頁面進行購票飛機票,需要經過一系列的購票流程; 基於此,根據乘客P的在飛機票購票頁面的操作資料,確定乘客P在飛機票購票頁面的行為鏈。 步驟506:提取行為鏈中乘客P存取的購票節點以及在購票節點的存取時間。 具體的,通過上述確定的行為鏈,進一步的提取行為鏈中乘客P在飛機票購票頁面存取的購票節點,以及存取每個購票節點的存取時間。 步驟508:基於購票節點和存取時間計算乘客P在飛機票購票頁面的存取異常度。 具體的,根據在行為鏈中提取的購票節點和存取時間,計算乘客P在購票節點的存取節點概率,以及乘客P在購票節點的存取時間概率; 基於此,計算存取節點概率和存取時間概率二者的乘積,作為乘客P在飛機票購票頁面的存取異常度。 步驟510:將存取異常度輸入至飛機票購票頁面對應的存取異常衡量函數進行計算,獲得乘客P的存取異常衡量數值。 具體的,飛機票購票頁面對應的存取異常衡量函數為計算平均值函數,通過將乘客P在飛機票購票頁面的存取異常度作為變量輸入至存取異常衡量函數,根據計算結果確定乘客P的存取異常衡量數值。 步驟512:判斷存取異常衡量數值是否小於衡量閾值;若否,執行步驟514;若是,執行步驟520。 具體的,根據上述通過存取異常衡量函數計算獲得的乘客P的存取異常衡量數值,再判斷存取異常衡量數值是否小於飛機票購票頁面預設的衡量閾值。 步驟514:對乘客P進行二次驗證。 具體的,確定乘客P的存取異常衡量數值大於等於飛機票購票頁面預設的衡量閾值,說明乘客P可能存在虛假占座情況; 基於此,通過將飛機票購票頁面跳轉至二次驗證頁面對乘客P進行二次驗證。 步驟516:判斷乘客P是否通過二次驗證;若否,執行步驟518;若是,執行步驟520。 步驟518:將乘客P加入非正常乘客名單。 具體的,在乘客P未通過二次驗證的情況下,說明乘客P可能存在非正常購票行為,將乘客P加入非正常乘客名單,限制乘客P在飛機票購票頁面購票飛機票。 步驟520:將乘客P的頁面存取資料輸入至購票行為檢測模型。 具體的,初步確定乘客P的購票行為是正常行為,則將乘客P的頁面存取資料輸入至購票行為檢測模型,對乘客P的購票行為進行進一步的檢測。 步驟522:獲得購票行為檢測模型輸出的購票行為檢測結果。 步驟524:在購票行為檢測結果為非正常的情況下,將乘客P加入非正常乘客名單,並從飛機票購票頁面跳轉至蜜罐購票頁面。 具體的,在購票行為檢測結果為非正常的情況下,說明乘客P的購票行為是非正常的,可能存在虛假占座的情況; 基於此,將乘客P加入非正常乘客名單,限制乘客P在飛機票購票頁面購票飛機票,同時採用蜜罐機制將乘客P所處的飛機票購票頁面跳轉至蜜罐購票頁面。 步驟526:採集乘客P在蜜罐購票頁面的頁面存取資料,根據頁面存取資料確定飛機票購票頁面的頁面漏洞。 具體的,採集乘客P在蜜罐購票頁面的頁面存取資料,通過對蜜罐購票頁面的頁面存取資料進行解析,確定乘客P利用的頁面漏洞; 基於此,根據乘客P利用的頁面漏洞確定飛機票購票頁面的頁面漏洞。 步驟528:基於頁面漏洞對飛機票購票頁面進行修復。 本發明提供的用戶購票行為檢測方法,通過對乘客在飛機票購票頁面的頁面存取資料進行解析,確定乘客存取異常度,實現了初步對乘客的購票行為進行檢測,並且在存取異常衡量數值小於衡量閾值的情況下,採用購票行為檢測模型再次對乘客的購票行為進行檢測,實現了可以準確的確定乘客的購票行為,並且在對乘客的購票行為進行檢測時是在乘客購票過程中進行的,做到了對乘客的購票行為進行無痕檢測,大大的減少了對乘客的購票流程的干擾,優化了乘客的體驗效果,同時引入蜜罐機制對存在非正常購票行為的乘客進行防控,可以有效的減少售賣飛機票的售票方的經濟損失,並且可以對飛機票購票頁面存在的漏洞進行修復,防止了其他非正常購票行為的乘客再次利用頁面漏洞進行虛假占座的情況發生。 與上述方法實施例相對應,本發明還提供了用戶購票行為檢測裝置實施例,圖6示出了本發明一實施例提供的一種用戶購票行為檢測裝置的結構示意圖。如圖6所示,該裝置包括: 採集模組602,被配置為採集用戶在購票頁面的頁面存取資料; 確定模組604,被配置為通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 計算模組606,被配置為將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 檢測模組608,被配置為在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 一個可選的實施例中,該確定模組604,包括: 解析單元,被配置為通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈; 提取單元,被配置為在該行為鏈中提取該用戶存取的購票節點以及在該購票節點的存取時間; 計算單元,被配置為基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度。 一個可選的實施例中,該用戶購票行為檢測裝置,還包括: 跳轉模組,被配置為在該購票行為檢測結果為非正常的情況下,將該用戶添加至非正常用戶名單,採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面; 採集頁面存取資料模組,被配置為採集該用戶在該蜜罐購票頁面的頁面存取資料; 確定頁面漏洞模組,被配置為通過對該用戶在該蜜罐購票頁面的頁面存取資料進行解析,確定該購票頁面的頁面漏洞; 修復模組,被配置為基於該頁面漏洞對該購票頁面進行修復。 一個可選的實施例中,該用戶購票行為檢測裝置,還包括: 二次驗證模組,被配置為在計算獲得的該存取異常衡量數值大於或等於該衡量閾值的情況下,將該購票頁面跳轉至驗證頁面,對該用戶的購票行為進行二次驗證; 在該用戶未通過該二次驗證的情況下,運行添加模組; 該添加模組,被配置為將該用戶添加至購票行為異常名單; 在該用戶通過該二次驗證的情況下,運行該檢測模組608。 一個可選的實施例中,該購票行為檢測模型通過如下單元進行訓練: 採集歷史資料單元,被配置為採集歷史用戶在該購票頁面的歷史頁面存取資料以及歷史購票行為結果; 添加標簽單元,被配置為對該歷史頁面存取資料對應的歷史購票行為結果添加行為標簽,將添加該行為標簽的歷史購票行為結果以及對應的歷史頁面存取資料作為訓練樣本; 訓練購票行為檢測模型單元,被配置為將該訓練樣本輸入至基於該歷史頁面存取資料與該歷史購票行為結果的關聯關係構建的購票行為檢測模型進行訓練,獲得該購票行為檢測模型。 一個可選的實施例中,該用戶購票行為檢測裝置,還包括: 確定購票帳戶模組,被配置為根據該頁面存取資料確定該用戶的購票帳戶; 檢測購票記錄模組,被配置為檢測該購票帳戶中的購票記錄,確定該用戶在購票時間內的購票數目; 凍結購票帳戶模組,被配置為在該購票時間小於預設的時間閾值並該購票數目大於預設的數目閾值的情況下,凍結該購票帳戶。 一個可選的實施例中,該購票維度預設的衡量閾值通過如下單元確定: 獲取歷史存取異常衡量數值單元,被配置為獲取歷史用戶在該購票維度的歷史存取異常衡量數值; 計算衡量閾值單元,被配置為計算該歷史存取異常衡量數值的平均值作為該購票維度預設的衡量閾值。 一個可選的實施例中,該計算單元,包括: 第一確定子模組,被配置為根據該頁面存取資料確定該用戶點擊的購票節點的第一節點數目,以及確定在該行為鏈中提取的該用戶存取的購票節點的第二節點數目; 計算存取節點概率子模組,被配置為計算該第一節點數目與該第二節點數目二者的比值,確定為該用戶的存取節點概率; 第二確定子模組,被配置為根據該頁面存取資料確定該用戶開啟該購票頁面的時間以及該用戶支付購票金額的時間; 第三確定子模組,被配置為基於該開啟該購票頁面的時間以及該用戶支付購票金額的時間確定該用戶購票的總時間,以及該用戶存取該購票節點的存取總時間; 計算存取時間概率子模組,被配置為計算該總時間與該存取總時間二者的比值,確定為該用戶的存取時間概率; 確定存取異常度子模組,被配置為將該存取節點概率以及該存取時間概率進行乘積,根據乘積結果確定該存取異常度。 一個可選的實施例中,該採集模組602,包括: 嵌入資料採集包單元,被配置為通過在承載該購票頁面的平台嵌入資料採集包,在承載該購票頁面的平台創建資料採集介面; 調用採集介面單元,被配置為通過調用該資料採集介面採集該頁面存取資料。 一個可選的實施例中,該確定模組604,包括: 讀取數目單元,被配置為讀取該頁面存取資料中包含的頁面點擊資料、頁面存取時間資料以及頁面跳轉資料; 確定單元,被配置為根據該頁面點擊資料確定該用戶點擊該購票頁面的點擊次數,根據該頁面存取時間資料確定該用戶在該購票頁面的停留時間,以及根據該頁面跳轉資料確定該用戶在該購票頁面的跳轉次數; 計算乘積單元,被配置為計算該點擊次數與預設的點擊權重係數二者的乘積,該停留時間與預設的時間權重係數二者的乘積,以及該跳轉次數與預設的跳轉權重係數二者的乘積; 確定存取異常度單元,被配置為將乘積結果進行求和,並計算求和結果與預設的存取異常標準值二者的比值,作為該存取異常度。 本發明提供的用戶購票行為檢測裝置,通過對用戶在該購票頁面的頁面存取資料進行解析,確定該存取異常度,實現了初步對該用戶的購票行為進行檢測,並且在該存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,採用該購票行為檢測模型再次對該用戶的購票行為進行檢測,實現了可以準確的確定該用戶的購票行為,並且在對該用戶的購票行為進行檢測時是在用戶購票過程中進行的,做到了對用戶的購票行為進行無痕檢測,大大的減少了對用戶的購票流程的干擾,優化了用戶的體驗效果,同時引入蜜罐機制對存在非正常購票行為的用戶進行防控,可以有效的減少賣票方的經濟損失,並且可以對該購票頁面存在的漏洞進行修復,防止了其他非正常購票行為的用戶再次利用頁面漏洞進行虛假占座的情況發生。 上述為本實施例的一種用戶購票行為檢測裝置的示意性方案。需要說明的是,該用戶購票行為檢測裝置的技術方案與上述的用戶購票行為檢測裝置方法的技術方案屬於同一構思,用戶購票行為檢測裝置的技術方案未詳細描述的細節內容,均可以參見上述用戶購票行為檢測裝置方法的技術方案的描述。 圖7示出了根據本發明一實施例提供的一種計算設備700的結構方塊圖。該計算設備700的部件包括但不限於記憶體710和處理器720。處理器720與記憶體710通過匯流排730相連接,資料庫750用於保存資料。 計算設備700還包括接入設備740,接入設備740使得計算設備700能夠經由一個或多個網路760通信。這些網路的示例包括公用交換電話網(PSTN)、區域網路(LAN)、廣域網路(WAN)、個人區域網路(PAN)或諸如網際網路的通信網路的組合。接入設備740可以包括有線或無線的任何類型的網路介面(例如,網路介面卡(NIC))中的一個或多個,諸如IEEE802.11無線區域網路(WLAN)無線介面、全球微波互聯接入(Wi-MAX)介面、以太網介面、通用串行匯流排(USB)介面、蜂巢式網路介面、藍牙介面、近場通信(NFC)介面,等等。 在本發明的一個實施例中,計算設備700的上述部件以及圖7中未示出的其他部件也可以彼此相連接,例如通過匯流排。應當理解,圖7所示的計算設備結構方塊圖僅僅是出於示例的目的,而不是對本發明範圍的限制。本領域技術人員可以根據需要,增添或替換其他部件。 計算設備700可以是任何類型的靜止或行動計算設備,包括行動電腦或行動計算設備(例如,平板電腦、個人數位助理、筆記型電腦、筆記本電腦、輕省筆電等)、行動電話(例如,智慧型手機)、可佩戴的計算設備(例如,智慧型手錶、智慧型眼鏡等)或其他類型的行動設備,或者諸如台式電腦或PC的靜止計算設備。計算設備700還可以是行動式或靜止式的伺服器。 其中,處理器720用於執行如下電腦可執行指令: 採集用戶在購票頁面的頁面存取資料; 通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 本發明一實施例還提供一種電腦可讀取儲存媒體,其儲存有電腦指令,該指令被處理器執行時以用於: 採集用戶在購票頁面的頁面存取資料; 通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。 上述為本實施例的一種電腦可讀取儲存媒體的示意性方案。需要說明的是,該儲存媒體的技術方案與上述的用戶購票行為檢測裝置方法的技術方案屬於同一構思,儲存媒體的技術方案未詳細描述的細節內容,均可以參見上述用戶購票行為檢測裝置方法的技術方案的描述。 上述對本發明特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多任務處理和並行處理也是可以的或者可能是有利的。 該電腦指令包括電腦程式碼,該電腦程式碼可以為原始碼形式、目的碼形式、可執行文件或某些中間形式等。該電腦可讀取媒體可以包括:能夠攜帶該電腦程式碼的任何實體或裝置、記錄媒體、隨身碟、行動硬碟、磁碟、光碟、電腦記憶體、唯讀記憶體(ROM,Read-Only Memory)、隨機存取記憶體(RAM,Random Access Memory)、電載波信號、電信信號以及軟體分發媒體等。需要說明的是,該電腦可讀取媒體包含的內容可以根據司法管轄區內立法和專利實踐的要求進行適當的增減,例如在某些司法管轄區,根據立法和專利實踐,電腦可讀取媒體不包括電載波信號和電信信號。 需要說明的是,對於前述的各方法實施例,為了簡便描述,故將其都表述為一系列的動作組合,但是本領域技術人員應該知悉,本發明並不受所描述的動作順序的限制,因為依據本發明,某些步驟可以採用其它順序或者同時進行。其次,本領域技術人員也應該知悉,說明書中所描述的實施例均屬於較佳實施例,所涉及的動作和模組並不一定都是本發明所必須的。 在上述實施例中,對各個實施例的描述都各有側重,某個實施例中沒有詳述的部分,可以參見其它實施例的相關描述。 以上公開的本發明較佳實施例只是用於幫助闡述本發明。可選實施例並沒有詳盡敘述所有的細節,也不限制該發明僅為所述的具體實施方式。顯然,根據本發明的內容,可作很多的修改和變化。本發明選取並具體描述這些實施例,是為了更好地解釋本發明的原理和實際應用,從而使所屬技術領域技術人員能很好地理解和利用本發明。本發明僅受申請專利範圍及其全部範圍和等效物的限制。In the following description, many specific details are explained in order to fully understand the present invention. However, the present invention can be implemented in many other ways different from those described herein, and those skilled in the art can make similar popularizations without violating the connotation of the present invention. Therefore, the present invention is not limited by the specific implementation disclosed below. The terms used in one or more embodiments of the present invention are only for the purpose of describing specific embodiments, and are not intended to limit one or more embodiments of the present invention. The singular forms "a", "said" and "the" used in one or more embodiments of the present invention and the scope of the appended patent application are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" used in one or more embodiments of the present invention refers to and includes any or all possible combinations of one or more associated listed items. It should be understood that although the terms first, second, etc. may be used to describe various information in one or more embodiments of the present invention, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of the present invention, the first may also be referred to as the second, and similarly, the second may also be referred to as the first. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to certainty". First, the terminology involved in one or more embodiments of the present invention will be explained. Honeypot mechanism: In essence, it is a technology to deceive the attacker. By arranging some hosts, network services or information as bait, the attacker can be induced to attack them, so that the attack behavior can be captured and analyzed to understand The tools and methods used by the attacker to speculate the intention and motivation of the attack can allow the defender to clearly understand the security threats they are facing, and use technology and management methods to enhance the security protection capabilities of the actual system. In the present invention, a method for detecting user ticket purchase behavior is provided. The present invention also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments. . The following describes the method for detecting user ticket purchase behavior provided by the present invention with reference to Figure 1, Figure 2, Figure 3, and Figure 4. Fig. 1 shows a flow chart of a method for detecting user ticket purchase behavior according to an embodiment of the present invention; Fig. 2 shows the collection of page access data in a method for user ticket purchase behavior detection according to an embodiment of the present invention A schematic diagram of the process; FIG. 3 shows a schematic diagram of a behavior chain in a method for detecting user ticket purchase behaviors according to an embodiment of the present invention; FIG. 4 shows a method for detecting user ticket purchase behaviors according to an embodiment of the present invention A schematic diagram of the process of calculating the access anomaly measurement value in the method; wherein FIG. 2 includes FIG. 2 (a) and FIG. 2 (b), and FIG. 1 includes step 102 to step 108. Step 102: Collect user access data on the ticket purchase page. In an embodiment of the present invention, the ticket purchase page may be a ticket purchase page for air travel tickets, a ticket purchase page for competition tickets, a ticket purchase page for tourist attractions tickets, or a ticket purchase page for concert tickets, etc., correspondingly The page access data can be the access data of the user accessing the ticketing page for selling air travel tickets, the user accessing the access data of the ticketing page selling competition tickets, and the user accessing the ticketing page selling tourist attractions tickets. The access data of the user or the access data of the user's access to the ticket purchase page for selling concert tickets; wherein the access data may be the number of clicks, browsing time, and number of tickets purchased by the user on the corresponding ticket purchase page. For example, if a user purchases a train ticket from location A to location B on a webpage selling train tickets, it can be determined that the information of the ticket purchased by the user is from location A to location B, the user's identity information, the time it takes for the user to purchase the ticket on webpage A, and the user The content browsed on the A webpage is the user's access to the information on the A webpage. Here, taking the ticket purchase page as the plane ticket purchase page as an example, the user's ticket purchase behavior detection method is described. Based on this, in the process of purchasing the plane ticket through the plane ticket purchase page, in order to prevent the user from being An abnormal user who falsely occupies a seat needs to conduct real-time detection of the user’s ticket purchase behavior. In this process, the user will set the verification interface during the purchase of air tickets to prevent the user from falsely occupying the seat through the software, which can make Users who really need tickets buy air tickets. It can be seen that the user's ticket purchase behavior is detected during the user's ticket purchase process, so that the user can purchase the required air ticket, and in this process, the user's ticket purchase behavior is effectively verified Has a very important role. The method for detecting user ticket purchase behavior provided by the present invention can save the verification process of ticket purchase behavior in the process of purchasing air tickets, and can also prevent and control the false seat occupation. The page access data of the flight ticket page is analyzed to obtain the user's access anomaly degree on the plane ticket purchase page. By inputting the access anomaly degree into the access anomaly measurement function to calculate the access to the airport, the user can be preliminarily judged Whether it is a normal ticket purchase behavior in the process of purchasing air tickets, and when the user is a normal ticket purchase behavior, the ticket purchase behavior detection model is used to further detect the user's ticket purchase behavior, so that the user can be accurately determined The behavior state of the purchase of air tickets, thereby realizing the seamless detection of the user's purchase of air tickets, verifying the user's ticket purchase behavior without disturbing the user's purchase of air tickets, and avoiding false seat occupations. This leads to the occurrence of unsalable air tickets, which saves time for users in the process of purchasing air tickets, and saves manpower and material resources for the seller who sells air tickets. In one or more implementations of this embodiment, the user's page access data on the ticket purchase page is collected. The specific implementation is as follows: By embedding a data collection package on the platform that hosts the ticket purchase page, The platform of the ticket page creates a data collection interface; by calling the data collection interface, the page access data is collected. Specifically, in order to obtain sufficiently accurate page access data of the user, by embedding a data collection package on the platform that carries the ticket purchase page, and the data collection package is mounted to the platform, the user’s page access data can be automatically collected The data collection package can be in SDK (Software Development Kit) format or js (JavaScript) code snippets. The platform will automatically call the data collection interface when the user purchases the ticket through the ticket purchase page , That is, through the collection function corresponding to the embedded data collection package, the user's page access data is collected. In specific implementation, after embedding the data collection package into the platform of the ticket purchase page, the data collection package needs to be decompressed to obtain the code snippets in the data collection package, and then load the code snippets to the ticket purchase page. On the development side of, you can automatically collect page access data on the ticket purchase page. In actual applications, see Figure 2. Figure 2(a) is a schematic diagram of the ticket purchase page for the user to purchase a ticket. It can be determined that the user needs to add the information of the ticket purchaser first, and fill in the ticket purchase information in the user During the process, the ticket purchase page will obtain the user's page access data on the ticket