WO2021057131A1 - User ticket purchase behavior detection method and device - Google Patents

User ticket purchase behavior detection method and device Download PDF

Info

Publication number
WO2021057131A1
WO2021057131A1 PCT/CN2020/097581 CN2020097581W WO2021057131A1 WO 2021057131 A1 WO2021057131 A1 WO 2021057131A1 CN 2020097581 W CN2020097581 W CN 2020097581W WO 2021057131 A1 WO2021057131 A1 WO 2021057131A1
Authority
WO
WIPO (PCT)
Prior art keywords
ticket purchase
page
user
ticket
access
Prior art date
Application number
PCT/CN2020/097581
Other languages
French (fr)
Chinese (zh)
Inventor
周荣旺
杨程远
张恒
杨志雄
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021057131A1 publication Critical patent/WO2021057131A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment

Definitions

  • This application relates to the field of Internet information management technology, and in particular to a method for detecting user ticket purchase behavior.
  • This application also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium.
  • a user-visible verification mechanism will be introduced to the user's ticket purchase process, such as sliding verification or SMS verification to verify the user's ticket purchase behavior, but the verification mechanism is introduced for purchase.
  • Ticket verification is also a huge expense for ticketing agencies, and manual supervision of the ticket purchase process is also required, which is a waste of material and manpower.
  • an embodiment of the present application provides a method for detecting a user's ticket purchase behavior.
  • This application also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium to solve related technical defects.
  • a method for detecting a user's ticket purchase behavior including:
  • the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
  • the step of analyzing the page access data to determine the abnormality of the user's access to the ticket purchase page includes:
  • the access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree.
  • the method further includes:
  • the page access data is input into the ticket purchase behavior
  • the detection model performs ticket purchase behavior detection, and before the step of obtaining the output of the user's ticket purchase behavior detection result is executed, it also includes:
  • the calculated access abnormality measurement value is greater than or equal to the measurement threshold, jump the ticket purchase page to a verification page, and perform a second verification on the user's ticket purchase behavior;
  • the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained.
  • the ticket purchase behavior detection model is trained in the following manner:
  • the training samples are input to a ticket buying behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket buying behavior results, and the ticket buying behavior detection model is obtained.
  • the method further includes:
  • the ticket purchase account is frozen.
  • the preset measurement threshold of the ticket purchase dimension is determined in the following manner:
  • the calculation of the access abnormality degree based on the ticket purchasing node and the access time, and using the calculation result as the access abnormality degree includes:
  • the access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result.
  • the collection of page access data of the user on the ticket purchase page includes:
  • the step of analyzing the page access data to determine the abnormality of the user's access to the ticket purchase page includes:
  • the product result is summed, and the ratio between the sum result and the preset access abnormality standard value is calculated as the access abnormality degree.
  • a user ticket purchase behavior detection device including:
  • the collection module is configured to collect user access data on the ticket purchase page
  • the determining module is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data
  • a calculation module configured to input the access anomaly degree into an access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation;
  • the detection module is configured to input the page access data into the ticket purchase behavior detection model to purchase tickets when the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension. Behavior detection, to obtain the output detection result of the user's ticket purchase behavior.
  • the determining module includes:
  • the parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by parsing the page access data
  • An extracting unit configured to extract the ticket purchasing node visited by the user and the time of visit at the ticket purchasing node in the behavior chain;
  • the calculation unit is configured to perform an access abnormality calculation based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality.
  • the device for detecting user ticket purchase behavior further includes:
  • the jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot purchase ticket page;
  • a page access data collection module configured to collect page access data of the user on the honeypot ticket purchase page
  • the page vulnerability determining module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user on the honeypot ticket purchase page;
  • the repair module is configured to repair the ticket purchase page based on the page vulnerability.
  • a computing device including:
  • the memory is used to store computer-executable instructions
  • the processor is used to execute the computer-executable instructions:
  • the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
  • a computer-readable storage medium which stores computer-executable instructions that, when executed by a processor, implement any of the steps of the user ticket purchase behavior detection method.
  • the user's ticket purchase behavior detection method collects the user's page access data on the ticket purchase page; analyzes the page access data to determine the abnormal degree of the user's access to the ticket purchase page; The access anomaly degree is input into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement of the ticket purchase dimension In the case of a threshold value, the page access data is input into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection, and the output of the user's ticket purchasing behavior detection result is obtained.
  • the degree of access abnormality is determined according to the page access data of the user on the ticket purchase page, which implements preliminary detection of the user's ticket purchase behavior, and measures the abnormal access
  • the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user's ticket purchase behavior can be accurately determined.
  • the user’s ticket purchase behavior is detected, it is carried out during the user’s ticket purchase process, so that the user’s ticket purchase behavior can be seamlessly detected, which greatly reduces the interference to the user’s ticket purchase process and optimizes Improve the user experience effect.
  • FIG. 1 is a flowchart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application
  • FIG. 2(a) is a schematic diagram of a process of collecting page access data in a method for detecting user ticket purchase behavior provided by an embodiment of the present application;
  • FIG. 2(b) is a schematic diagram of a process of collecting page access data in a method for detecting user ticket purchase behavior provided by an embodiment of the present application;
  • FIG. 3 is a schematic structural diagram of a behavior chain in a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application
  • FIG. 4 is a schematic diagram of a process of calculating an access abnormality measurement value in a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application;
  • FIG. 5 is a process flow chart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application
  • FIG. 6 is a schematic structural diagram of a user ticket purchase behavior detection device provided by an embodiment of the present application.
  • Fig. 7 is a structural block diagram of a computing device provided by an embodiment of the present application.
  • first, second, etc. may be used to describe various information in one or more embodiments of the present application, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • the first may also be referred to as the second, and similarly, the second may also be referred to as the first.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.
  • Honeypot mechanism In essence, it is a technology to deceive the attacker. By arranging some hosts, network services or information as bait, the attacker can be induced to attack them, so that the attack behavior can be captured and analyzed to understand The tools and methods used by the attacker to speculate the intention and motivation of the attack can allow the defender to clearly understand the security threats they are facing, and use technology and management methods to enhance the security protection capabilities of the actual system.
  • This application also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium.
  • a user ticket purchase behavior detection device e.g., a smartphone, a tablet, or a smart phone.
  • FIG. 1 shows a flow chart of a method for detecting a user's ticket purchase behavior according to an embodiment of the present application
  • Fig. 2(a) shows a method for detecting a user's ticket purchase behavior according to an embodiment of the present application
  • Figure 2(b) shows a schematic diagram of the process of collecting page access data in a method for detecting user ticket purchase behavior according to an embodiment of the present application
  • Figure 3 shows a schematic diagram of the process of collecting page access data according to one embodiment of the present application.
  • the embodiment provides a schematic structural diagram of a behavior chain in a method for detecting a user's ticket purchase behavior
  • FIG. 4 shows a schematic diagram of a process of calculating an access anomaly measurement value in a method for detecting a user's ticket purchase behavior according to an embodiment of the present application
  • FIG. 1 includes step 102 to step 108.
  • Step 102 Collect page access data of the user on the ticket purchase page.
  • the ticket purchase page in an embodiment of this application may be a ticket purchase page for air travel tickets, a ticket purchase page for competition tickets, a ticket purchase page for tourist attractions tickets, or a ticket purchase page for concert tickets, etc.
  • the page access data may be the access data of the user accessing the ticket purchase page for selling air travel tickets, the access data of the user accessing the ticket purchase page for selling competition tickets, the access data of the user accessing the ticket purchase page for selling tourist attraction tickets, or The access data of the user to the ticket purchase page for selling concert tickets, etc.; wherein the access data may be data such as the number of clicks, the browsing time, and the number of tickets purchased by the user on the corresponding ticket purchase page.
  • a user purchases a train ticket from location A to location B on a webpage selling train tickets
  • the content browsed on the A webpage is all the user's page visit data on the A webpage.
  • the method for detecting the user's ticket purchase behavior is described. Based on this, in order to avoid this problem when the user purchases air tickets through the ticket purchase page, The user is an abnormal user who falsely occupies a seat and needs to conduct real-time detection of the user’s ticket purchase behavior.
  • the user sets the verification interface during the purchase of air tickets to prevent the user from falsely occupying the seat through the software. It can enable users with real needs to buy air tickets. It can be seen that the user’s ticket purchase behavior is detected during the user’s ticket purchase process, so that the user can purchase the required air ticket. In this process, the user’s ticket is effectively verified. Ticket purchase behavior plays a very important role.
  • the user’s ticket purchase behavior detection method provided in this application is designed to enable users to save the verification process of ticket purchase behavior during the process of purchasing air tickets, and also to prevent and control false seat occupations.
  • the page access data of the airline ticket page is analyzed to obtain the user’s access anomaly degree on the airline ticket purchase page.
  • the ticket purchase behavior detection model is used to further detect the user's ticket purchase behavior, so that the user's purchase behavior can be accurately determined State, and then realize the traceless detection of the user's purchase of air tickets, verify the user's purchase of air tickets without disturbing the user's purchase of air tickets, and avoid false seat occupations that lead to unsalable air tickets When this happens, it saves time for the user to purchase air tickets, and saves manpower and material resources for the seller of air tickets.
  • the page access data of the user on the ticket purchase page is collected, and the specific implementation manner is as follows:
  • the user’s page access can be automatically collected Data
  • the data collection package can be in SDK (Software Development Kit) format or JS (JavaScript) code fragments.
  • SDK Software Development Kit
  • JS JavaScript
  • the data collection package after embedding the data collection package into the platform of the ticket purchase page, the data collection package needs to be decompressed to obtain the code fragments in the data collection package, and then load the code fragments to the ticket purchase page
  • the corresponding development terminal can automatically collect page access data on the ticket purchase page.
  • Figure 2(a) is a schematic diagram of the ticket purchase page for a user to purchase a ticket. It can be determined that when a user purchases a ticket, he needs to add the information of the ticket purchaser first. When the user fills in the ticket purchase information, The ticket purchase page will obtain the user's page access data on the ticket purchase page according to the code corresponding to the data collection interface running in the background. The code corresponding to the page access data collected through the data collection interface is shown in Figure 2(b), according to Figure 2. (b) As shown in the content, it can be determined that the user is at the coordinates (1182, 273) on the ticket purchase page, time: 4068, and starts to input the certificate number, which is 1, 8....
  • the ticket purchase page can automatically collect the user's page access data on the ticket purchase page in real time, which improves the detection of the user's ticket purchase behavior s efficiency.
  • the user’s ticket purchasing account may be preliminarily detected, and there is an abnormality in the ticket purchasing account.
  • the ticket purchase account can be frozen, and the specific implementation method is as follows:
  • the ticket purchase account is frozen.
  • the page access data is used to determine the ticket purchase account that the user logs in on the ticket purchase page, detect the ticket purchase record in the ticket purchase account, and determine the number of tickets purchased by the user during each ticket purchase time. , By judging whether the ticket purchase time is less than the time threshold, and the number of tickets purchased is greater than the number threshold, so as to determine whether the ticket purchase behavior of the user is an abnormal behavior.
  • the ticket purchasing account of may be an account used by abnormal users to occupy tickets.
  • the ticket purchasing account can be frozen. The freezing of the ticket purchasing account specifically refers to prohibiting the ticket purchasing account from purchasing tickets again, and reminding the user to freeze time.
  • ticket purchasing account A to purchase 5 plane tickets through webpage B as an example to describe whether there is any abnormal behavior in the ticket purchasing account.
  • the ticket purchasing account A is the user through the ticket sales page of webpage B.
  • User A, User B, User C, User D, and User E purchased 5 air tickets from city A to city B, which took 30 seconds.
  • the time threshold set by web page B is 5 minutes, and the number threshold is 3
  • the account is frozen to prevent users from continuing to use the ticket-purchasing account for abnormal ticket purchases, so that the interests of the ticket seller are effectively protected.
  • the ticket purchase account can be unfrozen by negotiating with the manual customer service, but the premise is that the user needs to provide valid proof, such as providing purchase Only when a copy of the ticket holder's ID or face recognition is performed on the user to confirm that the user has no problems can the ticket purchase account be unfrozen.
  • Step 104 Determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data.
  • the abnormal access probability occurs. For example, the time to buy a ticket is about 300 seconds under normal circumstances, but the user actually spends 30 seconds to buy the ticket.