purchase page according to the code corresponding to the data collection interface running in the background. The code corresponding to the page access data collected through the data collection interface is shown in Figure 2 ( As shown in b), according to the content shown in Figure 2(b), it can be determined that the user starts to input the certificate number at the coordinates (1182, 273) on the ticket purchase page, time: 4068, and the certificate number is 1, 8.... By embedding the data collection package on the platform of the ticket purchase page, the ticket purchase page can automatically collect the user's page access data on the ticket purchase page in real time, which improves the efficiency of the user's ticket purchase behavior detection. On the basis of the above collection of the page access data, further, in one or more implementations of this embodiment, the user's ticket purchase account can be preliminarily tested, and in the case of an abnormality in the ticket purchase account , The ticket purchase account can be frozen, and the specific implementation methods are as follows: Determine the user's ticket purchase account according to the page access data; Check the ticket purchase record in the ticket purchase account to determine the user’s ticket purchase time The number of tickets purchased; in the case that the time for purchasing tickets is less than the preset time threshold and the number of tickets purchased is greater than the preset number threshold, freeze the ticket purchasing account. Specifically, through the page access data, determine the user's ticket purchase account logged in the ticket purchase page, detect the ticket purchase record in the ticket purchase account, determine the number of tickets purchased by the user during each ticket purchase time, and pass judgment Whether the ticket purchase time is less than the time threshold, and whether the number of tickets purchased is greater than the number threshold, to determine whether the user's ticket purchase behavior is an abnormal behavior. If the user’s ticket purchase time is less than the time threshold, and the number of tickets purchased is greater than the number threshold, it means that the user may have purchased tickets in an abnormal way, such as a large-scale ticket occupancy through software. At this time, the user’s purchase can be determined. The ticket account may be an account used by abnormal users to occupy tickets. The ticket purchasing account can be frozen. The freezing of the ticket purchasing account specifically refers to prohibiting the ticket purchasing account from purchasing tickets again and reminding the user to freeze the time. Based on this, only when the user's ticket purchase time is less than the time threshold, and the number of tickets purchased is greater than the number threshold, and the two comparison processes are satisfied at the same time, can it be explained that the user's ticket purchase account is abnormal, and in other cases , Can indicate that the user’s ticket purchase account is normal. In actual application, take ticket purchasing account A to purchase 5 plane tickets through webpage B as an example to describe whether there is any abnormal behavior in the ticket purchasing account. Among them, the ticket purchasing account A is the user A through the air ticket sales page of webpage B. , User B, User C, User D, and User E purchased 5 air tickets from city A to city B, which took 30 seconds. The time threshold set by web page B is 5 minutes, and the number threshold is 3 air tickets. Through comparison, it is determined that the ticket purchase account A is an abnormal ticket purchase behavior, and it can be preliminarily determined that the ticket purchase account A is suspected of occupying a seat, and the ticket purchase account A will be frozen and no further ticket purchases will be made. By checking the ticket purchase record in the user's ticket purchase account, it can be determined whether the user's ticket purchase account has been abnormally purchased tickets, and if so, the ticket purchase account will be frozen in time , To prevent users from continuing to use the ticket purchase account to conduct abnormal ticket purchases, so that the interests of the ticket seller are effectively protected. In addition, after the ticket purchase account is frozen, if the user has objections, the ticket purchase account can be unfrozen by negotiating with the manual customer service, but the premise is that the user needs to provide valid proof, such as providing the ticket purchaser Only when the user has a copy of the ID card or the user's face recognition is performed to confirm that the user has no problem, the ticket purchase account can be unfrozen. Step 104: Determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data. Specifically, according to the page access data collected above, further, by analyzing the page access data, the user’s access abnormality on the ticket purchase page is determined. The access abnormality refers specifically to the user’s access to the ticket page. During the ticket purchase process on the ticket purchase page, there is an abnormal probability of access. For example, the ticket purchase time is about 300 seconds under normal circumstances, but the user actually bought the ticket for 30 seconds, then the user’s deposit on the ticket purchase page Take the degree of abnormality as 1-(30/300)*100%=90%. In one or more implementations of this embodiment, the user’s access abnormality can be determined in the following ways: By analyzing the page access data, the user’s behavior chain on the ticket purchase page is obtained; The ticket purchasing node accessed by the user and the access time at the ticket purchasing node are extracted from the chain; the access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree. Specifically, on the basis of the page access data collected above, the page access data is further analyzed to obtain the user's behavior chain on the ticket purchase page. The behavior chain specifically refers to the user's behavior chain on the purchase page. The ticket page is a link composed of behaviors generated during the ticket purchase process. The behavior chain contains information such as the user's access path and the user's access time, and then extracts the user's access to the ticket page in the behavior chain The ticket purchasing node and the access time of the user at the ticket purchasing node are calculated based on the ticket purchasing node and the access time, and the user's access abnormality degree is determined according to the calculation result. Based on this, the ticket purchase node is a node that the user needs to pass through in the process of purchasing a ticket on the ticket purchase page, that is, the user's activity point. First, predict the ticket purchase nodes that the user needs to pass through during the ticket purchase process to obtain the user's predicted ticket purchase sequence, and then determine the ticket purchase node that the user has accessed according to the user's page access data, determine the user's actual ticket purchase sequence, and finally Based on the actual ticket purchase sequence, the predicted ticket purchase sequence is adjusted, and the ticket purchase node that the user is unlikely to appear in the predicted ticket purchase sequence is deleted to obtain the behavior chain. Refer to Figure 3 for a structural diagram of the behavior chain, where the quadrilateral represents the stay time (access time) of the user at the activity point (ticket purchasing node), and the circle represents the activity point for user access. Refer to Figure 3 to see that the user is in the activity The stay time of point 1 is 15s, the stay time of the user at activity point 2 is 20s, and the stay time of the user at activity point 3 is 25s..., and so on, determine the ticket purchase node accessed by the user on the ticket purchase page And access time. Based on the above extraction of the ticket purchasing node accessed by the user and the access time of the ticket purchasing node, further, in one or more implementations of this embodiment, the first method of calculating the access abnormality degree The implementation is as follows: Determine the number of the first node of the ticket purchasing node clicked by the user according to the page access data, and determine the number of the second node of the ticket purchasing node accessed by the user extracted from the behavior chain; calculate the The ratio of the number of the first node to the number of the second node is determined as the user's access node probability; according to the page access data, determine the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount ; Determine the total time for the user to purchase tickets based on the time when the ticket purchase page is opened and the time when the user pays the amount of the ticket purchase, and the total time for the user to access the ticket purchase node; calculate the total time and the deposit The ratio of the total time is determined as the access time probability of the user; the access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result. Specifically, the number of the first node of the ticket purchase node clicked by the user is determined according to the page access data, and the number of the first node is the number of the ticket purchase node that the user has clicked on, and at the same time, the number of user accesses extracted from the behavior chain is determined The second node number of the node, the second node number is the number of ticket purchasing nodes that the user has accessed, and the ratio of the first node number to the second node number is calculated to determine the user's access node probability, The access node probability specifically refers to the ratio of the number of ticket purchasing nodes opened and accessed by the user to the total number of ticket purchasing nodes clicked by the user, which is the access node probability; according to the page access data, it is determined that the user enters the purchase The time of the ticket page and the time when the user pays the ticket amount for the ticket purchase. By subtracting the time of entering the ticket page from the time of paying the ticket amount, it is determined that the user is in the process of this ticket purchase At the same time, sum up the user’s access time at each ticketing node during this ticket purchase process to determine the user’s total access time. Based on this, calculate the total time and the deposit The ratio of the total time is taken as the access time probability of the user accessing the ticket purchase page; based on the above calculations, the access node probability and the access time probability are calculated by calculating the access node probability and the memory The product of the two time probabilities is taken, and the result of the product is taken as the access abnormality degree. In specific implementation, the access node probability is specifically used to describe the probability that the user accesses the ticket purchasing node on the ticket purchasing page, and the access time probability is specifically used to describe the user access to the ticket purchasing page. The probability that the ticket node spends time abnormally. By combining the time dimension and behavior dimension to calculate the user’s access abnormality on the ticket purchase page, it is possible to more accurately determine whether the user is an abnormal user, and the access abnormality can more reflect the use of the user Ticket purchase behavior. On the basis of the above-mentioned extraction of the ticket purchasing node accessed by the user and the access time of the ticket purchasing node, further, in one or more implementations of this embodiment, the second type of access abnormality is calculated The implementation method is as follows: Read the page click data, page access time data and page jump data contained in the page access data; According to the page click data, determine the number of clicks that the user clicks on the ticket purchase page, and save according to the page Take time data to determine the user’s stay time on the ticket purchase page, and determine the number of jumps of the user on the ticket purchase page according to the page jump data; calculate the product of the number of clicks and the preset click weight coefficient, The product of the dwell time and the preset time weight coefficient, and the product of the number of jumps and the preset jump weight coefficient; sum the product results, and calculate the sum result and the preset storage The ratio of the two abnormal standard values is taken as the access abnormality degree. Specifically, according to the collected page access data, further, read the page click data, the page access time data, and the page jump data contained in the page access data, where the page click data is specifically Refers to the number of times the user clicks on the ticket purchase page. The page access time data specifically refers to the total time the user has accessed the ticket purchase page. The page jump data specifically refers to the user jumped to purchase during the ticket purchase process on the ticket purchase page. The number of sub-pages contained in the ticket page; the number of clicks the user clicks on the ticket purchase page is determined according to the page click data, the user’s stay time on the ticket page is determined according to the page access time data, and the page jumps to the data Determine the number of jumps of the user on the ticket purchase page; preset weight coefficients corresponding to the page click data, page access time data, and page jump data on the ticket purchase page; based on this, calculate the number of clicks and the page The product of the click weight coefficient corresponding to the click data dimension, and the calculation result is used as the first calculation result. The first calculation result is used to indicate the weight value of the click data dimension on the page; calculate the dwell time and the page access The product of the two time weight coefficients corresponding to the time data dimension, and the calculation result is used as the second calculation result. The second calculation result is used to indicate the weight value of the time data dimension when the page is accessed; calculate the number of jumps and the page The product of the two jump weight coefficients corresponding to the jump data dimension, the calculation result is used as the third calculation result, and the third calculation result is used to indicate the weight value of the page jump dimension; The second calculation result and the third calculation result are summed, and the sum result is divided by the access abnormality standard value, and the result is regarded as the access abnormality degree. The access abnormality standard value can be collected by collecting a large number of historical users For data of different dimensions, the weight values in different dimensions are determined according to the above calculation process, and after the weight values are summed, the average value of the sum of the weight values of a large number of historical users is calculated as the access abnormal standard value. The abnormal standard value can be set according to actual application scenarios, and the present invention does not make any limitation here. In order to be able to predict the user’s ticket purchase behavior more accurately in the follow-up, by reading the page click data, page access time data and page jump data contained in the page access data, and respectively according to the page click data and the page The access time data and the page jump data are used to calculate the weight value to calculate the user's access abnormality. In the subsequent process of detecting the user's ticket purchase behavior, the user's ticket purchase behavior can be determined more accurately. Step 106: Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation. Specifically, on the basis of the above determination of the user's access abnormality degree on the ticket purchase page, further, the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs is determined, and the ticket purchase dimension specifically refers to Ticket purchase scenarios for different types of ticket purchases. For example, if a user purchases a train ticket on the train ticket purchase page, the access anomaly measurement function in the train ticket purchase dimension will be determined; based on this, the access anomaly degree is entered into The access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs is calculated on the user's access anomaly degree according to the access anomaly measurement function, and the access anomaly measurement value is determined. In specific implementation, the access anomaly measurement function corresponding to the ticket purchase dimension can be the MAX function, MIN function, or AVG function; the maximum value of the access anomaly measurement value can be calculated by the MAX function, and the MIN function can be used to calculate the The minimum value of the access anomaly measurement value or the average value of the access anomaly measurement value calculated by the AVG function; the access anomaly measurement function corresponding to the ticket purchase dimension can be set according to actual application scenarios, and the present invention does not do it here Any restrictions. For example, a flight to C place sold n tickets, n is the value corresponding to the seat ticket. In order to avoid the occurrence of false seat occupation, the airline needs to calculate the ticket purchase of each ticket corresponding to the purchase user Behavior, by collecting the ticket purchase data of each ticket user, determine the access anomaly degree of each ticket user, and input the access anomaly degree of each user into the access anomaly measurement function Hn corresponding to the plane ticket purchase dimension =AVG 0<n<m (P1, P2, Pn...Pm); where Hn represents the access anomaly measurement value of each user, P1, P2, Pn...Pm represents the access anomaly degree of each user, using AVG The function calculates the average value of the user's access anomaly measurement value. See Figure 4, which shows a schematic diagram of the process of calculating the access anomaly measurement value. The access anomaly measurement function Hn is used to calculate each user's access anomaly measurement value H1, H2. ,...Hn, and then determine whether each user has false seat occupation according to the subsequent processing process. On the basis of calculating the access anomaly measurement value through the access anomaly measurement function corresponding to the ticket purchase dimension, further, in one or more implementations of this embodiment, the calculated access anomaly The measurement value is compared with the preset measurement threshold. When the calculated access anomaly measurement value is greater than or equal to the measurement threshold, the user needs to be verified twice. The specific implementation is as follows: In the case that the access abnormality measurement value is greater than or equal to the measurement threshold, the ticket purchase page is redirected to the verification page, and the user's ticket purchase behavior is verified again; in the case that the user fails the second verification, Add the user to the list of abnormal ticket purchase behaviors; if the user passes the secondary verification, execute the page access data input into the ticket purchase behavior detection model to perform ticket purchase behavior detection, and obtain the output of the user's purchase behavior Ticket behavior detection result step. Specifically, the calculated access anomaly measurement value is compared with a preset measurement threshold. When the calculated access anomaly measurement value is greater than or equal to the measurement threshold, it indicates that the user's ticket purchase behavior exists If it is abnormal, the user needs to be verified twice. The second verification specifically refers to requesting the user to verify by jumping to the second verification page. The verification method can be to enter a verification code, and the second verification process needs to be completed manually by the user; Based on this, if the user fails the secondary verification, it means that the user’s ticket purchase behavior may be falsely occupying a seat, and the user is added to the list of abnormal ticket purchase behaviors. The abnormal list refers to a list created by a user who has not passed the verification in the case of the first verification; in the case of the user passing the second verification, it indicates that the user's ticket purchase behavior is normal, and the subsequent step 108 is sufficient. In addition, when the calculated access anomaly measurement value is greater than the measurement threshold, the user can be directly added to the list of abnormal ticket purchase behaviors, and the calculated access anomaly measurement value If it is equal to the measurement threshold, the user is verified for a second time, and the user's ticket purchase behavior is further verified by levels, so that the verification process becomes faster. For example, Airline A verifies the ticket purchase behavior of users X and Y to avoid false seat occupations. By collecting the ticket purchase data of users X and Y, it determines that user X’s access abnormality measurement value is 7. User Y's access abnormality measurement value is 9, where the measurement threshold is 8. According to the comparison, it is determined that user X's access abnormality measurement value is less than the measurement threshold. Then it can be determined that user X's ticket purchase behavior is initially judged to be normal, and subsequent ticket purchase Behavior verification is enough. User Y's access abnormality measurement value is greater than the measurement threshold. User Y needs to be verified twice. By jumping to the preset secondary verification interface, user Y is verified. If user Y passes verification Next, it means that user Y’s ticket purchase behavior is initially judged to be normal, and the subsequent ticket purchase behavior verification can be performed. If user Y fails the verification, it means that user Y’s ticket purchase behavior is initially judged to be abnormal , Add user Y to the list of abnormal ticket purchase behaviors. Before using the ticket purchasing behavior detection model to detect ticket purchasing behaviors, the user can be preliminarily judged whether the user’s ticket purchasing behavior is normal by verifying the user according to the user’s access anomaly measurement value, directly in the preliminary judgment The process can eliminate users with abnormal ticket purchase behaviors, avoiding the secondary verification of users who already have abnormal ticket purchase behaviors in the subsequent ticket purchase behavior detection process, which not only saves the user's ticket purchase behavior The detection time of the detection also saves the cost of the ticket seller in the verification process. Step 108: When the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold value of the ticket purchase dimension, enter the page access data into the ticket purchase behavior detection model to perform ticket purchase behavior detection to obtain The output of the user's ticket purchase behavior detection result. Specifically, on the basis of the above-mentioned access anomaly calculation using the access anomaly measurement function corresponding to the ticket purchase dimension, further, the access anomaly measurement value of the user is determined according to the access anomaly measurement function, and the location is abnormal. The measurement value is compared with the measurement threshold. When the calculated access abnormality measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, it indicates that the user’s ticket purchase behavior is preliminarily judged If the judgment result is passed, the page access data is input into the ticket purchase behavior detection model to further detect the user's ticket purchase behavior, and the ticket purchase behavior detection model outputs the user's ticket purchase behavior detection result. The result of the ticket purchase behavior detection includes normal ticket purchase by the user, abnormal ticket purchase by the user, and abnormal ticket purchase by the user; among them, the user's normal ticket purchase refers to the user's normal purchase of the required tickets through the ticket purchase page, and the user's abnormal ticket purchase is specifically Refers to the abnormal ticket purchase behavior when the user needs a ticket for normal purchase through the ticket purchase page. For example, the purchase speed of the ticket is too fast, which may cause the user to purchase the ticket abnormally. If the user purchases the ticket abnormally, the user can be The second verification is performed. If the verification is passed, it will not affect the user's ticket purchase. The user's abnormal ticket purchase specifically refers to the user's false seat occupation through the ticket purchase page through abnormal means. On the basis of comparing the access abnormality measurement value of the ticket purchase dimension obtained by the above calculation with the preset measurement threshold value of the ticket purchase dimension, further, in one or more implementation manners of this embodiment, the ticket purchase The preset measurement threshold of the dimension is determined by the following methods: Obtain the historical access abnormal measurement value of the historical user in the ticket purchase dimension; Calculate the average value of the historical access abnormal measurement value as the preset measurement threshold of the ticket purchase dimension. Specifically, before comparing the access anomaly measurement value, the measurement threshold of the ticket purchase dimension needs to be determined. Different ticket purchase dimensions correspond to different measurement thresholds. For the specific preset process, please refer to the following content. A large number of historical users on the ticket purchase page, collect the historical access abnormality measurement value of the large number of historical users in the ticket purchase dimension to which the ticket purchase page belongs, and take the average value of the historical access abnormality measurement value of a large number of historical users as the purchase The preset measurement threshold of the ticket dimension. In addition, the measurement threshold can also be preset through the feedback anonymous inquiry method. The feedback anonymous inquiry method is the expert survey method. Specifically, the platform that hosts the ticket purchase page forms a special forecasting agency. Including a number of experts and ticket purchase forecasters, according to the prescribed procedures, back-to-back consulting experts on the opinions and judgments of the ticket users, and then proceed to determine the measurement threshold method. Based on the above detection of the user's ticket purchase behavior through the ticket purchase behavior detection model, further, in one or more implementation manners of this embodiment, the ticket purchase behavior detection model is trained in the following manner: Collection history The user accesses information and historical ticket purchase behavior results on the historical page of the ticket purchase page; adds a behavior tag to the historical ticket purchase behavior result corresponding to the historical page access data, and adds the historical ticket purchase behavior result of the behavior tag and the corresponding The historical page access data of is used as a training sample; the training sample is input into the ticket purchasing behavior detection model constructed based on the correlation between the historical page access data and the historical ticket purchasing behavior result for training, to obtain the ticket purchasing behavior detection model . Specifically, the ticket purchase behavior detection model is a supervised learning model. Based on this, the historical page access data and the historical ticket purchase behavior results of the historical user on the ticket purchase page are collected, and the history corresponding to the historical page access data is collected. Add a behavior tag to the ticket purchase behavior result, and use the historical ticket purchase behavior result with the behavior tag and the corresponding historical page access data as the training sample. The training sample contains the historical page access data of each historical user and its corresponding The result of historical ticket purchase behavior, and the training sample is input to a ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the result of the historical ticket purchase behavior for training to obtain the ticket purchase behavior detection model. By adopting a supervised ticket purchasing behavior detection model to detect the user's ticket purchasing behavior, the accuracy of the user's