  • the abnormality of the user's access may be determined in the following manner:
  • the access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree.
  • the page access data is further analyzed to obtain the behavior chain of the user on the ticket purchase page, and the behavior chain specifically refers to the user A link composed of behaviors generated during the ticket purchase process on the ticket purchase page.
  • the behavior chain contains data such as the user's access path and the user's access time, and then extracts the user's access in the behavior chain.
  • the ticket purchase node of the ticket purchase page and the visit time of the user at the ticket purchase node are calculated based on the ticket purchase node and the visit time, and the user's visit abnormality degree is determined according to the calculation result .
  • the ticket purchasing node is a node that the user needs to pass through in the process of purchasing a ticket on the ticket purchasing page, that is, the user's activity point.
  • predict the ticket purchase nodes that the user needs to pass through during the ticket purchase process to obtain the user's predicted ticket purchase sequence, and then determine the ticket purchase node that the user has visited according to the user's page access data, determine the user's actual ticket purchase sequence, and finally
  • the actual ticket purchase sequence adjusts the predicted ticket purchase sequence, deletes the ticket purchase nodes that the user is unlikely to appear in the predicted ticket purchase sequence, and obtains the behavior chain.
  • FIG. 3 for a structural diagram of the behavior chain, where the quadrilateral represents the user's stay time (visit time) at the activity point (ticket purchasing node), and the circle represents the activity point visited by the user. See Figure 3 to see that the user is at activity point 1.
  • the stay time is 15s
  • the first method of calculating the degree of abnormal access is as follows:
  • the access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result.
  • the number of first nodes of the ticket purchasing node clicked by the user is determined according to the page access data, and the first node number is the number of ticket purchasing nodes clicked by the user, and at the same time it is determined that the behavior chain is extracted
  • the number of the second node of the node visited by the user, the number of the second node is the number of ticket-purchasing nodes that the user has visited, and the ratio of the number of the first node to the number of the second node is calculated to determine the
  • the access node probability of the user the access node probability specifically refers to the ratio of the number of ticket purchasing nodes opened and visited by the user to the total number of ticket purchasing nodes clicked by the user, that is, the access node probability;
  • the time of the ticket purchase page is determined as the total time spent by the user during this ticket purchase process.
  • the user's visit time at each ticket purchase node during this ticket purchase process is summed, Determine the total visit time of the user, and based on this, calculate the ratio of the total time to the total visit time as the visit time probability of the user visiting the ticket purchase page;
  • the product result is used as the access abnormality degree.
  • the access node probability is specifically used to describe the probability that the user accesses the ticket purchasing node on the ticket purchasing page
  • the access time probability is specifically used to describe the user’s access to the ticket purchasing page. The probability that the time spent visiting the ticket purchasing node is abnormal.
  • the second type of access abnormality is calculated The implementation is as follows:
  • the product result is summed, and the ratio between the sum result and the preset access abnormality standard value is calculated as the access abnormality degree.
  • the collected page access data further, read the page click data, the page access time data, and the page jump data included in the page access data, wherein the page Click data specifically refers to the number of times the user clicks on the ticket purchase page, the page access time data specifically refers to the total time the user visits the ticket purchase page, and the page jump data specifically refers to the user's The number of jumps to the sub-pages contained in the ticket purchase page during the ticket purchase process on the ticket page
  • the product of the number of clicks and the click weight coefficient corresponding to the page click data dimension is calculated, and the calculation result is used as the first calculation result, and the first calculation result is used to indicate the click data on the page
  • the weight value of the dimension calculate the product of the dwell time and the time weight coefficient corresponding to the page access time data dimension, and use the calculation result as the second calculation result, and the second calculation result is used to indicate the The weight value of the page access time data dimension; calculate the product of the number of jumps and the jump weight coefficient corresponding to the page jump data dimension, and use the calculation result as the third calculation result, the third calculation result Used to indicate the weight value of the page jump dimension;
  • the access abnormality standard value can be obtained by collecting data of a large number of historical users in different dimensions, determining the weight values in different dimensions according to the above calculation process, and calculating the average value of the sum of the weight values of a large number of historical users after summing the weight values.
  • the access abnormal standard value in actual applications can be set according to actual application scenarios, and this application does not make any limitation here.
  • Step 106 Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation.
  • the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs is determined, and the ticket purchase dimension is specifically Refers to the ticket purchase scenarios of different types of ticket purchases. For example, if a user purchases a train ticket on the train ticket purchase page, the visit anomaly measurement function in the train ticket purchase dimension will be determined; based on this, the visit anomaly degree is input To the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs, calculate the access abnormality degree of the user according to the access abnormality measurement function, and determine the access abnormality measurement value.
  • the access abnormality measurement function corresponding to the ticket purchase dimension may be the MAX function, the MIN function, or the AVG function; the maximum value of the access abnormality measurement value can be calculated by the MAX function, and the MIN function can be used Calculate the minimum value of the access abnormality measurement value or calculate the average value of the access abnormality measurement value through the AVG function; the access abnormality measurement function corresponding to the ticket purchase dimension can be set according to actual application scenarios. This application There are no restrictions here.
  • n is the value corresponding to the seat ticket.
  • the airline needs to calculate the purchase of each ticket corresponding to the purchase user.
  • the average value of access anomaly measurement values see Figure 4, which shows a schematic diagram of the process of calculating access anomaly measurement values.
  • the access anomaly measurement function Hn is used to calculate the access anomaly measurement values H1, H2, ... Hn of each user, and then according to the subsequent The processing process determines whether each user has false seat occupation.
  • the calculated access anomaly The measurement value is compared with the preset measurement threshold. In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, the user needs to be verified twice.
  • the specific implementation is as follows:
  • the calculated access abnormality measurement value is greater than or equal to the measurement threshold, jump the ticket purchase page to a verification page, and perform a second verification on the user's ticket purchase behavior;
  • the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained.
  • the calculated access abnormality measurement value is compared with a preset measurement threshold, and if the calculated access abnormality measurement value is greater than or equal to the measurement threshold, the ticket purchase of the user is explained There is an abnormal behavior, and the user needs to be verified twice.
  • the second verification specifically refers to requesting the user to verify by jumping to the second verification page.
  • the verification method can be the input of the verification code and the second verification process. Need to be done manually by the user;
  • the list of abnormal ticket purchase behaviors refers to the list created by users who have not passed the verification in the case of the first verification; in the case of the second verification of the user, it indicates that the user's ticket purchase behavior is normal, and the follow-up Step 108 is enough.
  • the user can be directly added to the list of abnormal ticket purchase behaviors, and the calculated access abnormality value will be added to the list of abnormal ticket purchase behaviors.
  • the abnormal measurement value is equal to the measurement threshold, the user is verified for a second time, and the user's ticket purchase behavior is further verified by levels, so that the verification process becomes faster.
  • Airline A verifies the ticket purchase behaviors of users X and Y to avoid false seat occupations.
  • user X’s access abnormality measurement value is 7.
  • Y’s access abnormality measurement value is 9, where the measurement threshold value is 8.
  • the comparison it is determined that the user X’s access abnormality measurement value is less than the measurement threshold.
  • user X’s ticket purchase behavior is initially judged to be normal, and subsequent ticket purchase behavior verification is performed. Yes, the access abnormality measurement value of user Y is greater than the measurement threshold, and user Y needs to be verified twice. By jumping to the preset secondary verification interface, user Y is verified.
  • User Y’s current ticket purchase behavior is preliminarily judged to be normal, and the subsequent ticket purchase behavior verification can be performed.
  • user Y fails the verification it means that user Y’s current ticket purchase behavior is preliminarily judged to be abnormal, and the user Y is added to the list of abnormal ticket purchase behaviors.
  • the user Before the ticket buying behavior detection model is used to detect the ticket buying behavior, the user can be preliminarily judged whether the user's ticket buying behavior is normal by verifying the user according to the user's abnormal access measurement value.
  • the preliminary judgment process can eliminate users with abnormal ticket purchase behaviors, avoiding the secondary verification of users who already have abnormal ticket purchase behaviors in the subsequent ticket purchase behavior detection process, which not only saves the user's ticket purchase behavior.
  • the detection time of behavior detection also saves the cost incurred by the seller in the verification process.
  • Step 108 When the calculated access abnormality measurement value of the ticket purchase dimension is less than the preset measurement threshold value of the ticket purchase dimension, input the page access data into the ticket purchase behavior detection model to perform ticket purchase behavior detection. Obtain the output detection result of the user's ticket purchase behavior.
  • the user based on the above-mentioned access anomaly calculation using the access anomaly measurement function corresponding to the ticket purchase dimension, further, the user’s access anomaly measurement value is determined according to the access anomaly measurement function, and the location abnormality The measurement value is compared with the measurement threshold.
  • the page access data is input to the ticket purchase behavior detection model to further detect the user's ticket purchase behavior, and the ticket purchase behavior detection model outputs the user
  • the ticket purchase behavior detection result of the ticket purchase behavior includes the user's normal ticket purchase, the user's abnormal ticket purchase, and the user's abnormal ticket purchase;
  • the user’s normal ticket purchase specifically refers to the user’s normal purchase of the required ticket through the ticket purchase page
  • the user’s abnormal ticket purchase specifically refers to the situation where the user normally purchases the ticket through the ticket purchase page and the abnormal purchase occurs.
  • Ticket behavior such as buying tickets too fast, may cause users to purchase tickets abnormally.
  • the user can be verified twice. If the verification is passed, it will not affect the user's ticket purchase, and the user is abnormal Ticket purchase specifically refers to the fact that the user falsely occupies a seat through abnormal means through the ticket purchase page.
  • the The preset measurement threshold of the ticket purchase dimension is determined as follows:
  • the large number of historical users of the ticket purchase page collects the historical access abnormality measurement values of the large number of historical users in the ticket purchase dimension to which the ticket purchase page belongs, and averages the historical access abnormality measurement values of a large number of historical users as The preset measurement threshold of the ticket purchase dimension.
  • the measurement threshold can also be preset through the feedback anonymous inquiry method.
  • the feedback anonymous inquiry method is the expert survey method, which specifically refers to a platform that hosts the ticket purchase page to form a special prediction agency , Including a number of experts and ticket purchase predictors, according to the prescribed procedures, back-to-back consulting experts on the opinions and judgments of the ticket users, and then proceed to determine the measurement threshold method.
  • the ticket purchase behavior detection model is trained in the following manner :
  • the training samples are input to a ticket buying behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket buying behavior results, and the ticket buying behavior detection model is obtained.
  • the ticket purchase behavior detection model is a supervised learning model. Based on this, the historical page access data and historical ticket purchase behavior results of historical users on the ticket purchase page are collected, and the historical page access data corresponds to Add a behavior tag to the historical ticket purchase behavior result, and use the historical ticket purchase behavior result with the behavior tag added and the corresponding historical page access data as a training sample.
  • the training sample contains the historical page access data of each historical user and its corresponding The result of historical ticket purchase behavior, the training sample is input to the ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the result of the historical ticket purchase behavior for training, and the ticket purchase behavior can be obtained Check the model.
  • the user is added to the list of abnormal users, and the non-normal user
  • the normal user list specifically refers to the list determined by the platform hosting the ticket purchase page as an abnormal user to join, and users who are added to the abnormal user list are not allowed to purchase through the ticket purchase page within a set time
  • the ticket purchase behavior of the user is abnormal, it means that the ticket purchase page has page loopholes, which are used by the user, and the page loopholes need to be repaired.
  • the honeypot mechanism is used to fix the page loopholes.
  • the ticket purchase page jumps to the honeypot ticket purchase page, collects the user's page access data on the honeypot ticket purchase page, and analyzes the page access data to determine how the user hacks the ticket purchase page and how the user bypasses it.
  • the method of using the prevention and control mechanism of the ticket purchase page is used to determine the page vulnerabilities of the ticket purchase page, and the page vulnerabilities used by the user are repaired to improve the prevention and control ability of the ticket purchase page.
  • the user may exploit the page vulnerability by cracking certain parts of the ticket purchase page.
  • the cracked place can be further encrypted to prevent subsequent access. The user cracks, thereby avoiding the occurrence of false seat occupation.
  • the above-mentioned airline A's detection of user Y's ticket purchase behavior through the ticket purchase behavior detection model is still used as an example to describe the process of fixing page vulnerabilities.
  • the ticket purchase behavior is output from the ticket purchase behavior detection model.