ticket purchasing behavior is ensured, the occurrence of false seat occupations is reduced, and the sales are effectively reduced. Loss of the ticket party. On the basis of the above-mentioned obtaining the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model, further, in one or more implementations of this embodiment, when the ticket purchasing behavior detection result is abnormal, the If the user has false seat occupation, it means that the page vulnerability of the ticket purchase page needs to be repaired. The specific process of determining the page vulnerability is as follows: In the case that the detection result of the ticket purchase behavior is abnormal, add the user to the non- For the normal user list, use the honeypot mechanism to jump the ticket purchase page to the honeypot ticket purchase page; collect the user's page access data on the honeypot ticket purchase page; through the user's page on the honeypot ticket purchase page Access data is analyzed to determine the page vulnerability of the ticket purchase page; based on the page vulnerability, the ticket purchase page is repaired. Specifically, when the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model is abnormal, indicating that the user has false seat occupation, the user is added to the list of abnormal users, and the list of abnormal users is specifically Refers to the list that is determined by the platform hosting the ticket purchase page as an abnormal user to join, and the user who is added to the abnormal user list is not allowed to purchase tickets through the ticket purchase page within a set time; in the user's ticket purchase behavior If it is abnormal, it means that there is a page loophole in the ticket purchase page, which is exploited by the user, and the loophole in the page needs to be repaired. The honeypot mechanism is adopted to jump the ticket purchase page to the honeypot ticket purchase page, and the user's information is collected. The page access data of the honeypot ticket purchase page. By analyzing the page access data, it is possible to determine how the user hacked the ticket purchase page and how the user bypassed the prevention and control mechanism of the ticket purchase page. The page vulnerabilities in the ticket purchase page are fixed by fixing the page vulnerabilities used by the user to improve the prevention and control capabilities of the ticket purchase page. In specific implementation, the user may exploit the vulnerability of the page by cracking certain parts of the ticket purchase page. In this case, the cracked place can be further encrypted to prevent the user from cracking again. , Thereby avoiding the occurrence of false seat occupation. In practical applications, the above-mentioned airline A's detection of user Y's ticket purchase behavior through the ticket purchase behavior detection model is still used as an example to describe the process of fixing page vulnerabilities. Among them, the ticket purchase behavior is output from the ticket purchase behavior detection model. The detection result confirms that user Y’s ticket purchase behavior is abnormal, then user Y is added to the list of abnormal users set by Airline A, and user Y is not allowed to make purchases through Airline A’s ticket purchase page within 3 years. Tickets, and jump the ticket purchase page of Airline A to the honeypot ticket purchase page, collect the user's page access data on the honeypot ticket purchase page, and further determine the page loopholes in the Airline A ticket purchase page, through the page loopholes Carry out repairs to prevent other users from taking advantage of page loopholes to cause A airline to incur economic losses. In addition, you can also obtain more information of the user, such as the user's social information, based on the user's page access information on the honeypot ticket purchase page, and determine whether the user is using this to conduct abnormal ticket sales Behavior, the user can be reported based on the collected user information to avoid the user's use of abnormal means to cause more losses to the seller. By introducing the honeypot mechanism to collect the user's page access data on the honeypot ticket purchase page, the page vulnerability of the ticket purchase page can be effectively determined. If the page vulnerability is determined, the page vulnerability can be repaired , To avoid more losses. The user's ticket purchase behavior detection method provided by the present invention analyzes the user's page access data on the ticket purchase page to determine the degree of abnormal access, and realizes the preliminary detection of the user's ticket purchase behavior. When the access anomaly measurement value is less than the preset measurement threshold value of the ticket purchase dimension, the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user's ticket purchase behavior can be accurately determined. And when the user's ticket purchase behavior is detected, it is performed during the user's ticket purchase process, so that the user's ticket purchase behavior is seamlessly detected, which greatly reduces the interference to the user's ticket purchase process and optimizes The user experience effect, and the introduction of a honeypot mechanism to prevent and control users who have abnormal ticket purchase behaviors can effectively reduce the economic loss of the ticket seller, and can repair the loopholes in the ticket purchase page to prevent other Users who purchased tickets abnormally once again used page loopholes to falsely occupy seats. In the following, in conjunction with Figure 5, the user ticket buying behavior detection method provided by the present invention is used as an example in an airline to detect the passenger's ticket buying behavior to further illustrate the user ticket buying behavior detection method. 5 shows a process flow chart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present invention. The specific steps include step 502 to step 528. Step 502: Collect passenger P's access data on the page of the ticket purchase page. Specifically, passenger P needs to purchase an airplane ticket on the ticket purchase page; based on this, passenger P performs a ticket purchase operation on the ticket purchase page to generate page access data. The platform carrying the airplane ticket purchase page is to prevent false seat occupations. When a situation occurs, the ticket purchase behavior of each passenger will be detected, and the passenger P's ticket purchase behavior will be detected by collecting the page access data of the passenger P. Step 504: Obtain the behavior chain of passenger P on the ticket purchase page by analyzing the page access data. Specifically, when passenger P purchases air tickets on the air ticket purchase page, he needs to go through a series of ticket purchase procedures; based on this, according to the operating data of passenger P on the air ticket purchase page, it is determined that passenger P buys air tickets on the air ticket The behavior chain of the ticket page. Step 506: Extract the ticket purchasing node accessed by the passenger P in the behavior chain and the access time at the ticket purchasing node. Specifically, through the above-determined behavior chain, the ticket purchase nodes accessed by the passenger P on the plane ticket purchase page in the behavior chain are further extracted, as well as the access time for each ticket purchase node. Step 508: Calculate the access abnormality of the passenger P on the plane ticket purchase page based on the ticket purchase node and the access time. Specifically, according to the ticket purchasing node and access time extracted in the behavior chain, calculate the access node probability of passenger P at the ticket purchasing node, and the access time probability of passenger P at the ticket purchasing node; based on this, calculate the access The product of the node probability and the access time probability is used as the access anomaly degree of the passenger P on the plane ticket purchase page. Step 510: Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase page for calculation, and obtain the access anomaly measurement value of the passenger P. Specifically, the access anomaly measurement function corresponding to the airplane ticket purchase page is the calculation average function. By inputting the access anomaly degree of the passenger P on the airplane ticket purchase page as a variable to the access anomaly measurement function, it is determined according to the calculation result. Passenger P's access abnormality measurement value. Step 512: Determine whether the access abnormality measurement value is less than the measurement threshold; if not, go to step 514; if yes, go to step 520. Specifically, according to the access abnormality measurement value of the passenger P calculated by the access abnormality measurement function, it is determined whether the access abnormality measurement value is less than the measurement threshold value preset on the airplane ticket purchase page. Step 514: Perform a second verification on the passenger P. Specifically, it is determined that the access abnormality measurement value of passenger P is greater than or equal to the measurement threshold preset on the air ticket purchase page, indicating that passenger P may have false seat occupation; based on this, the air ticket purchase page is redirected to secondary verification The page performs a second verification on passenger P. Step 516: Determine whether the passenger P has passed the secondary verification; if not, go to step 518; if yes, go to step 520. Step 518: Add passenger P to the list of abnormal passengers. Specifically, in the case that the passenger P fails the second verification, it indicates that the passenger P may have an abnormal ticket purchase behavior, the passenger P is added to the abnormal passenger list, and the passenger P is restricted from buying air tickets on the air ticket purchase page. Step 520: Input the page access data of the passenger P into the ticket purchase behavior detection model. Specifically, if it is preliminarily determined that the passenger P's ticket purchase behavior is a normal behavior, the page access data of the passenger P is input into the ticket purchase behavior detection model, and the passenger P's ticket purchase behavior is further detected. Step 522: Obtain the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model. Step 524: When the result of the ticket purchase behavior is abnormal, the passenger P is added to the abnormal passenger list, and the ticket purchase page is jumped to the honeypot ticket purchase page. Specifically, in the case that the detection result of ticket purchase behavior is abnormal, it means that passenger P's ticket purchase behavior is abnormal, and there may be false seat occupation; based on this, passenger P is added to the list of abnormal passengers, and passenger P is restricted Tickets are purchased on the ticket purchase page, and at the same time, the honeypot mechanism is used to jump the ticket purchase page where passenger P is located to the honeypot purchase page. Step 526: Collect the page access data of the passenger P on the honeypot ticket purchase page, and determine the page loopholes of the plane ticket purchase page according to the page access data. Specifically, collect the page access data of passenger P on the honeypot ticket purchase page, and analyze the page access data of the honeypot ticket purchase page to determine the page vulnerability used by passenger P; based on this, according to the page used by passenger P Vulnerability Determines the page vulnerabilities of the airline ticket purchase page. Step 528: Repair the airplane ticket purchase page based on the page vulnerability. The method for detecting user ticket purchase behavior provided by the present invention analyzes the page access data of the passenger on the plane ticket purchase page to determine the abnormal degree of passenger access, realizes the preliminary detection of the passenger's ticket purchase behavior, and saves it. When the abnormality measurement value is less than the measurement threshold, the ticket purchase behavior detection model is used to detect the passenger's ticket purchase behavior again, so that the passenger's ticket purchase behavior can be accurately determined, and when the passenger's ticket purchase behavior is detected It is carried out during the passenger's ticket purchase process, which achieves the seamless detection of the passenger's ticket purchase behavior, greatly reduces the interference to the passenger's ticket purchase process, optimizes the passenger experience, and introduces a honeypot mechanism to prevent the existence of The prevention and control of passengers with abnormal ticket purchases can effectively reduce the economic losses of the ticket seller who sells air tickets, and can repair the loopholes in the air ticket purchase page to prevent other passengers with abnormal ticket purchases from recurring The use of page vulnerabilities to falsely occupy seats occurs. Corresponding to the foregoing method embodiments, the present invention also provides an embodiment of a user ticket purchase behavior detection device. FIG. 6 shows a schematic structural diagram of a user ticket purchase behavior detection device provided by an embodiment of the present invention. As shown in FIG. 6, the device includes: a collection module 602 configured to collect page access data of a user on a ticket purchase page; a determining module 604 configured to determine the page access data by analyzing the page access data The user's access anomaly degree on the ticket purchase page; the calculation module 606 is configured to input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; The detection module 608 is configured to input the page access data into the ticket purchasing behavior detection model when the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension. Ticket behavior detection, to obtain the output of the user's ticket purchase behavior detection results. In an optional embodiment, the determining module 604 includes: a parsing unit configured to obtain the user's behavior chain on the ticket purchase page by analyzing the page access data; the extracting unit is configured to Extract the ticket purchasing node accessed by the user and the access time at the ticket purchasing node from the behavior chain; the computing unit is configured to perform access abnormality calculation based on the ticket purchasing node and the access time, and calculate The result is the degree of abnormality of the access. In an optional embodiment, the user ticket purchase behavior detection device further includes: a jump module configured to add the user to the abnormal user list when the ticket purchase behavior detection result is abnormal, The honeypot mechanism is adopted to jump the ticket purchase page to the honeypot ticket purchase page; The page access data collection module is configured to collect the user's page access data on the honeypot ticket purchase page; Determine the page vulnerability module, It is configured to determine the page vulnerability of the ticket purchase page by analyzing the user's page access data on the honeypot ticket purchase page; the repair module is configured to repair the ticket purchase page based on the page vulnerability. In an optional embodiment, the user ticket purchase behavior detection device further includes: a secondary verification module, configured to: when the calculated access anomaly measurement value is greater than or equal to the measurement threshold The ticket purchase page jumps to the verification page to perform a second verification of the user's ticket purchase behavior; if the user fails the second verification, run the add module; the add module is configured to add the user To the list of abnormal ticket purchase behaviors; if the user passes the second verification, the detection module 608 is run. In an optional embodiment, the ticket purchase behavior detection model is trained by the following units: a historical data collection unit configured to collect historical user access data on the ticket purchase page and historical ticket purchase behavior results; add The label unit is configured to add a behavior tag to the historical ticket purchase behavior result corresponding to the historical page access data, and use the historical ticket purchase behavior result with the behavior tag added and the corresponding historical page access data as training samples; train ticket purchase The behavior detection model unit is configured to input the training sample into a ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket purchase behavior result for training, to obtain the ticket purchase behavior detection model. In an optional embodiment, the user ticket purchase behavior detection device further includes: a ticket purchase account determination module configured to determine the user's ticket purchase account based on the page access data; and a detection ticket purchase record module, It is configured to detect the ticket purchase record in the ticket purchase account and determine the number of tickets purchased by the user during the ticket purchase time; the freezing of the ticket purchase account module is configured to combine the ticket purchase time when the ticket purchase time is less than the preset time threshold If the number of tickets purchased is greater than the preset number threshold, the ticket purchasing account will be frozen. In an optional embodiment, the preset measurement threshold of the ticket purchase dimension is determined by the following units: The historical access abnormality measurement value unit is configured to obtain the historical access abnormality measurement value of the historical user in the ticket purchase dimension; The calculation threshold value unit is configured to calculate the average value of the historical access abnormality measurement value as the preset measurement threshold value of the ticket purchase dimension. In an optional embodiment, the calculation unit includes: a first determining sub-module configured to determine the number of the first node of the ticket purchase node clicked by the user according to the page access data, and to determine in the behavior chain The number of second nodes of the ticket purchasing node accessed by the user extracted from the user; the sub-module for calculating access node probability is configured to calculate the ratio of the number of the first node to the number of the second node, and determine it as the user The second determining submodule is configured to determine the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount according to the page access data; the third determining submodule is It is configured to determine the total time for the user to purchase tickets based on the time when the ticket purchase page is opened and the time when the user pays for the ticket purchase amount, and the total access time for the user to access the ticket purchasing node; calculate the access time probability sub The module is configured to calculate the ratio of the total time to the total access time and determine it as the access time probability of the user; the sub-module for determining the access abnormality degree is configured to calculate the access node probability and The access time probability is multiplied, and the access abnormality degree is determined according to the product result. In an optional embodiment, the collection module 602 includes: an embedded data collection package unit, configured to create a data collection on the platform hosting the ticket purchase page by embedding the data collection package on the platform hosting the ticket purchase page Interface: The calling collection interface unit is configured to collect the page access data by calling the data collection interface. In an optional embodiment, the determining module 604 includes: a reading number unit configured to read page click data, page access time data, and page jump data included in the page access data; a determining unit , Configured to determine the number of clicks the user clicks on the ticket purchase page based on the page click data, determine the user’s stay time on the ticket purchase page based on the page access time data, and determine the user’s stay on the page jump data based on the page jump data The number of jumps to the ticket purchase page; a product calculation unit configured to calculate the product of the number of clicks and a preset click weighting factor, the product of the stay time and the preset time weighting factor, and the The product of the number of jumps and the preset jump weight coefficient; the determining access anomaly degree unit is configured to sum the product results, and calculate the ratio between the sum result and the preset access anomaly standard value , As the degree of abnormal access. The user's ticket purchase behavior detection device provided by the present invention analyzes the user's page access data on the ticket purchase page to determine the degree of abnormal access, and realizes the preliminary detection of the user's ticket purchase behavior. When the access anomaly measurement value is less than the preset measurement threshold value of the ticket purchase dimension, the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user's ticket purchase behavior can be accurately determined. And when the user's ticket purchase behavior is detected, it is performed during the user's ticket purchase process, so that the user's ticket purchase behavior is seamlessly detected, which greatly reduces the interference to the user's ticket purchase process and optimizes The user experience effect, and the introduction of a honeypot mechanism to prevent and control users who have abnormal ticket purchase behaviors can effectively reduce the economic loss of the ticket seller, and can repair the loopholes in the ticket purchase page to prevent other Users who purchased tickets abnormally once again used page loopholes to falsely occupy seats. The foregoing is a schematic solution of a device for detecting a user's ticket purchase behavior in this embodiment. It should be noted that the technical solution of the user ticket purchase behavior detection device belongs to the same concept as the above technical solution of the user ticket purchase behavior detection device method. The details of the technical solution of the user ticket purchase behavior detection device that are not described in detail can be used. See the description of the technical solution of the above-mentioned user ticket purchase behavior detection device method. Fig. 7 shows a structural block diagram of a computing device 700 according to an embodiment of the present invention. The components of the computing device 700 include, but are not limited to, a memory 710 and a processor 720. The processor 720 and the memory 710 are connected through the bus 730, and the database 750 is used to store data. The computing device 700 also includes an access device 740 that enables the computing device 700 to communicate via one or more networks 760. Examples of these networks include public switched telephone network (PSTN), local area network (LAN), wide area network (WAN), personal area network (PAN), or a combination of communication networks such as the Internet. The access device 740 may include one or more of any type of wired or wireless network interface (for example, a network interface card (NIC)), such as IEEE802.11 wireless local area network (WLAN) wireless interface, global microwave Wi-MAX interface, Ethernet interface, universal serial bus (USB) interface, cellular network interface, Bluetooth interface, near field communication (NFC) interface, etc. In an embodiment of the present invention, the aforementioned components of the computing device 700 and other components not shown in FIG. 7 may also be connected to each other, for example, via a bus. It should be understood that the structural block diagram of the computing device shown in FIG. 7 is only for illustrative purposes, and is not intended to limit the scope of the present invention. Those skilled in the art can add or replace other components as needed. The computing device 700 can be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (for example, a tablet computer, a personal digital assistant, a notebook computer, a notebook computer, a light-saving laptop, etc.), a mobile phone (for example, Smart phones), wearable computing devices (for example, smart watches, smart glasses, etc.) or other types of mobile devices, or stationary computing devices such as desktop computers or PCs. The computing device 700 may also be a mobile or static server. Wherein, the processor 720 is configured to execute the following computer-executable instructions: collect the user's page access data on the ticket purchase page; determine the user's access abnormality on the ticket purchase page by analyzing the page access data; Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform the access anomaly calculation; the calculated access anomaly measurement value of the ticket purchase dimension is less than the ticket purchase dimension prediction In the case of setting the measurement threshold, the page access data is input into the ticket purchase behavior detection model to perform the ticket purchase behavior detection, and the output ticket purchase behavior detection result of the user is obtained. An embodiment of the present invention also provides a computer-readable storage medium, which stores computer instructions, when the instructions are executed by the processor, they are used to: collect the page access data of the user on the ticket purchase page; Analyze the data to determine the user's access anomaly degree on the ticket purchase page; input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform the access anomaly calculation; When the obtained access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold value of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model to perform the ticket purchase behavior detection, and the output of the user is obtained. Ticket purchase behavior test results. The foregoing is a schematic solution of a computer-readable storage medium of this embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the user ticket purchase behavior detection device method described above. For details that are not described in detail in the technical solution of the storage medium, please refer to the above user ticket purchase behavior detection device Description of the technical solution of the method. The foregoing describes specific embodiments of the present invention. Other embodiments are within the scope of the attached patent application. In some cases, the actions or steps described in the scope of the patent application may be performed in a different order from the embodiment and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired result. In some embodiments, multitasking and parallel processing are also possible or may be advantageous. The computer instruction includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms. The computer readable media may include: any entity or device capable of carrying the computer code, recording media, flash drives, mobile hard drives, floppy disks, optical disks, computer memory, read-only memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media. It should be noted that the content contained in the computer-readable media can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction. For example, in some jurisdictions, the computer can read according to the legislation and patent practice. The media does not include electric carrier signals and telecommunication signals. It should be noted that for the foregoing method embodiments, for simplicity of description, they are all expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described sequence of actions. Because according to the present invention, certain steps can be performed in other order or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the involved actions and modules are not necessarily all required by the present invention. In the above-mentioned embodiments, the description of each embodiment has its own focus. For a part that is not described in detail in an embodiment, reference may be made to related descriptions of other embodiments. The preferred embodiments of the present invention disclosed above are only used to help explain the present invention. The optional embodiment does not describe all the details in detail, nor does it limit the invention to only the described specific embodiments. Obviously, many modifications and changes can be made according to the content of the present invention. The present invention selects and specifically describes these embodiments in order to better explain the principles and practical applications of the present invention, so that those skilled in the art can understand and use the present invention well. The present invention is only limited by the scope of the patent application and its full scope and equivalents.