  • the detection result confirms that user Y’s ticket purchase behavior is abnormal, then user Y is added to the list of abnormal users set by Airline A, and user Y is not allowed to make purchases through Airline A’s ticket purchase page within 3 years.
  • Tickets, and jump the ticket purchase page of Airline A to the honeypot ticket purchase page collect the user's page access data on the honeypot ticket purchase page, and further determine the page loopholes in the Airline A ticket purchase page, through the page loopholes Carry out repairs to prevent other users from taking advantage of page loopholes to cause A airline to incur economic losses.
  • the page vulnerability of the ticket purchase page can be effectively determined.
  • the page vulnerabilities are repaired to avoid more losses.
  • the user's ticket purchase behavior detection method provided by the present application analyzes the user's page access data on the ticket purchase page to determine the degree of access abnormality, and realizes the preliminary detection of the user's ticket purchase behavior.
  • the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user can be accurately determined
  • the ticket purchase behavior of the user is detected during the user's ticket purchase process, so that the user's ticket purchase behavior is seamlessly detected, which greatly reduces the user's ticket purchase behavior.
  • the interference of the process optimizes the user’s experience.
  • the honeypot mechanism is introduced to prevent and control users who have abnormal ticket purchase behaviors, which can effectively reduce the economic loss of the ticket seller, and can prevent the existence of the ticket purchase page.
  • the vulnerabilities were repaired to prevent other users with abnormal ticket purchase behaviors from using page vulnerabilities to falsely occupy seats.
  • FIG. 5 shows a processing flow chart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application, and the specific steps include step 502 to step 528.
  • Step 502 Collect the page access data of the passenger P on the plane ticket purchase page.
  • passenger P needs to purchase a plane ticket on the plane ticket purchase page
  • the passenger P performs the ticket purchase operation on the ticket purchase page to generate page access data.
  • the platform carrying the ticket purchase page will detect the ticket purchase behavior of each passenger by collecting passengers P's page access data is used to detect passenger P's ticket purchase behavior.
  • Step 504 Obtain the behavior chain of passenger P on the plane ticket purchase page by analyzing the page access data.
  • passenger P needs to go through a series of ticket purchase procedures to purchase air tickets on the air ticket purchase page;
  • the behavior chain of the passenger P on the plane ticket purchase page is determined.
  • Step 506 Extract the ticket purchase node visited by the passenger P in the behavior chain and the visit time at the ticket purchase node.
  • the ticket purchase nodes visited by the passenger P on the plane ticket purchase page in the behavior chain are further extracted, as well as the visit time for each ticket purchase node.
  • Step 508 Calculate the abnormality degree of the passenger P's visit to the plane ticket purchase page based on the ticket purchase node and the visit time.
  • the probability of passenger P's visiting node at the ticket purchasing node and the probability of passenger P's visiting time at the ticket purchasing node are calculated;
  • the product of the access node probability and the access time probability is calculated as the abnormality degree of the passenger P's access to the plane ticket purchase page.
  • Step 510 Input the visit anomaly degree into the visit anomaly measurement function corresponding to the ticket purchase page for calculation, and obtain the visit anomaly measurement value of the passenger P.
  • the access anomaly measurement function corresponding to the ticket purchase page is the calculation average function.
  • the calculation result is used to determine the value of the passenger P Access anomaly measurement value.
  • Step 512 Determine whether the access abnormality measurement value is less than the measurement threshold; if not, go to step 514; if yes, go to step 520.
  • the visit anomaly measurement value of the passenger P calculated by the above-mentioned visit anomaly measurement function, it is then judged whether the visit anomaly measurement value is less than the measurement threshold preset on the plane ticket purchase page.
  • Step 514 Perform a second verification on the passenger P.
  • the abnormality measurement value of passenger P is greater than or equal to the measurement threshold preset on the ticket purchase page, indicating that passenger P may have false seat occupation;
  • the passenger P is verified for the second time by jumping the plane ticket purchase page to the second verification page.
  • Step 516 Determine whether the passenger P has passed the secondary verification; if not, go to step 518; if yes, go to step 520.
  • Step 518 Add passenger P to the list of abnormal passengers.
  • the passenger P fails the second verification, it indicates that the passenger P may have an abnormal ticket purchase behavior, the passenger P is added to the abnormal passenger list, and the passenger P is restricted from buying air tickets on the air ticket purchase page.
  • Step 520 Input the page access data of the passenger P into the ticket purchase behavior detection model.
  • the page access data of passenger P is input into the ticket purchase behavior detection model, and the passenger P's ticket purchase behavior is further detected.
  • Step 522 Obtain the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model.
  • Step 524 When the result of the ticket purchase behavior is abnormal, the passenger P is added to the abnormal passenger list, and the ticket purchase page is jumped to the honeypot ticket purchase page.
  • the detection result of the ticket purchase behavior is abnormal, it indicates that the ticket purchase behavior of the passenger P is abnormal, and there may be a situation of false seat occupation;
  • passenger P is added to the list of abnormal passengers, and passenger P is restricted from buying air tickets on the ticket purchase page.
  • the honeypot mechanism is used to redirect the ticket purchase page of passenger P to the honeypot ticket purchase page.
  • Step 526 Collect the page access data of the passenger P's ticket purchase page on the honeypot, and determine the page vulnerability of the plane ticket purchase page according to the page access data.
  • the page vulnerabilities of the airline ticket purchase page are determined according to the page vulnerabilities used by the passenger P.
  • Step 528 Repair the airplane ticket purchase page based on the page vulnerability.
  • the user's ticket purchase behavior detection method analyzes the passenger's page access data on the plane ticket purchase page to determine the degree of passenger abnormality, realizes the preliminary detection of the passenger's ticket purchase behavior, and measures the abnormality of the visit
  • the ticket purchase behavior detection model is used to detect the passenger's ticket purchase behavior again, so that the passenger's ticket purchase behavior can be accurately determined, and the passenger's ticket purchase behavior is detected when the passenger's ticket purchase behavior is detected.
  • the passenger’s ticket purchase behavior is seamlessly detected, which greatly reduces the interference to the passenger’s ticket purchase process and optimizes the passenger’s experience.
  • the honeypot mechanism is introduced to prevent abnormal purchases.
  • the prevention and control of passengers with ticket behavior can effectively reduce the economic losses of the ticket seller who sells air tickets, and can repair the loopholes in the ticket purchase page to prevent other passengers with abnormal ticket purchase behavior from reusing the loopholes in the page False seat occupation occurred.
  • FIG. 6 shows a schematic structural diagram of a user ticket purchase behavior detection device provided by an embodiment of the present application. As shown in Figure 6, the device includes:
  • the collection module 602 is configured to collect page access data of the user on the ticket purchase page
  • the determining module 604 is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data
  • the calculation module 606 is configured to input the access anomaly degree into an access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation;
  • the detection module 608 is configured to input the page access data into the ticket purchase behavior detection model when the calculated access abnormality measurement value of the ticket purchase dimension is less than the preset measurement threshold value of the ticket purchase dimension. Ticket behavior detection, to obtain the output of the user's ticket purchase behavior detection result.
  • the determining module 604 includes:
  • the parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by parsing the page access data
  • An extracting unit configured to extract the ticket purchasing node visited by the user and the time of visit at the ticket purchasing node in the behavior chain;
  • the calculation unit is configured to perform an access abnormality calculation based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality.
  • the device for detecting user ticket purchase behavior further includes:
  • the jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot purchase ticket page;
  • a page access data collection module configured to collect page access data of the user on the honeypot ticket purchase page
  • the page vulnerability determining module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user on the honeypot ticket purchase page;
  • the repair module is configured to repair the ticket purchase page based on the page vulnerability.
  • the device for detecting user ticket purchase behavior further includes:
  • the secondary verification module is configured to jump the ticket purchase page to the verification page in the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, and perform the ticket purchase behavior of the user Secondary verification
  • the adding module is configured to add the user to a list of abnormal ticket purchase behaviors
  • the detection module 608 is operated.
  • the ticket purchase behavior detection model is trained through the following units:
  • the historical data collection unit is configured to collect historical user access data on the historical page of the ticket purchase page and historical ticket purchase behavior results
  • the tag adding unit is configured to add behavior tags to the historical ticket purchase behavior results corresponding to the historical page access data, and use the historical ticket purchase behavior results to which the behavior tags are added and the corresponding historical page access data as training samples;
  • the training ticket purchase behavior detection model unit is configured to input the training samples into a ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket purchase behavior results for training, to obtain the purchase behavior Ticket behavior detection model.
  • the device for detecting user ticket purchase behavior further includes:
  • the ticket purchasing account determining module is configured to determine the ticket purchasing account of the user according to the page access data
  • the ticket purchase record detection module is configured to detect the ticket purchase records in the ticket purchase account and determine the number of tickets purchased by the user during the ticket purchase time;
  • the module for freezing the ticket purchase account is configured to freeze the ticket purchase account when the ticket purchase time is less than a preset time threshold and the number of tickets purchased is greater than the preset number threshold.
  • the preset measurement threshold of the ticket purchase dimension is determined by the following units:
  • the historical visit anomaly measurement value unit is configured to obtain the historical visit anomaly measurement value of the historical user in the ticket purchase dimension
  • the calculating threshold value unit is configured to calculate an average value of the historical access abnormality measurement value as the preset measurement threshold value of the ticket purchase dimension.
  • the calculation unit includes:
  • the first determining sub-module is configured to determine the number of the first node of the ticket purchase node clicked by the user according to the page access data, and determine the number of the ticket purchase node accessed by the user extracted from the behavior chain Number of second nodes;
  • the calculating access node probability sub-module is configured to calculate the ratio of the number of the first nodes to the number of the second nodes, and determine it as the access node probability of the user;
  • the second determining submodule is configured to determine the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount according to the page access data;
  • the third determining sub-module is configured to determine the total time for the user to purchase a ticket based on the time when the ticket purchase page is opened and the time when the user pays for the ticket purchase amount, and the user visits the ticket purchase node Total visit time;
  • the access time probability calculation sub-module is configured to calculate the ratio of the total time to the total access time, and determine it as the access time probability of the user;
  • the access abnormality determination sub-module is configured to multiply the access node probability and the access time probability, and determine the access abnormality degree according to the product result.
  • the collection module 602 includes:
  • the embedded data collection package unit is configured to create a data collection interface on the platform that carries the ticket purchase page by embedding the data collection package on the platform that carries the ticket purchase page;
  • the calling collection interface unit is configured to collect the page access data by calling the data collection interface.
  • the determining module 604 includes:
  • the reading number unit is configured to read page click data, page access time data, and page jump data included in the page access data
  • the determining unit is configured to determine, according to the page click data, the number of clicks the user clicks on the ticket purchase page, determine the user’s stay time on the ticket purchase page according to the page access time data, and according to all
  • the page jump data determines the number of jumps of the user on the ticket purchase page
  • the product calculating unit is configured to calculate the product of the number of clicks and a preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the number of jumps and the preset time weighting factor.
  • the access abnormality determination unit is configured to sum the product result, and calculate the ratio of the sum result to a preset access abnormality standard value as the access abnormality degree.
  • the user's ticket purchase behavior detection device provided by the present application analyzes the user's page access data on the ticket purchase page to determine the degree of access abnormality, and realizes the preliminary detection of the user's ticket purchase behavior.
  • the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user can be accurately determined
  • the ticket purchase behavior of the user is detected during the user's ticket purchase process, so that the user's ticket purchase behavior is seamlessly detected, which greatly reduces the user's ticket purchase behavior.
  • the interference of the process optimizes the user’s experience.
  • the honeypot mechanism is introduced to prevent and control users who have abnormal ticket purchase behaviors, which can effectively reduce the economic loss of the ticket seller, and can prevent the existence of the ticket purchase page.
  • the vulnerabilities were repaired to prevent other users with abnormal ticket purchase behaviors from using page vulnerabilities to falsely occupy seats.
  • the foregoing is a schematic solution of a device for detecting a user's ticket purchase behavior in this embodiment.
  • the technical solution of the user ticket purchase behavior detection device belongs to the same concept as the above technical solution of the user ticket purchase behavior detection device method.
  • the details of the technical solution of the user ticket purchase behavior detection device that are not described in detail can be used. See the description of the technical solution of the above-mentioned user ticket purchase behavior detection device method.