502~528:步驟 602:採集模組 604:確定模組 606:計算模組 608:檢測模組 700:計算設備 710:記憶體 720:處理器 730:匯流排 740:接入設備 750:資料庫 760:網路502~528: Steps 602: Acquisition Module 604: Confirm module 606: Computing Module 608: Detection Module 700: Computing equipment 710: Memory 720: processor 730: Bus 740: access device 750: database 760: network

[圖1] 是本發明一實施例提供的一種用戶購票行為檢測方法的流程圖; [圖2] 是本發明一實施例提供的一種用戶購票行為檢測方法中採集頁面存取資料過程的示意圖; [圖3] 是本發明一實施例提供的一種用戶購票行為檢測方法中行為鏈的結構示意圖; [圖4] 是本發明一實施例提供的一種用戶購票行為檢測方法中計算存取異常衡量數值過程的示意圖; [圖5] 是本發明一實施例提供的一種用戶購票行為檢測方法的處理過程流程圖; [圖6] 是本發明一實施例提供的一種用戶購票行為檢測裝置的結構示意圖; [圖7] 是本發明一實施例提供的一種計算設備的結構方塊圖。[Fig. 1] is a flowchart of a method for detecting user ticket purchase behavior provided by an embodiment of the present invention; [Figure 2] is a schematic diagram of the process of collecting page access data in a method for detecting user ticket purchase behavior provided by an embodiment of the present invention; [Figure 3] is a schematic structural diagram of a behavior chain in a method for detecting user ticket purchase behaviors according to an embodiment of the present invention; [Figure 4] is a schematic diagram of the process of calculating the access anomaly measurement value in a method for detecting user ticket purchase behavior provided by an embodiment of the present invention; [Figure 5] is a process flow chart of a method for detecting user ticket purchase behaviors according to an embodiment of the present invention; [Figure 6] is a schematic structural diagram of a user ticket purchase behavior detection device provided by an embodiment of the present invention; [Fig. 7] is a block diagram of the structure of a computing device provided by an embodiment of the present invention.

Claims (15)

一種用戶購票行為檢測方法,其特徵在於,包括: 採集用戶在購票頁面的頁面存取資料; 通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。A method for detecting user ticket purchase behavior, which is characterized in that it includes: Collect user access data on the ticket purchase page; By analyzing the access data of the page, determine the abnormal degree of the user's access to the ticket purchase page; Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output of the The user's ticket purchase behavior detection result. 根據請求項1所述的用戶購票行為檢測方法,其中,該通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度,包括: 通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈; 在該行為鏈中提取該用戶存取的購票節點以及在該購票節點的存取時間; 基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度。The method for detecting a user's ticket purchase behavior according to claim 1, wherein the determining the abnormality of the user's access to the ticket purchase page by analyzing the page access data includes: By analyzing the access data of the page, the behavior chain of the user on the ticket purchase page is obtained; Extract the ticket purchase node accessed by the user and the access time at the ticket purchase node in the behavior chain; The access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree. 根據請求項1所述的用戶購票行為檢測方法,其中,該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟執行之後,還包括: 在該購票行為檢測結果為非正常的情況下,將該用戶添加至非正常用戶名單,採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面; 採集該用戶在該蜜罐購票頁面的頁面存取資料; 通過對該用戶在該蜜罐購票頁面的頁面存取資料進行解析,確定該購票頁面的頁面漏洞; 基於該頁面漏洞對該購票頁面進行修復。The user ticket purchase behavior detection method according to claim 1, wherein the page access data is input into the ticket purchase behavior detection model to perform the ticket purchase behavior detection, and after the step of obtaining the output of the user's ticket purchase behavior detection result is executed, Also includes: When the result of the ticket purchase behavior is abnormal, the user is added to the list of abnormal users, and the honeypot mechanism is used to jump the ticket purchase page to the honeypot ticket purchase page; Collect the user's page access data on the honeypot ticket purchase page; By analyzing the user's page access data on the honeypot ticket purchase page, determine the page vulnerability of the ticket purchase page; Repair the ticket purchase page based on the page vulnerability. 根據請求項1所述的用戶購票行為檢測方法,其中,該將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算步驟執行之後,該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟執行之前,還包括: 在計算獲得的該存取異常衡量數值大於或等於該衡量閾值的情況下,將該購票頁面跳轉至驗證頁面,對該用戶的購票行為進行二次驗證; 在該用戶未通過該二次驗證的情況下,將該用戶添加至購票行為異常名單; 在該用戶通過該二次驗證的情況下,執行該將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果步驟。The user ticket purchase behavior detection method according to claim 1, wherein the access anomaly degree is input into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform the access anomaly calculation step, Before the step of inputting the page access data into the ticket purchase behavior detection model to perform the ticket purchase behavior detection, and obtain the output of the user's ticket purchase behavior detection result, the step further includes: In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, the ticket purchase page is redirected to the verification page, and the user's ticket purchase behavior is verified again; If the user fails the second verification, add the user to the list of abnormal ticket purchase behaviors; In the case that the user passes the secondary verification, the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained. 根據請求項1所述的用戶購票行為檢測方法,其中,該購票行為檢測模型通過如下方式訓練: 採集歷史用戶在該購票頁面的歷史頁面存取資料以及歷史購票行為結果; 對該歷史頁面存取資料對應的歷史購票行為結果添加行為標簽,將添加該行為標簽的歷史購票行為結果以及對應的歷史頁面存取資料作為訓練樣本; 將該訓練樣本輸入至基於該歷史頁面存取資料與該歷史購票行為結果的關聯關係構建的購票行為檢測模型進行訓練,獲得該購票行為檢測模型。The user ticket purchase behavior detection method according to claim 1, wherein the ticket purchase behavior detection model is trained in the following manner: Collect historical user access data on the historical page of the ticket purchase page and the results of historical ticket purchase behavior; Add a behavior tag to the historical ticket purchase behavior result corresponding to the historical page access data, and use the historical ticket purchase behavior result with the behavior tag added and the corresponding historical page access data as a training sample; The training sample is input into a ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket purchase behavior result for training, and the ticket purchase behavior detection model is obtained. 根據請求項1所述的用戶購票行為檢測方法,其中,該採集用戶在購票頁面的頁面存取資料步驟執行之後,還包括: 根據該頁面存取資料確定該用戶的購票帳戶; 檢測該購票帳戶中的購票記錄,確定該用戶在購票時間內的購票數目; 在該購票時間小於預設的時間閾值並該購票數目大於預設的數目閾值的情況下,凍結該購票帳戶。The method for detecting a user's ticket purchase behavior according to claim 1, wherein, after the step of collecting user information on the page of the ticket purchase page is executed, the method further includes: Determine the user's ticket purchase account according to the page access data; Check the ticket purchase records in the ticket purchase account to determine the number of tickets purchased by the user during the ticket purchase time; In the case that the ticket purchase time is less than the preset time threshold and the number of tickets purchased is greater than the preset number threshold, the ticket purchase account is frozen. 根據請求項1所述的用戶購票行為檢測方法,其中,該購票維度預設的衡量閾值通過如下方式確定: 獲取歷史用戶在該購票維度的歷史存取異常衡量數值; 計算該歷史存取異常衡量數值的平均值作為該購票維度預設的衡量閾值。The user ticket purchase behavior detection method according to claim 1, wherein the preset measurement threshold of the ticket purchase dimension is determined in the following manner: Obtain the historical abnormal measurement value of historical users in the ticket purchase dimension; Calculate the average value of the historical access abnormality measurement value as the preset measurement threshold of the ticket purchase dimension. 根據請求項2所述的用戶購票行為檢測方法,其中,該基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度,包括: 根據該頁面存取資料確定該用戶點擊的購票節點的第一節點數目,以及確定在該行為鏈中提取的該用戶存取的購票節點的第二節點數目; 計算該第一節點數目與該第二節點數目二者的比值,確定為該用戶的存取節點概率; 根據該頁面存取資料確定該用戶開啟該購票頁面的時間以及該用戶支付購票金額的時間; 基於該開啟該購票頁面的時間以及該用戶支付購票金額的時間確定該用戶購票的總時間,以及該用戶存取該購票節點的存取總時間; 計算該總時間與該存取總時間二者的比值,確定為該用戶的存取時間概率; 將該存取節點概率以及該存取時間概率進行乘積,根據乘積結果確定該存取異常度。The user ticket purchase behavior detection method according to claim 2, wherein the calculation of the access abnormality degree based on the ticket purchasing node and the access time, and the calculation result as the access abnormality degree includes: Determine the number of the first node of the ticket purchase node clicked by the user according to the page access data, and determine the number of the second node of the ticket purchase node accessed by the user extracted from the behavior chain; Calculate the ratio between the number of the first node and the number of the second node, and determine it as the access node probability of the user; Determine the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount according to the page access data; Determine the total time for the user to purchase tickets and the total time for the user to access the ticket purchasing node based on the time when the ticket purchase page is opened and the time when the user pays for the ticket purchase amount; Calculate the ratio of the total time to the total access time, and determine it as the user's access time probability; The access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result. 根據請求項1所述的用戶購票行為檢測方法,其中,該採集用戶在購票頁面的頁面存取資料,包括: 通過在承載該購票頁面的平台嵌入資料採集包,在承載該購票頁面的平台創建資料採集介面; 通過調用該資料採集介面採集該頁面存取資料。The method for detecting a ticket purchase behavior of a user according to claim 1, wherein the collection of user access data on the ticket purchase page includes: By embedding a data collection package on the platform hosting the ticket purchase page, create a data collection interface on the platform hosting the ticket purchase page; Collect the access data of this page by calling the data collection interface. 根據請求項1所述的用戶購票行為檢測方法,其中,該通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度,包括: 讀取該頁面存取資料中包含的頁面點擊資料、頁面存取時間資料以及頁面跳轉資料; 根據該頁面點擊資料確定該用戶點擊該購票頁面的點擊次數,根據該頁面存取時間資料確定該用戶在該購票頁面的停留時間,以及根據該頁面跳轉資料確定該用戶在該購票頁面的跳轉次數; 計算該點擊次數與預設的點擊權重係數二者的乘積,該停留時間與預設的時間權重係數二者的乘積,以及該跳轉次數與預設的跳轉權重係數二者的乘積; 將乘積結果進行求和,並計算求和結果與預設的存取異常標準值二者的比值,作為該存取異常度。The method for detecting a user's ticket purchase behavior according to claim 1, wherein the determining the abnormality of the user's access to the ticket purchase page by analyzing the page access data includes: Read the page click data, page access time data and page jump data contained in the page access data; Determine the number of clicks the user clicks on the ticket purchase page according to the page click data, determine the user’s stay time on the ticket page according to the page access time data, and determine the user’s stay on the ticket page according to the page jump data The number of jumps; Calculate the product of the number of clicks and the preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the product of the number of jumps and the preset jump weighting factor; The product result is summed, and the ratio of the sum result and the preset access abnormality standard value is calculated as the access abnormality degree. 一種用戶購票行為檢測裝置,其特徵在於,包括: 採集模組,被配置為採集用戶在購票頁面的頁面存取資料; 確定模組,被配置為通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 計算模組,被配置為將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 檢測模組,被配置為在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。A user ticket purchase behavior detection device, which is characterized in that it comprises: The collection module is configured to collect user access data on the ticket purchase page; The determining module is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data; The calculation module is configured to input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; The detection module is configured to input the page access data into the ticket purchase behavior detection model to purchase tickets when the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension Behavior detection, to obtain the output of the user's ticket purchase behavior detection result. 根據請求項11所述的用戶購票行為檢測裝置,其中,該確定模組,包括: 解析單元,被配置為通過對該頁面存取資料進行解析,獲得該用戶在該購票頁面的行為鏈; 提取單元,被配置為在該行為鏈中提取該用戶存取的購票節點以及在該購票節點的存取時間; 計算單元,被配置為基於該購票節點以及該存取時間進行存取異常度計算,將計算結果作為該存取異常度。The user ticket purchase behavior detection device according to claim 11, wherein the determination module includes: The parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by analyzing the page access data; The extraction unit is configured to extract the ticket purchasing node accessed by the user and the access time at the ticket purchasing node in the behavior chain; The calculation unit is configured to calculate the access abnormality degree based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality degree. 根據請求項11所述的用戶購票行為檢測裝置,其中,還包括: 跳轉模組,被配置為在該購票行為檢測結果為非正常的情況下,將該用戶添加至非正常用戶名單,採用蜜罐機制將該購票頁面跳轉至蜜罐購票頁面; 採集頁面存取資料模組,被配置為採集該用戶在該蜜罐購票頁面的頁面存取資料; 確定頁面漏洞模組,被配置為通過對該用戶在該蜜罐購票頁面的頁面存取資料進行解析,確定該購票頁面的頁面漏洞; 修復模組,被配置為基於該頁面漏洞對該購票頁面進行修復。The device for detecting user ticket purchase behavior according to claim 11, which further includes: The jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot ticket purchase page; The page access data collection module is configured to collect the page access data of the user on the honeypot ticket purchase page; The page vulnerability determination module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user's ticket purchase page on the honeypot; The repair module is configured to repair the ticket purchase page based on the page vulnerability. 一種計算設備,其特徵在於,包括: 記憶體和處理器; 該記憶體用於儲存電腦可執行指令,該處理器用於執行該電腦可執行指令: 採集用戶在購票頁面的頁面存取資料; 通過對該頁面存取資料進行解析,確定該用戶在該購票頁面的存取異常度; 將該存取異常度輸入至該購票頁面所屬的購票維度對應的存取異常衡量函數進行存取異常計算; 在計算獲得的該購票維度的存取異常衡量數值小於該購票維度預設的衡量閾值的情況下,將該頁面存取資料輸入購票行為檢測模型進行購票行為檢測,獲得輸出的該用戶的購票行為檢測結果。A computing device, characterized in that it comprises: Memory and processor; The memory is used to store computer executable instructions, and the processor is used to execute the computer executable instructions: Collect user access data on the ticket purchase page; By analyzing the access data of the page, determine the abnormal degree of the user's access to the ticket purchase page; Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output of the The user's ticket purchase behavior detection result. 一種電腦可讀取儲存媒體,其儲存有電腦指令,其特徵在於,該指令被處理器執行時實現如請求項1至10中任一項所述用戶購票行為檢測方法的步驟。A computer-readable storage medium, which stores computer instructions, is characterized in that, when the instructions are executed by a processor, the steps of the user ticket buying behavior detection method as described in any one of request items 1 to 10 are realized.
TW109116688A 2019-09-27 2020-05-20 Method and device for detecting ticket purchase behavior of user TWI740507B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910922200.5A CN110675228B (en) 2019-09-27 2019-09-27 User ticket buying behavior detection method and device
CN201910922200.5 2019-09-27