  • Fig. 7 shows a structural block diagram of a computing device 700 provided according to an embodiment of the present application.
  • the components of the computing device 700 include, but are not limited to, a memory 710 and a processor 720.
  • the processor 720 and the memory 710 are connected through a bus 730, and the database 750 is used to store data.
  • the computing device 700 also includes an access device 740 that enables the computing device 700 to communicate via one or more networks 760.
  • networks include a public switched telephone network (PSTN), a local area network (LAN), a wide area network (WAN), a personal area network (PAN), or a combination of communication networks such as the Internet.
  • the access device 740 may include one or more of any type of wired or wireless network interface (for example, a network interface card (NIC)), such as IEEE802.11 wireless local area network (WLAN) wireless interface, global interconnection for microwave access ( Wi-MAX) interface, Ethernet interface, universal serial bus (USB) interface, cellular network interface, Bluetooth interface, near field communication (NFC) interface, etc.
  • NIC network interface card
  • the aforementioned components of the computing device 700 and other components not shown in FIG. 7 may also be connected to each other, for example, via a bus. It should be understood that the structural block diagram of the computing device shown in FIG. 7 is only for the purpose of example, and is not intended to limit the scope of the present application. Those skilled in the art can add or replace other components as needed.
  • the computing device 700 can be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (for example, a tablet computer, a personal digital assistant, a laptop computer, a notebook computer, a netbook, etc.), a mobile phone (for example, a smart phone). ), wearable computing devices (for example, smart watches, smart glasses, etc.) or other types of mobile devices, or stationary computing devices such as desktop computers or PCs.
  • the computing device 700 may also be a mobile or stationary server.
  • processor 720 is configured to execute the following computer executable instructions:
  • the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
  • An embodiment of the present application further provides a computer-readable storage medium, which stores computer instructions, which are used when executed by a processor:
  • the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
  • the computer instructions include computer program codes, and the computer program codes may be in the form of source code, object code, executable files, or some intermediate forms.
  • the computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc. It should be noted that the content contained in the computer-readable medium can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to the legislation and patent practice, the computer-readable medium Does not include electrical carrier signals and telecommunication signals.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A user ticket purchase behavior detection method and device. The user ticket purchase behavior detection method comprises: collecting page access data of a user on a ticket purchase page (102); determining access abnormality degree of the user on the ticket purchase page by analyzing the page access data (104); inputting the access abnormality degree into an access abnormality measurement function corresponding to a ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation (106); and under the condition that a calculated access abnormality measurement value of the ticket purchase dimension is smaller than a preset measurement threshold of the ticket purchase dimension, inputting the page access data into a ticket purchase behavior detection model to perform ticket purchase behavior detection, and obtaining an output ticket purchase behavior detection result of the user (108). By means of the user ticket purchase behavior detection method, the ticket purchase behavior detection model is adopted to detect a ticket purchase behavior of the user, false seat occupation conditions are effectively prevented and controlled, and the defect that a large amount of manpower and a large number of material resources are needed is overcome.

Description

用户购票行为检测方法以及装置Method and device for detecting ticket purchase behavior of user 技术领域Technical field
本申请涉及互联网信息管理技术领域,特别涉及一种用户购票行为检测方法。本申请同时涉及一种用户购票行为检测装置,一种计算设备,以及一种计算机可读存储介质。This application relates to the field of Internet information management technology, and in particular to a method for detecting user ticket purchase behavior. This application also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium.
背景技术Background technique
随着互联网技术的发展,生活中各种服务都开启了网络服务,用户通过网络即可得到需要的服务,尤其是在购票维度中,只要用户在购票服务页面添加正确的身份信息以及购票信息,并支付相应的购票金额,即可获得需要购买的票。With the development of Internet technology, various services in life have opened network services. Users can get the services they need through the Internet, especially in the ticket purchase dimension, as long as the user adds the correct identity information and purchases on the ticket purchase service page. Ticket information, and pay the corresponding ticket purchase amount, you can get the ticket that needs to be purchased.
然而,随着网络购票服务对用户购票需求的简化,存在着一部分非正常用户利用网络购票服务进行虚假占座以此获利,导致正常用户在需要购票时,无票可买,不仅会对正常用户产生影响,并且也会引发售票机构的票难卖、积压的情况发生。However, as the online ticketing service simplifies the ticket purchase needs of users, there are some abnormal users who use the online ticketing service to falsely occupy seats in order to make a profit. As a result, normal users have no tickets to buy when they need to buy tickets. Not only will it affect normal users, but it will also cause a backlog of tickets that are difficult to sell by ticketing agencies.
为了避免非正常用户虚假占座的情况发生,会对用户购票过程引入用户可见的验证机制,例如通过滑动验证或者短信验证的方式对用户的购票行为进行行为验证,但是引入验证机制进行购票验证对于售票机构来说也是一笔很大的开销,并且还需要人工对购票过程进行监督,既浪费物力又浪费人力。In order to avoid false occupancy of abnormal users, a user-visible verification mechanism will be introduced to the user's ticket purchase process, such as sliding verification or SMS verification to verify the user's ticket purchase behavior, but the verification mechanism is introduced for purchase. Ticket verification is also a huge expense for ticketing agencies, and manual supervision of the ticket purchase process is also required, which is a waste of material and manpower.
发明内容Summary of the invention
有鉴于此,本申请实施例提供了一种用户购票行为检测方法。本申请同时涉及一种用户购票行为检测装置,一种计算设备,以及一种计算机可读存储介质,以解决相关技术缺陷。In view of this, an embodiment of the present application provides a method for detecting a user's ticket purchase behavior. This application also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium to solve related technical defects.
根据本申请实施例的第一方面,提供了一种用户购票行为检测方法,包括:According to a first aspect of the embodiments of the present application, there is provided a method for detecting a user's ticket purchase behavior, including:
采集用户在购票页面的页面访问数据;Collect user access data on the ticket purchase page;
通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;By analyzing the page access data, determine the abnormality of the user's access to the ticket purchase page;
将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;Input the access abnormality degree into the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation;
在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
可选的,所述通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度,包括:Optionally, the step of analyzing the page access data to determine the abnormality of the user's access to the ticket purchase page includes:
通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链;Obtain the behavior chain of the user on the ticket purchase page by analyzing the page access data;
在所述行为链中提取所述用户访问的购票节点以及在所述购票节点的访问时间;Extracting the ticket purchasing node visited by the user and the visit time at the ticket purchasing node in the behavior chain;
基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度。The access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree.
可选的,所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤执行之后,还包括:Optionally, after the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection, and obtaining the output of the user's ticket purchasing behavior detection result is executed, the method further includes:
在所述购票行为检测结果为非正常的情况下,将所述用户添加至非正常用户名单,采用蜜罐机制将所述购票页面跳转至蜜罐购票页面;In the case where the detection result of the ticket purchase behavior is abnormal, adding the user to the list of abnormal users, and using a honeypot mechanism to jump the ticket purchase page to the honeypot ticket purchase page;
采集所述用户在所述蜜罐购票页面的页面访问数据;Collecting page access data of the user on the honeypot ticket purchase page;
通过对所述用户在所述蜜罐购票页面的页面访问数据进行解析,确定所述购票页面的页面漏洞;By analyzing the page access data of the user's ticket purchase page on the honeypot, determine the page vulnerability of the ticket purchase page;
基于所述页面漏洞对所述购票页面进行修复。Repair the ticket purchase page based on the page vulnerability.
可选的,所述将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算步骤执行之后,所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤执行之前,还包括:Optionally, after the access anomaly degree is input into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform the access anomaly calculation step, the page access data is input into the ticket purchase behavior The detection model performs ticket purchase behavior detection, and before the step of obtaining the output of the user's ticket purchase behavior detection result is executed, it also includes:
在计算获得的所述访问异常衡量数值大于或等于所述衡量阈值的情况下,将所述购票页面跳转至验证页面,对所述用户的购票行为进行二次验证;In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, jump the ticket purchase page to a verification page, and perform a second verification on the user's ticket purchase behavior;
在所述用户未通过所述二次验证的情况下,将所述用户添加至购票行为异常名单;In the case that the user fails the secondary verification, adding the user to the list of abnormal ticket purchase behaviors;
在所述用户通过所述二次验证的情况下,执行所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤。In the case that the user passes the secondary verification, the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained.
可选的,所述购票行为检测模型通过如下方式训练:Optionally, the ticket purchase behavior detection model is trained in the following manner:
采集历史用户在所述购票页面的历史页面访问数据以及历史购票行为结果;Collect historical user access data on the historical page of the ticket purchase page and historical ticket purchase behavior results;
对所述历史页面访问数据对应的历史购票行为结果添加行为标签,将添加所述行为标签的历史购票行为结果以及对应的历史页面访问数据作为训练样本;Adding behavior tags to the historical ticket purchase behavior results corresponding to the historical page access data, and using the historical ticket purchase behavior results to which the behavior tags are added and the corresponding historical page access data as training samples;
将所述训练样本输入至基于所述历史页面访问数据与所述历史购票行为结果的关联关系构建的购票行为检测模型进行训练,获得所述购票行为检测模型。The training samples are input to a ticket buying behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket buying behavior results, and the ticket buying behavior detection model is obtained.
可选的,所述采集用户在购票页面的页面访问数据步骤执行之后,还包括:Optionally, after the step of collecting user access data on the ticket purchase page is executed, the method further includes:
根据所述页面访问数据确定所述用户的购票账户;Determining the ticket purchase account of the user according to the page access data;
检测所述购票账户中的购票记录,确定所述用户在购票时间内的购票数目;Detect the ticket purchase records in the ticket purchase account, and determine the number of tickets purchased by the user during the ticket purchase time;
在所述购票时间小于预设的时间阈值并所述购票数目大于预设的数目阈值的情况下,冻结所述购票账户。In a case where the ticket purchase time is less than a preset time threshold and the number of tickets purchased is greater than the preset number threshold, the ticket purchase account is frozen.
可选的,所述购票维度预设的衡量阈值通过如下方式确定:Optionally, the preset measurement threshold of the ticket purchase dimension is determined in the following manner:
获取历史用户在所述购票维度的历史访问异常衡量数值;Obtaining historical abnormality measurement values of historical users in the ticket purchase dimension;
计算所述历史访问异常衡量数值的平均值作为所述购票维度预设的衡量阈值。Calculate the average value of the historical access abnormality measurement value as the preset measurement threshold value of the ticket purchase dimension.
可选的,所述基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度,包括:Optionally, the calculation of the access abnormality degree based on the ticket purchasing node and the access time, and using the calculation result as the access abnormality degree, includes:
根据所述页面访问数据确定所述用户点击的购票节点的第一节点数目,以及确定在所述行为链中提取的所述用户访问的购票节点的第二节点数目;Determining, according to the page access data, the number of first nodes of the ticket purchasing node clicked by the user, and determining the number of second nodes of the ticket purchasing node accessed by the user extracted from the behavior chain;
计算所述第一节点数目与所述第二节点数目二者的比值,确定为所述用户的访问节点概率;Calculate the ratio of the number of the first nodes to the number of the second nodes, and determine it as the node access probability of the user;
根据所述页面访问数据确定所述用户开启所述购票页面的时间以及所述用户支付购票金额的时间;Determining, according to the page access data, the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount;
基于所述开启所述购票页面的时间以及所述用户支付购票金额的时间确定所述用户购票的总时间,以及所述用户访问所述购票节点的访问总时间;Determining the total time for the user to purchase tickets and the total time for the user to visit the ticket purchasing node based on the time when the ticket purchase page is opened and the time when the user pays the amount of the ticket;
计算所述总时间与所述访问总时间二者的比值,确定为所述用户的访问时间概率;Calculate the ratio of the total time to the total access time, and determine it as the access time probability of the user;
将所述访问节点概率以及所述访问时间概率进行乘积,根据乘积结果确定所述访问异常度。The access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result.
可选的,所述采集用户在购票页面的页面访问数据,包括:Optionally, the collection of page access data of the user on the ticket purchase page includes:
通过在承载所述购票页面的平台嵌入数据采集包,在承载所述购票页面的平台创建数据采集接口;By embedding a data collection package on the platform carrying the ticket purchase page, creating a data collection interface on the platform carrying the ticket purchase page;
通过调用所述数据采集接口采集所述页面访问数据。Collect the page access data by calling the data collection interface.
可选的,所述通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度,包括:Optionally, the step of analyzing the page access data to determine the abnormality of the user's access to the ticket purchase page includes:
读取所述页面访问数据中包含的页面点击数据、页面访问时间数据以及页面跳转数据;Reading page click data, page access time data, and page jump data included in the page access data;
根据所述页面点击数据确定所述用户点击所述购票页面的点击次数,根据所述页面访问时间数据确定所述用户在所述购票页面的停留时间,以及根据所述页面跳转数据确定所述用户在所述购票页面的跳转次数;Determine the number of times the user clicks on the ticket purchase page according to the page click data, determine the user’s stay time on the ticket purchase page according to the page access time data, and determine according to the page jump data The number of jumps by the user on the ticket purchase page;
计算所述点击次数与预设的点击权重系数二者的乘积,所述停留时间与预设的时间权重系数二者的乘积,以及所述跳转次数与预设的跳转权重系数二者的乘积;Calculate the product of the number of clicks and the preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the number of jumps and the preset jump weighting factor The product of the two;
将乘积结果进行求和,并计算求和结果与预设的访问异常标准值二者的比值,作为所述访问异常度。The product result is summed, and the ratio between the sum result and the preset access abnormality standard value is calculated as the access abnormality degree.
根据本申请实施例的第二方面,提供了一种用户购票行为检测装置,包括:According to a second aspect of the embodiments of the present application, there is provided a user ticket purchase behavior detection device, including:
采集模块,被配置为采集用户在购票页面的页面访问数据;The collection module is configured to collect user access data on the ticket purchase page;
确定模块,被配置为通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;The determining module is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data;
计算模块,被配置为将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;A calculation module configured to input the access anomaly degree into an access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation;
检测模块,被配置为在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。The detection module is configured to input the page access data into the ticket purchase behavior detection model to purchase tickets when the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension. Behavior detection, to obtain the output detection result of the user's ticket purchase behavior.
可选的,所述确定模块,包括:Optionally, the determining module includes:
解析单元,被配置为通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链;The parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by parsing the page access data;
提取单元,被配置为在所述行为链中提取所述用户访问的购票节点以及在所述购 票节点的访问时间;An extracting unit configured to extract the ticket purchasing node visited by the user and the time of visit at the ticket purchasing node in the behavior chain;
计算单元,被配置为基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度。The calculation unit is configured to perform an access abnormality calculation based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality.
可选的,所述用户购票行为检测装置,还包括:Optionally, the device for detecting user ticket purchase behavior further includes:
跳转模块,被配置为在所述购票行为检测结果为非正常的情况下,将所述用户添加至非正常用户名单,采用蜜罐机制将所述购票页面跳转至蜜罐购票页面;The jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot purchase ticket page;
采集页面访问数据模块,被配置为采集所述用户在所述蜜罐购票页面的页面访问数据;A page access data collection module configured to collect page access data of the user on the honeypot ticket purchase page;
确定页面漏洞模块,被配置为通过对所述用户在所述蜜罐购票页面的页面访问数据进行解析,确定所述购票页面的页面漏洞;The page vulnerability determining module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user on the honeypot ticket purchase page;
修复模块,被配置为基于所述页面漏洞对所述购票页面进行修复。The repair module is configured to repair the ticket purchase page based on the page vulnerability.
根据本申请实施例的第三方面,提供了一种计算设备,包括:According to a third aspect of the embodiments of the present application, a computing device is provided, including:
存储器和处理器;Memory and processor;
所述存储器用于存储计算机可执行指令,所述处理器用于执行所述计算机可执行指令:The memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions:
采集用户在购票页面的页面访问数据;Collect user access data on the ticket purchase page;
通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;By analyzing the page access data, determine the abnormality of the user's access to the ticket purchase page;
将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;Input the access abnormality degree into the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation;
在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
根据本申请实施例的第四方面,提供了一种计算机可读存储介质,其存储有计算机可执行指令,该指令被处理器执行时实现任意一项所述用户购票行为检测方法的步骤。According to a fourth aspect of the embodiments of the present application, a computer-readable storage medium is provided, which stores computer-executable instructions that, when executed by a processor, implement any of the steps of the user ticket purchase behavior detection method.
本申请提供的用户购票行为检测方法,采集用户在购票页面的页面访问数据;通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异 常计算;在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。The user's ticket purchase behavior detection method provided in this application collects the user's page access data on the ticket purchase page; analyzes the page access data to determine the abnormal degree of the user's access to the ticket purchase page; The access anomaly degree is input into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation; the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement of the ticket purchase dimension In the case of a threshold value, the page access data is input into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection, and the output of the user's ticket purchasing behavior detection result is obtained.
本申请提供的用户购票行为检测方法中,根据所述用户在所述购票页面的页面访问数据确定访问异常度,实现了初步对用户的购票行为进行检测,并且在所述访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,采用所述购票行为检测模型再次对所述用户的购票行为进行检测,实现了可以准确的确定所述用户的购票行为,并且在对所述用户的购票行为进行检测时是在用户购票过程中进行的,做到了对用户的购票行为进行无痕检测,大大的减少了对用户的购票流程的干扰,优化了用户的体验效果。In the method for detecting user ticket purchase behavior provided by the present application, the degree of access abnormality is determined according to the page access data of the user on the ticket purchase page, which implements preliminary detection of the user's ticket purchase behavior, and measures the abnormal access When the value is less than the preset measurement threshold of the ticket purchase dimension, the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user's ticket purchase behavior can be accurately determined. And when the user’s ticket purchase behavior is detected, it is carried out during the user’s ticket purchase process, so that the user’s ticket purchase behavior can be seamlessly detected, which greatly reduces the interference to the user’s ticket purchase process and optimizes Improve the user experience effect.
附图说明Description of the drawings
图1是本申请一实施例提供的一种用户购票行为检测方法的流程图;FIG. 1 is a flowchart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application;
图2(a)是本申请一实施例提供的一种用户购票行为检测方法中采集页面访问数据过程的示意图;FIG. 2(a) is a schematic diagram of a process of collecting page access data in a method for detecting user ticket purchase behavior provided by an embodiment of the present application;
图2(b)是本申请一实施例提供的一种用户购票行为检测方法中采集页面访问数据过程的示意图;FIG. 2(b) is a schematic diagram of a process of collecting page access data in a method for detecting user ticket purchase behavior provided by an embodiment of the present application;
图3是本申请一实施例提供的一种用户购票行为检测方法中行为链的结构示意图;FIG. 3 is a schematic structural diagram of a behavior chain in a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application;
图4是本申请一实施例提供的一种用户购票行为检测方法中计算访问异常衡量数值过程的示意图;FIG. 4 is a schematic diagram of a process of calculating an access abnormality measurement value in a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application;
图5是本申请一实施例提供的一种用户购票行为检测方法的处理过程流程图;FIG. 5 is a process flow chart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application;
图6是本申请一实施例提供的一种用户购票行为检测装置的结构示意图;FIG. 6 is a schematic structural diagram of a user ticket purchase behavior detection device provided by an embodiment of the present application;
图7是本申请一实施例提供的一种计算设备的结构框图。Fig. 7 is a structural block diagram of a computing device provided by an embodiment of the present application.
具体实施方式detailed description
在下面的描述中阐述了很多具体细节以便于充分理解本申请。但是本申请能够以很多不同于在此描述的其它方式来实施,本领域技术人员可以在不违背本申请内涵的情况下做类似推广,因此本申请不受下面公开的具体实施的限制。In the following description, many specific details are set forth in order to fully understand this application. However, this application can be implemented in many other ways different from those described herein, and those skilled in the art can make similar promotion without violating the connotation of this application. Therefore, this application is not limited by the specific implementation disclosed below.
在本申请一个或多个实施例中使用的术语是仅仅出于描述特定实施例的目的,而 非旨在限制本申请一个或多个实施例。在本申请一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本申请一个或多个实施例中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terms used in one or more embodiments of the present application are only for the purpose of describing specific embodiments, and are not intended to limit one or more embodiments of the present application. The singular forms of "a", "said" and "the" used in one or more embodiments of the present application and the appended claims are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" used in one or more embodiments of the present application refers to and includes any or all possible combinations of one or more associated listed items.
应当理解,尽管在本申请一个或多个实施例中可能采用术语第一、第二等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本申请一个或多个实施例范围的情况下,第一也可以被称为第二,类似地,第二也可以被称为第一。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, etc. may be used to describe various information in one or more embodiments of the present application, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of the present application, the first may also be referred to as the second, and similarly, the second may also be referred to as the first. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to determination".
首先,对本发明一个或多个实施例涉及的名词术语进行解释。First, the terminology involved in one or more embodiments of the present invention will be explained.
蜜罐机制:本质上是一种对攻击方进行欺骗的技术,通过布置一些作为诱饵的主机、网络服务或者信息,诱使攻击方对它们实施攻击,从而可以对攻击行为进行捕获和分析,了解攻击方所使用的工具与方法,推测攻击意图和动机,能够让防御方清晰地了解他们所面对的安全威胁,并通过技术和管理手段来增强实际系统的安全防护能力。Honeypot mechanism: In essence, it is a technology to deceive the attacker. By arranging some hosts, network services or information as bait, the attacker can be induced to attack them, so that the attack behavior can be captured and analyzed to understand The tools and methods used by the attacker to speculate the intention and motivation of the attack can allow the defender to clearly understand the security threats they are facing, and use technology and management methods to enhance the security protection capabilities of the actual system.
在本申请中,提供了一种用户购票行为检测方法,本申请同时涉及一种用户购票行为检测装置,一种计算设备,以及一种计算机可读存储介质,在下面的实施例中逐一进行详细说明。In this application, a method for detecting user ticket purchase behavior is provided. This application also relates to a user ticket purchase behavior detection device, a computing device, and a computer-readable storage medium. In the following embodiments, one by one Give a detailed description.
下面结合附图1,附图2(a)和附图2(b)、附图3和附图4对本申请提供的用户购票行为检测方法进行描述。图1示出了根据本申请一实施例提供的一种用户购票行为检测方法的流程图;图2(a)示出了根据本申请一实施例提供的一种用户购票行为检测方法中采集页面访问数据过程的示意图;图2(b)示出了根据本申请一实施例提供的一种用户购票行为检测方法中采集页面访问数据过程的示意图;图3示出了根据本申请一实施例提供的一种用户购票行为检测方法中行为链的结构示意图;图4示出了根据本申请一实施例提供的一种用户购票行为检测方法中计算访问异常衡量数值过程的示意图;图1包括步骤102至步骤108。In the following, the method for detecting user ticket purchase behavior provided by the present application will be described with reference to FIG. 1, FIG. 2(a) and FIG. 2(b), FIG. 3 and FIG. 4. Fig. 1 shows a flow chart of a method for detecting a user's ticket purchase behavior according to an embodiment of the present application; Fig. 2(a) shows a method for detecting a user's ticket purchase behavior according to an embodiment of the present application A schematic diagram of the process of collecting page access data; Figure 2(b) shows a schematic diagram of the process of collecting page access data in a method for detecting user ticket purchase behavior according to an embodiment of the present application; Figure 3 shows a schematic diagram of the process of collecting page access data according to one embodiment of the present application. The embodiment provides a schematic structural diagram of a behavior chain in a method for detecting a user's ticket purchase behavior; FIG. 4 shows a schematic diagram of a process of calculating an access anomaly measurement value in a method for detecting a user's ticket purchase behavior according to an embodiment of the present application; FIG. 1 includes step 102 to step 108.
步骤102:采集用户在购票页面的页面访问数据。Step 102: Collect page access data of the user on the ticket purchase page.
本申请一实施例中所述购票页面可以是销售航旅票的购票页面,销售比赛票的购票页面,销售旅游景点票的购票页面或者销售演唱会票的购票页面等,相应的,所述页面访问数据可以是用户访问销售航旅票的购票页面的访问数据,用户访问销售比赛票的 购票页面的访问数据,用户访问销售旅游景点票的购票页面的访问数据或者用户访问销售演唱会票的购票页面的访问数据等;其中所述访问数据可以是用户在对应的购票页面的点击次数、浏览时间、购票数量等数据。The ticket purchase page in an embodiment of this application may be a ticket purchase page for air travel tickets, a ticket purchase page for competition tickets, a ticket purchase page for tourist attractions tickets, or a ticket purchase page for concert tickets, etc. Yes, the page access data may be the access data of the user accessing the ticket purchase page for selling air travel tickets, the access data of the user accessing the ticket purchase page for selling competition tickets, the access data of the user accessing the ticket purchase page for selling tourist attraction tickets, or The access data of the user to the ticket purchase page for selling concert tickets, etc.; wherein the access data may be data such as the number of clicks, the browsing time, and the number of tickets purchased by the user on the corresponding ticket purchase page.