Publications (2)

Publication Number Publication Date
TW202113694A true TW202113694A (en) 2021-04-01
TWI740507B TWI740507B (en) 2021-09-21

Family

ID=69079757

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109116688A TWI740507B (en) 2019-09-27 2020-05-20 Method and device for detecting ticket purchase behavior of user

Country Status (3)

Country Link
CN (1) CN110675228B (en)
TW (1) TWI740507B (en)
WO (1) WO2021057131A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110675228B (en) * 2019-09-27 2021-05-28 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device
CN111260440B (en) * 2020-01-15 2023-07-18 中国铁道科学研究院集团有限公司电子计算技术研究所 Order processing method, order processing device, storage medium and computer equipment
CN111598162A (en) * 2020-05-14 2020-08-28 万达信息股份有限公司 Cattle risk monitoring method, terminal equipment and storage medium
CN112801668A (en) * 2021-02-05 2021-05-14 绿盟科技集团股份有限公司 Method for preventing automatic ticket swiping
CN115277142A (en) * 2022-07-18 2022-11-01 支付宝(杭州)信息技术有限公司 Safety protection method and device, storage medium and electronic equipment
CN117421729B (en) * 2023-12-18 2024-04-26 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902366B (en) * 2009-05-27 2014-03-12 北京启明星辰信息技术股份有限公司 Method and system for detecting abnormal service behaviors
US20170134405A1 (en) * 2015-11-09 2017-05-11 Qualcomm Incorporated Dynamic Honeypot System
CN106982196B (en) * 2016-01-19 2020-07-31 阿里巴巴集团控股有限公司 Abnormal access detection method and equipment
CN105808639B (en) * 2016-02-24 2021-02-09 平安科技(深圳)有限公司 Network access behavior identification method and device
CN106101116B (en) * 2016-06-29 2019-01-08 东北大学 A kind of user behavior abnormality detection system and method based on principal component analysis
CN106453357A (en) * 2016-11-01 2017-02-22 北京红马传媒文化发展有限公司 Network ticket buying abnormal behavior recognition method and system and equipment
CN106657007A (en) * 2016-11-18 2017-05-10 北京红马传媒文化发展有限公司 Method for recognizing abnormal batch ticket booking behavior based on DBSCAN model
CN107481090A (en) * 2017-07-06 2017-12-15 众安信息技术服务有限公司 A kind of user's anomaly detection method, device and system
CN108055281B (en) * 2017-12-27 2021-05-18 百度在线网络技术(北京)有限公司 Account abnormity detection method, device, server and storage medium
CN108229749A (en) * 2018-01-16 2018-06-29 厦门快商通信息技术有限公司 Bad booking behavior management method based on deep learning
CN109167773B (en) * 2018-08-22 2021-01-26 杭州安恒信息技术股份有限公司 Access anomaly detection method and system based on Markov model
CN109255230A (en) * 2018-09-29 2019-01-22 武汉极意网络科技有限公司 Recognition methods, system, user equipment and the storage medium of abnormal verifying behavior
CN110148034A (en) * 2019-04-24 2019-08-20 珠海市珠澳跨境工业区好易通科技有限公司 A kind of excellent device and method of online shopping system architecture
CN110119896A (en) * 2019-05-13 2019-08-13 湖南易景通智能科技有限公司 A kind of anti-down bill system in scenic spot
CN110675228B (en) * 2019-09-27 2021-05-28 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device

Also Published As

Publication number Publication date
WO2021057131A1 (en) 2021-04-01
TWI740507B (en) 2021-09-21
CN110675228B (en) 2021-05-28
CN110675228A (en) 2020-01-10

Similar Documents

Publication Publication Date Title
TWI740507B (en) Method and device for detecting ticket purchase behavior of user
JP7073343B2 (en) Security vulnerabilities and intrusion detection and repair in obfuscated website content
US20170293953A1 (en) User to website guaranteed shopping
US10755196B2 (en) Determining retraining of predictive models
US11768945B2 (en) Machine learning system for determining a security vulnerability in computer software
CN110442712B (en) Risk determination method, risk determination device, server and text examination system
US11429565B2 (en) Terms of service platform using blockchain
US11785030B2 (en) Identifying data processing timeouts in live risk analysis systems
CN111078880A (en) Risk identification method and device for sub-application
CN106603327A (en) Behavior data analysis method and device
Wang et al. Into the deep web: Understanding e-commercefraud from autonomous chat with cybercriminals
CN111951008A (en) Risk prediction method and device, electronic equipment and readable storage medium
Wang et al. A Detection Method for Abnormal Transactions in E‐Commerce Based on Extended Data Flow Conformance Checking
CN106330811A (en) Domain name credibility determination method and device
Kumar et al. Crime activities prediction system in video surveillance by an optimized deep learning framework
US11818159B2 (en) Website guest risk assessment and mitigation
US20190205926A1 (en) Method and system for detecting fraudulent user-content provider pairs
CN113298121A (en) Message sending method and device based on multi-data source modeling and electronic equipment
Yang et al. Based big data analysis of fraud detection for online transaction orders
CN116091249A (en) Transaction risk assessment method, device, electronic equipment and medium
WO2023283349A1 (en) Fraud detection and prevention system
CN115048561A (en) Recommendation information determination method and device, electronic equipment and readable storage medium
US20170076292A1 (en) Enhanced fraud screening process for filtering of network statistics in order to detect, block, and deter fraudulent on-line activity
CN114357403A (en) User login request processing method and device based on equipment credibility and equipment
Taneja et al. Reputation based novel trust management framework with enhanced availability for cloud