例如,用户在销售火车票的A网页购买从甲地点到乙地点的火车票,可以确定用户购买的车票信息为甲地点到乙地点,用户的身份信息,用户在A网页购买车票花费时间以及用户在A网页浏览内容,均为用户在A网页的页面访问数据。For example, if a user purchases a train ticket from location A to location B on a webpage selling train tickets, it can be determined that the information of the ticket purchased by the user is from location A to location B, the user’s identity information, the time it takes for the user to purchase the ticket on webpage A, and the user The content browsed on the A webpage is all the user's page visit data on the A webpage.
此处,以所述购票页面为购买飞机票页面为例,对所述用户购票行为检测方法进行描述,基于此,在用户通过购买飞机票的页面购买飞机票的过程中,为了避免该用户是虚假占座的非正常用户,需要对用户的购票行为进行实时检测,在此过程中,用户在购买飞机票的过程中,通过设定验证接口,防止用户通过软件进行虚假占座,可以使得有真正需求的用户买到飞机票,可见,在用户购票的过程中对用户的购票行为进行检测,使得用户可以购买到需要的飞机票,在此过程中,有效的验证用户的购票行为有着很重要的作用。Here, taking the ticket purchase page as an air ticket purchase page as an example, the method for detecting the user's ticket purchase behavior is described. Based on this, in order to avoid this problem when the user purchases air tickets through the ticket purchase page, The user is an abnormal user who falsely occupies a seat and needs to conduct real-time detection of the user’s ticket purchase behavior. In this process, the user sets the verification interface during the purchase of air tickets to prevent the user from falsely occupying the seat through the software. It can enable users with real needs to buy air tickets. It can be seen that the user’s ticket purchase behavior is detected during the user’s ticket purchase process, so that the user can purchase the required air ticket. In this process, the user’s ticket is effectively verified. Ticket purchase behavior plays a very important role.
本申请提供的用户购票行为检测方法,为了能够使得用户在购买飞机票的过程中,可以节省购票行为的验证流程,并且还可以对虚假占座的情况进行防控,通过对用户在购买飞机票页面的页面访问数据进行解析,获得用户在购买飞机票页面的访问异常度,在通过将访问异常度输入至访问异常衡量函数进行访问机场计算,可以初步的判断出用户在购买飞机票的过程中是否属于正常购票行为,在用户属于正常购票行为的情况下,再通过购票行为检测模型对用户的购票行为进行进一步的检测,实现了可以准确的确定用户购买飞机票的行为状态,进而实现了对用户购买飞机票的行为进行无痕检测,在不扰乱用户购买飞机票的情况下,对用户的购票行为进行了验证,并且避免出现虚假占座而导致飞机票滞销的情况发生,为用户购买飞机票的过程节省了时间,以及为销售飞机票的销售方节省了人力和物力。The user’s ticket purchase behavior detection method provided in this application is designed to enable users to save the verification process of ticket purchase behavior during the process of purchasing air tickets, and also to prevent and control false seat occupations. The page access data of the airline ticket page is analyzed to obtain the user’s access anomaly degree on the airline ticket purchase page. By entering the access anomaly degree into the access anomaly measurement function to calculate the access to the airport, it can be preliminarily determined that the user is purchasing the airline ticket Whether the process belongs to normal ticket purchase behavior, in the case that the user belongs to normal ticket purchase behavior, the ticket purchase behavior detection model is used to further detect the user's ticket purchase behavior, so that the user's purchase behavior can be accurately determined State, and then realize the traceless detection of the user's purchase of air tickets, verify the user's purchase of air tickets without disturbing the user's purchase of air tickets, and avoid false seat occupations that lead to unsalable air tickets When this happens, it saves time for the user to purchase air tickets, and saves manpower and material resources for the seller of air tickets.
本实施例的一个或多个实施方式中,采集所述用户在所述购票页面的页面访问数据,具体实现方式如下所述:In one or more implementation manners of this embodiment, the page access data of the user on the ticket purchase page is collected, and the specific implementation manner is as follows:
通过在承载所述购票页面的平台嵌入数据采集包,在承载所述购票页面的平台创建数据采集接口;By embedding a data collection package on the platform carrying the ticket purchase page, creating a data collection interface on the platform carrying the ticket purchase page;
通过调用所述数据采集接口采集所述页面访问数据。Collect the page access data by calling the data collection interface.
具体的,为了能够获得所述用户的足够准确的页面访问数据,通过在承载所述购 票页面的平台嵌入数据采集包,所述数据采集包挂载至平台,可以实现自动采集用户的页面访问数据,所述数据采集包可以是SDK(软件开发工具包,Software Development Kit)格式或者是JS(JavaScript)代码片段,在用户通过所述购票页面进行购票的过程中,平台将自动调用数据采集接口,即通过嵌入的数据采集包对应的采集功能,采集所述用户的页面访问数据。Specifically, in order to obtain sufficiently accurate page access data of the user, by embedding a data collection package on the platform carrying the ticket purchase page, and mounting the data collection package to the platform, the user’s page access can be automatically collected Data, the data collection package can be in SDK (Software Development Kit) format or JS (JavaScript) code fragments. When the user purchases the ticket through the ticket purchase page, the platform will automatically call the data The collection interface is to collect the user's page access data through the collection function corresponding to the embedded data collection package.
具体实施时,在将所述数据采集包嵌入所述购票页面的平台之后,需要对所述数据采集包进行解压,获得数据采集包中的代码片段,再通过将代码片段加载至购票页面对应的开发端,即可实现在所述购票页面自动采集页面访问数据。In specific implementation, after embedding the data collection package into the platform of the ticket purchase page, the data collection package needs to be decompressed to obtain the code fragments in the data collection package, and then load the code fragments to the ticket purchase page The corresponding development terminal can automatically collect page access data on the ticket purchase page.
实际应用中,图2(a)是用户购票的购票页面的示意图,可以确定,用户在购票的情况下,需要先添加购票人的信息,在用户填写购票信息的过程中,购票页面会根据后台运行的数据采集接口对应的代码获得用户在购票页面的页面访问数据,通过数据采集接口采集到的页面访问数据对应的代码如图2(b)所示,根据图2(b)所示内容,可以确定用户在购票页面中的坐标(1182,273)处,time:4068,开始输入证件号,证件号为1,8…。In practical applications, Figure 2(a) is a schematic diagram of the ticket purchase page for a user to purchase a ticket. It can be determined that when a user purchases a ticket, he needs to add the information of the ticket purchaser first. When the user fills in the ticket purchase information, The ticket purchase page will obtain the user's page access data on the ticket purchase page according to the code corresponding to the data collection interface running in the background. The code corresponding to the page access data collected through the data collection interface is shown in Figure 2(b), according to Figure 2. (b) As shown in the content, it can be determined that the user is at the coordinates (1182, 273) on the ticket purchase page, time: 4068, and starts to input the certificate number, which is 1, 8....
通过在所述购票页面的平台嵌入所述数据采集包,使得所述购票页面可以实时的自动采集所述用户在所述购票页面的页面访问数据,提高了对用户进行购票行为检测的效率。By embedding the data collection package on the platform of the ticket purchase page, the ticket purchase page can automatically collect the user's page access data on the ticket purchase page in real time, which improves the detection of the user's ticket purchase behavior s efficiency.
在上述采集所述页面访问数据的基础上,进一步的,本实施例的一个或多个实施方式中,可以初步的对所述用户的购票账户进行检测,在所述购票账户存在异常的情况下,可以对所述购票账户进行冻结,具体实现方式如下所述:On the basis of the above-mentioned collection of the page access data, further, in one or more implementations of this embodiment, the user’s ticket purchasing account may be preliminarily detected, and there is an abnormality in the ticket purchasing account. In this case, the ticket purchase account can be frozen, and the specific implementation method is as follows:
根据所述页面访问数据确定所述用户的购票账户;Determining the ticket purchase account of the user according to the page access data;
检测所述购票账户中的购票记录,确定所述用户在购票时间内的购票数目;Detect the ticket purchase records in the ticket purchase account, and determine the number of tickets purchased by the user during the ticket purchase time;
在所述购票时间小于预设的时间阈值并所述购票数目大于预设的数目阈值的情况下,冻结所述购票账户。In a case where the ticket purchase time is less than a preset time threshold and the number of tickets purchased is greater than the preset number threshold, the ticket purchase account is frozen.
具体的,通过所述页面访问数据确定用户在所述购票页面登录的购票账户,检测所述购票账户中的购票记录,确定所述用户在每次购票时间内的购票数目,通过判断所述购票时间是否小于所述时间阈值,并且所述购票数目是否大于数目阈值,以此来判断用户是否购票行为属于异常行为。Specifically, the page access data is used to determine the ticket purchase account that the user logs in on the ticket purchase page, detect the ticket purchase record in the ticket purchase account, and determine the number of tickets purchased by the user during each ticket purchase time. , By judging whether the ticket purchase time is less than the time threshold, and the number of tickets purchased is greater than the number threshold, so as to determine whether the ticket purchase behavior of the user is an abnormal behavior.
若所述用户的购票时间小于时间阈值,并且购票数目大于数目阈值,说明用户可 能通过非正常方式进行了购票,例如通过软件进行大范围占票情况,此时,可以确定所述用户的购票账户可能是非正常用户用来占票的账户,将所述购票账户进行冻结即可,冻结所述购票账户具体是指禁止所述购票账户再次购票,并且会提醒用户冻结时间。If the user’s ticket purchase time is less than the time threshold, and the number of tickets purchased is greater than the number threshold, it means that the user may have purchased tickets in an abnormal manner, such as a large-scale ticket occupancy through software. At this time, the user can be determined The ticket purchasing account of may be an account used by abnormal users to occupy tickets. The ticket purchasing account can be frozen. The freezing of the ticket purchasing account specifically refers to prohibiting the ticket purchasing account from purchasing tickets again, and reminding the user to freeze time.
基于此,只有在所述用户的购票时间小于时间阈值,所述购票数目大于数目阈值两个比较过程同时满足的情况下,才能够说明用户的购票账户异常,除此之外的其他情况下,均可以表示为用户的购票账户正常。Based on this, only when the user's ticket purchase time is less than the time threshold, and the number of tickets purchased is greater than the number threshold, and the two comparison processes are satisfied at the same time, it can be explained that the user's ticket purchase account is abnormal, and other things In all cases, it can be said that the user's ticket purchase account is normal.
实际应用中,以购票账户A通过网页B购买了5张飞机票为例,对购票账户是否存在异常行为进行描述,其中,购票账户A通过在网页B的销售飞机票页面分别为用户甲、用户乙、用户丙、用户丁、用户戊购票了从城市A飞往城市B的5张飞机票,共用了30秒时间,网页B设定的时间阈值为5分钟,数目阈值为3张飞机票,通过比较确定购票账户A属于异常购票行为,可以初步判定购票账户A存在占座的嫌疑,则对购票账户A进行冻结,禁止再进行购票。In actual application, take ticket purchasing account A to purchase 5 plane tickets through webpage B as an example to describe whether there is any abnormal behavior in the ticket purchasing account. Among them, the ticket purchasing account A is the user through the ticket sales page of webpage B. User A, User B, User C, User D, and User E purchased 5 air tickets from city A to city B, which took 30 seconds. The time threshold set by web page B is 5 minutes, and the number threshold is 3 For an airplane ticket, it is determined by comparison that the ticket-purchasing account A is an abnormal ticket purchase behavior, and it can be preliminarily determined that the ticket-purchasing account A is suspected of occupying a seat, and then the ticket-purchasing account A is frozen and no further ticket purchases are allowed.
通过对所述用户的购票账户中的购票记录进行检测,可以判断出所述用户的购票账户是否存在过非正常购票的情况出现,若存在的情况下,及时对所述购票账户进行冻结,避免用户继续使用所述购票账户进行非正常购票行为,使得销售票方的利益得到了有效的保护。By detecting the ticket purchase records in the user's ticket purchase account, it can be determined whether there has been any abnormal ticket purchase in the user's ticket purchase account. The account is frozen to prevent users from continuing to use the ticket-purchasing account for abnormal ticket purchases, so that the interests of the ticket seller are effectively protected.
除此之外,在对所述购票账户进行冻结之后,若用户存在异议,可以通过与人工客服进行交涉的方式解冻所述购票账户,但是前提是用户需要提供有效的证明,例如提供购票人身份证件复印件或者对用户进行人脸识别来确定用户无问题的情况下,才能够对所述购票账户进行解冻。In addition, after the ticket purchase account is frozen, if the user has objections, the ticket purchase account can be unfrozen by negotiating with the manual customer service, but the premise is that the user needs to provide valid proof, such as providing purchase Only when a copy of the ticket holder's ID or face recognition is performed on the user to confirm that the user has no problems can the ticket purchase account be unfrozen.
步骤104:通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度。Step 104: Determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data.
具体的,根据上述采集的所述页面访问数据,进一步的,通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度,所述访问异常度具体是指用户在所述购票页面进行购票的过程中,出现的访问异常概率,例如,正常情况下买票时间大概在300秒,而用户实际买票花了30秒,则该用户在购票页面的访问异常度为1-(30/300)*100%=90%。Specifically, according to the page access data collected above, and further, by analyzing the page access data, it is determined that the user's access abnormality on the ticket purchase page is, and the access abnormality specifically refers to the user In the process of purchasing tickets on the ticket purchasing page, the abnormal access probability occurs. For example, the time to buy a ticket is about 300 seconds under normal circumstances, but the user actually spends 30 seconds to buy the ticket. The degree of abnormal access is 1-(30/300)*100%=90%.
本实施例的一个或多个实施方式中,所述用户的访问异常度可以通过如下方式确定:In one or more implementation manners of this embodiment, the abnormality of the user's access may be determined in the following manner:
通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链;Obtain the behavior chain of the user on the ticket purchase page by analyzing the page access data;
在所述行为链中提取所述用户访问的购票节点以及在所述购票节点的访问时间;Extracting the ticket purchasing node visited by the user and the visit time at the ticket purchasing node in the behavior chain;
基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度。The access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree.
具体的,根据上述采集的所述页面访问数据的基础上,进一步的通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链,所述行为链具体是指用户在所述购票页面进行购票过程中所产生的行为组成的链路,所述行为链中存在用户的访问路径以及用户的访问时间等数据,再提取所述行为链中用户的访问所述购票页面的购票节点,以及所述用户在所述购票节点的访问时间,基于所述购票节点以及所述访问时间进行访问异常度计算,根据计算结果确定所述用户的访问异常度。Specifically, on the basis of the page access data collected above, the page access data is further analyzed to obtain the behavior chain of the user on the ticket purchase page, and the behavior chain specifically refers to the user A link composed of behaviors generated during the ticket purchase process on the ticket purchase page. The behavior chain contains data such as the user's access path and the user's access time, and then extracts the user's access in the behavior chain. The ticket purchase node of the ticket purchase page and the visit time of the user at the ticket purchase node are calculated based on the ticket purchase node and the visit time, and the user's visit abnormality degree is determined according to the calculation result .
基于此,所述购票节点为用户在所述购票页面购票的过程中需要经过的节点,即用户的活动点。首先预测用户在购票的过程中需要经过的购票节点得到用户的预测购票序列,再根据用户所述页面访问数据确定用户已经访问的购票节点,确定用户的实际购票序列,最后基于实际购票序列对预测购票序列进行调整,删除预测购票序列中用户不可能出现的购票节点,获得所述行为链。Based on this, the ticket purchasing node is a node that the user needs to pass through in the process of purchasing a ticket on the ticket purchasing page, that is, the user's activity point. First, predict the ticket purchase nodes that the user needs to pass through during the ticket purchase process to obtain the user's predicted ticket purchase sequence, and then determine the ticket purchase node that the user has visited according to the user's page access data, determine the user's actual ticket purchase sequence, and finally The actual ticket purchase sequence adjusts the predicted ticket purchase sequence, deletes the ticket purchase nodes that the user is unlikely to appear in the predicted ticket purchase sequence, and obtains the behavior chain.
参见图3示出了行为链的结构示意图,其中四边形表示用户在活动点(购票节点)的停留时间(访问时间),圆形表示用户访问的活动点,参见图3可见用户在活动点1停留时间为15s,用户在活动点2停留时间为20s,用户在活动点3停留时间为25s......,以此类推,确定用户的在购票页面访问的购票节点以及访问时间。Refer to Figure 3 for a structural diagram of the behavior chain, where the quadrilateral represents the user's stay time (visit time) at the activity point (ticket purchasing node), and the circle represents the activity point visited by the user. See Figure 3 to see that the user is at activity point 1. The stay time is 15s, the user stays at activity point 2 for 20s, and the user stays at activity point 3 for 25s..., and so on, determine the ticket purchase node and visit time that the user visits on the ticket purchase page .
在上述提取所述用户访问的购票节点以及在所述购票节点的访问时间的基础上,进一步的,本实施例的一个或多个实施方式中,计算所述访问异常度的第一种实现方式如下所述:Based on the above extraction of the ticket purchasing node visited by the user and the access time of the ticket purchasing node, further, in one or more implementations of this embodiment, the first method of calculating the degree of abnormal access is The implementation is as follows:
根据所述页面访问数据确定所述用户点击的购票节点的第一节点数目,以及确定在所述行为链中提取的所述用户访问的购票节点的第二节点数目;Determining, according to the page access data, the number of first nodes of the ticket purchasing node clicked by the user, and determining the number of second nodes of the ticket purchasing node accessed by the user extracted from the behavior chain;
计算所述第一节点数目与所述第二节点数目二者的比值,确定为所述用户的访问节点概率;Calculate the ratio of the number of the first nodes to the number of the second nodes, and determine it as the node access probability of the user;
根据所述页面访问数据确定所述用户开启所述购票页面的时间以及所述用户支付购票金额的时间;Determining, according to the page access data, the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount;
基于所述开启所述购票页面的时间以及所述用户支付购票金额的时间确定所述用户购票的总时间,以及所述用户访问所述购票节点的访问总时间;Determining the total time for the user to purchase tickets and the total time for the user to visit the ticket purchasing node based on the time when the ticket purchase page is opened and the time when the user pays the amount of the ticket;
计算所述总时间与所述访问总时间二者的比值,确定为所述用户的访问时间概率;Calculate the ratio of the total time to the total access time, and determine it as the access time probability of the user;
将所述访问节点概率以及所述访问时间概率进行乘积,根据乘积结果确定所述访问异常度。The access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result.
具体的,根据所述页面访问数据确定所述用户点击的购票节点的第一节点数目,所述第一节点数目为用户点击过的购票节点数目,同时确定所述行为链中提取的用户访问的节点的第二节点数目,所述第二节点数目为用户访问过的购票节点数目,通过计算所述第一节点数目与所述第二节点数目二者的比值,确定所述用户的访问节点概率,所述访问节点概率具体是指用户打开并访问的购票节点数目占用户总点击的购票节点数目的比值,即为所述访问节点概率;Specifically, the number of first nodes of the ticket purchasing node clicked by the user is determined according to the page access data, and the first node number is the number of ticket purchasing nodes clicked by the user, and at the same time it is determined that the behavior chain is extracted The number of the second node of the node visited by the user, the number of the second node is the number of ticket-purchasing nodes that the user has visited, and the ratio of the number of the first node to the number of the second node is calculated to determine the The access node probability of the user, the access node probability specifically refers to the ratio of the number of ticket purchasing nodes opened and visited by the user to the total number of ticket purchasing nodes clicked by the user, that is, the access node probability;
根据所述页面访问数据确定所述用户进入所述购票页面的时间,以及所述用户针对购票进行支付购票金额的时间,通过所述支付购票金额的时间减去所述进入所述购票页面的时间,确定为所述用户在本次购票的过程中所花费的总时间,同时对所述用户在本次购票过程中在每个购票节点的访问时间进行求和,确定所述用户的访问总时间,基于此,计算所述总时间与所述访问总时间二者的比值,作为所述用户访问所述购票页面的访问时间概率;Determine the time when the user enters the ticket purchase page according to the page access data, and the time when the user pays the ticket purchase amount for the ticket purchase, and the time when the ticket purchase amount is paid minus the time to enter the ticket The time of the ticket purchase page is determined as the total time spent by the user during this ticket purchase process. At the same time, the user's visit time at each ticket purchase node during this ticket purchase process is summed, Determine the total visit time of the user, and based on this, calculate the ratio of the total time to the total visit time as the visit time probability of the user visiting the ticket purchase page;
基于上述计算获得的所述访问节点概率与所述访问时间概率,通过计算所述访问节点概率与所述访问时间概率二者的乘积,将乘积结果作为所述访问异常度。Based on the access node probability and the access time probability obtained by the above calculation, by calculating the product of the access node probability and the access time probability, the product result is used as the access abnormality degree.
具体实施时,所述访问节点概率具体是用于描述所述用户在所述购票页面访问购票节点异常的概率,所述访问时间概率具体是用于描述所述用户在所述购票页面访问购票节点花费时间异常的概率。During specific implementation, the access node probability is specifically used to describe the probability that the user accesses the ticket purchasing node on the ticket purchasing page, and the access time probability is specifically used to describe the user’s access to the ticket purchasing page. The probability that the time spent visiting the ticket purchasing node is abnormal.
通过将时间维度和行为维度相结合以计算所述用户在所述购票页面的访问异常度,能够更加准确的确定所述用户是否为非正常用户,通过所述访问异常度能够更加体现出用所述用户的购票行为。By combining the time dimension and the behavior dimension to calculate the abnormality of the user's access to the ticket purchase page, it is possible to more accurately determine whether the user is an abnormal user, and the abnormality of the access can reflect the use of The ticket purchase behavior of the user.
在上述提取所述用户访问的购票节点以及在所述购票节点的访问时间的基础上,进一步的,本实施例的一个或多个实施方式中,计算所述访问异常度的第二种实现方式如下所述:Based on the above extraction of the ticket purchasing node visited by the user and the access time of the ticket purchasing node, further, in one or more implementations of this embodiment, the second type of access abnormality is calculated The implementation is as follows:
读取所述页面访问数据中包含的页面点击数据、页面访问时间数据以及页面跳转 数据;Reading page click data, page access time data, and page jump data included in the page access data;
根据所述页面点击数据确定所述用户点击所述购票页面的点击次数,根据所述页面访问时间数据确定所述用户在所述购票页面的停留时间,以及根据所述页面跳转数据确定所述用户在所述购票页面的跳转次数;Determine the number of times the user clicks on the ticket purchase page according to the page click data, determine the user’s stay time on the ticket purchase page according to the page access time data, and determine according to the page jump data The number of jumps by the user on the ticket purchase page;
计算所述点击次数与预设的点击权重系数二者的乘积,所述停留时间与预设的时间权重系数二者的乘积,以及所述跳转次数与预设的跳转权重系数二者的乘积;Calculate the product of the number of clicks and the preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the number of jumps and the preset jump weighting factor The product of the two;
将乘积结果进行求和,并计算求和结果与预设的访问异常标准值二者的比值,作为所述访问异常度。The product result is summed, and the ratio between the sum result and the preset access abnormality standard value is calculated as the access abnormality degree.
具体的,根据采集的所述页面访问数据,进一步的,读取所述页面访问数据中包含的所述页面点击数据、所述页面访问时间数据以及所述页面跳转数据,其中,所述页面点击数据具体是指用户在所述购票页面点击的次数,所述页面访问时间数据具体是指用户在所述购票页面访问总时间,所述页面跳转数据具体是指用户在所述购票页面购票过程中跳转购票页面包含的子页面次数;Specifically, according to the collected page access data, further, read the page click data, the page access time data, and the page jump data included in the page access data, wherein the page Click data specifically refers to the number of times the user clicks on the ticket purchase page, the page access time data specifically refers to the total time the user visits the ticket purchase page, and the page jump data specifically refers to the user's The number of jumps to the sub-pages contained in the ticket purchase page during the ticket purchase process on the ticket page
根据所述页面点击数据确定所述用户点击所述购票页面的点击次数,根据所述页面访问时间数据确定所述用户在所述购票页面的停留时间,以及根据所述页面跳转数据确定所述用户在所述购票页面的跳转次数;在所述购票页面中预设有与页面点击数据、页面访问时间数据以及页面跳转数据对应的权重系数;Determine the number of times the user clicks on the ticket purchase page according to the page click data, determine the user’s stay time on the ticket purchase page according to the page access time data, and determine according to the page jump data The number of times the user has jumped on the ticket purchase page; and the weight coefficients corresponding to page click data, page access time data, and page jump data are preset in the ticket purchase page;
基于此,计算所述点击次数与所述页面点击数据维度对应的点击权重系数二者的乘积,将计算结果作为第一计算结果,所述第一计算结果用于表示在所述页面点击数据维度的权重值;计算所述停留时间与所述页面访问时间数据维度对应的时间权重系数二者的乘积,将计算结果作为第二计算结果,所述第二计算结果用于表示在所述页面访问时间数据维度的权重值;计算所述跳转次数与所述页面跳转数据维度对应的跳转权重系数二者的乘积,将计算结果作为第三计算结果,所述第三计算结果用于表示在所述页面跳转维度的权重值;Based on this, the product of the number of clicks and the click weight coefficient corresponding to the page click data dimension is calculated, and the calculation result is used as the first calculation result, and the first calculation result is used to indicate the click data on the page The weight value of the dimension; calculate the product of the dwell time and the time weight coefficient corresponding to the page access time data dimension, and use the calculation result as the second calculation result, and the second calculation result is used to indicate the The weight value of the page access time data dimension; calculate the product of the number of jumps and the jump weight coefficient corresponding to the page jump data dimension, and use the calculation result as the third calculation result, the third calculation result Used to indicate the weight value of the page jump dimension;
再通过将所述第一计算结果、所述第二计算结果和所述第三计算结果进行求和,将求和结果与所述访问异常标准值进行相除,将结果作为所述访问异常度,所述访问异常标准值可以通过采集大量历史用户在不同维度的数据,根据上述计算过程确定在不同维度的权重值,将权重值求和之后,计算大量历史用户权重值求和的平均值,作为所述访问异常标准值,实际应用中所述访问异常标准值可以根据实际应用场景进行设定,本 申请在此不做任何限定。Then, by summing the first calculation result, the second calculation result, and the third calculation result, the sum result is divided by the access abnormality standard value, and the result is used as the access abnormality degree The access abnormality standard value can be obtained by collecting data of a large number of historical users in different dimensions, determining the weight values in different dimensions according to the above calculation process, and calculating the average value of the sum of the weight values of a large number of historical users after summing the weight values. As the access abnormal standard value, the access abnormal standard value in actual applications can be set according to actual application scenarios, and this application does not make any limitation here.
为了能够在后续为用户的购票行为预测的更加准确,通过读取所述页面访问数据中包含的页面点击数据、页面访问时间数据以及页面跳转数据,并分别根据所述页面点击数据、所述页面访问时间数据以及所述页面跳转数据计算权重值,以此来计算所述用户的访问异常度,在后续检测所述用户的购票行为过程中,能够更加准确的确定所述用户的购票行为。In order to be able to predict the user’s ticket purchase behavior more accurately in the follow-up, by reading the page click data, page access time data and page jump data contained in the page access data, and respectively according to the page click data, The page access time data and the page jump data calculate the weight value to calculate the abnormality of the user’s access. In the subsequent process of detecting the user’s ticket purchase behavior, the user’s behavior can be determined more accurately. Ticket purchase behavior.
步骤106:将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算。Step 106: Input the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation.
具体的,在上述确定所述用户在所述购票页面的访问异常度的基础上,进一步的,确定所述购票页面所属的购票维度对应的访问异常衡量函数,所述购票维度具体是指不同购票种类的购票场景,例如,用户在购买火车票的页面购买火车票,则将会确定在火车票购票维度的访问异常衡量函数;基于此,将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数,根据所述访问异常衡量函数对用户进行访问异常度计算,确定所述访问异常衡量数值。Specifically, on the basis of the above determination of the abnormality of the user's access to the ticket purchase page, further, the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs is determined, and the ticket purchase dimension is specifically Refers to the ticket purchase scenarios of different types of ticket purchases. For example, if a user purchases a train ticket on the train ticket purchase page, the visit anomaly measurement function in the train ticket purchase dimension will be determined; based on this, the visit anomaly degree is input To the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs, calculate the access abnormality degree of the user according to the access abnormality measurement function, and determine the access abnormality measurement value.
具体实施时,与所述购票维度对应的访问异常衡量函数可以是MAX函数、MIN函数或者AVG函数;可以通过所述MAX函数计算所述访问异常衡量数值的最大值,可以通过所述MIN函数计算所述访问异常衡量数值的最小值或者通过所述AVG函数计算所述访问异常衡量数值的品均值;与所述购票维度对应的访问异常衡量函数可以根据实际应用场景进行设定,本申请在此不做任何限定。In specific implementation, the access abnormality measurement function corresponding to the ticket purchase dimension may be the MAX function, the MIN function, or the AVG function; the maximum value of the access abnormality measurement value can be calculated by the MAX function, and the MIN function can be used Calculate the minimum value of the access abnormality measurement value or calculate the average value of the access abnormality measurement value through the AVG function; the access abnormality measurement function corresponding to the ticket purchase dimension can be set according to actual application scenarios. This application There are no restrictions here.
例如,一趟飞往丙地的飞机卖出了n张票,n为与飞机座位票对应的数值,航空公司为了避免出现虚假占座的情况发生,需要计算每张飞机票对应购买用户的购票行为,通过采集每个购票用户的购票数据,确定每个购票用户的访问异常度,将每个用户的访问异常度输入至飞机票购票维度对应的访问异常衡量函数Hn=AVG 0<n<m(P1,P2,Pn…Pm)中;其中Hn表示每个用户的访问异常衡量数值,P1,P2,Pn…Pm表示每个用户的访问异常度,采用AVG函数计算用户的访问异常衡量数值的平均值,参见图4,示出了计算访问异常衡量数值过程的示意图,通过访问异常衡量函数Hn计算每个用户的访问异常衡量数值H1,H2,…Hn,再根据后续的处理过程确定每个用户是否存在虚假占座情况。 For example, an airplane to C place sold n tickets, and n is the value corresponding to the seat ticket. In order to avoid the occurrence of false seat occupation, the airline needs to calculate the purchase of each ticket corresponding to the purchase user. Ticket behavior, by collecting the ticket purchase data of each ticket purchase user, determine the visit anomaly degree of each ticket user, and input the visit anomaly degree of each user into the access anomaly measurement function Hn=AVG corresponding to the plane ticket purchase dimension 0<n<m (P1, P2, Pn...Pm); where Hn represents the access abnormality measurement value of each user, P1, P2, Pn...Pm represents the access abnormality degree of each user, and the AVG function is used to calculate the user's The average value of access anomaly measurement values, see Figure 4, which shows a schematic diagram of the process of calculating access anomaly measurement values. The access anomaly measurement function Hn is used to calculate the access anomaly measurement values H1, H2, ... Hn of each user, and then according to the subsequent The processing process determines whether each user has false seat occupation.
在上述通过与所述购票维度对应的访问异常衡量函数计算获得所述访问异常衡量 数值的基础上,进一步的,本实施例的一个或多个实施方式中,将计算获得的所述访问异常衡量数值与预设的衡量阈值进行比较,在计算获得的所述访问异常衡量数值大于或等于所述衡量阈值的情况下,需要对用户进行二次验证,具体实现方式如下所述:On the basis of the aforementioned access anomaly measurement value calculated through the access anomaly measurement function corresponding to the ticket purchase dimension, further, in one or more implementations of this embodiment, the calculated access anomaly The measurement value is compared with the preset measurement threshold. In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, the user needs to be verified twice. The specific implementation is as follows:
在计算获得的所述访问异常衡量数值大于或等于所述衡量阈值的情况下,将所述购票页面跳转至验证页面,对所述用户的购票行为进行二次验证;In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, jump the ticket purchase page to a verification page, and perform a second verification on the user's ticket purchase behavior;
在所述用户未通过所述二次验证的情况下,将所述用户添加至购票行为异常名单;In the case that the user fails the secondary verification, adding the user to the list of abnormal ticket purchase behaviors;
在所述用户通过所述二次验证的情况下,执行所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤。In the case that the user passes the secondary verification, the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained.
具体的,将计算获得的所述访问异常衡量数值与预设的衡量阈值进行比较,在计算获得的所述访问异常衡量数值大于或等于所述衡量阈值的情况下,说明所述用户的购票行为存在异常,需要对所述用户进行二次验证,所述二次验证具体是指通过跳转至二次验证页面,请求用户进行验证,其中验证方式可以是输入验证码,并且二次验证过程需要用户手动完成;Specifically, the calculated access abnormality measurement value is compared with a preset measurement threshold, and if the calculated access abnormality measurement value is greater than or equal to the measurement threshold, the ticket purchase of the user is explained There is an abnormal behavior, and the user needs to be verified twice. The second verification specifically refers to requesting the user to verify by jumping to the second verification page. The verification method can be the input of the verification code and the second verification process. Need to be done manually by the user;
基于此,在所述用户未通过所述二次验证的情况下,说明所述用户的本次购票行为可能是虚假占座的情况,则将所述用户添加至所述购票行为异常名单,所述购票行为异常名单是指在初次验证的情况下,未通过验证的用户创建的名单;在所述用户通过二次验证的情况下,说明所述用户的购票行为正常,执行后续步骤108即可。Based on this, in the case that the user fails the secondary verification, it is explained that the user’s current ticket purchase behavior may be falsely occupying a seat, then the user is added to the list of abnormal ticket purchase behaviors The list of abnormal ticket purchase behaviors refers to the list created by users who have not passed the verification in the case of the first verification; in the case of the second verification of the user, it indicates that the user's ticket purchase behavior is normal, and the follow-up Step 108 is enough.
除此之外,还可以将在计算获得的所述访问异常衡量数值大于所述衡量阈值的情况下,直接将所述用户加入至所述购票行为异常名单,将在计算获得的所述访问异常衡量数值等于所述衡量阈值的情况下,将所述用户进行二次验证,进一步的对用户的购票行为进行分级别验证,使得验证过程变得更加快速。In addition, when the calculated access abnormality measurement value is greater than the measurement threshold, the user can be directly added to the list of abnormal ticket purchase behaviors, and the calculated access abnormality value will be added to the list of abnormal ticket purchase behaviors. When the abnormal measurement value is equal to the measurement threshold, the user is verified for a second time, and the user's ticket purchase behavior is further verified by levels, so that the verification process becomes faster.
例如,A航空公司对用户X和用户Y的购票行为进行验证以避免出现虚假占座的情况,通过采集用户X和用户Y的购票数据,确定用户X的访问异常衡量数值为7,用户Y的访问异常衡量数值为9,其中衡量阈值为8,根据比较确定用户X的访问异常衡量数值小于衡量阈值,则可以确定用户X的购票行为初步判断为正常,进行后续购票行为验证即可,用户Y的访问异常衡量数值大于衡量阈值,需要对用户Y进行二次验证,通过跳转至预设的二次验证界面,对用户Y进行验证,在用户Y验证通过的情况下,说明用户Y的本次购票行为初步判断为正常,进行后续的购票行为验证即可,在用户Y验证未通过的情况下,说明用户Y的本次购票行为初步判断为非正常,将用户Y 加入至购票行为异常名单。For example, Airline A verifies the ticket purchase behaviors of users X and Y to avoid false seat occupations. By collecting the ticket purchase data of users X and Y, it is determined that user X’s access abnormality measurement value is 7. Y’s access abnormality measurement value is 9, where the measurement threshold value is 8. According to the comparison, it is determined that the user X’s access abnormality measurement value is less than the measurement threshold. It can be determined that user X’s ticket purchase behavior is initially judged to be normal, and subsequent ticket purchase behavior verification is performed. Yes, the access abnormality measurement value of user Y is greater than the measurement threshold, and user Y needs to be verified twice. By jumping to the preset secondary verification interface, user Y is verified. If user Y passes the verification, it is explained User Y’s current ticket purchase behavior is preliminarily judged to be normal, and the subsequent ticket purchase behavior verification can be performed. In the case that user Y fails the verification, it means that user Y’s current ticket purchase behavior is preliminarily judged to be abnormal, and the user Y is added to the list of abnormal ticket purchase behaviors.
在采用所述购票行为检测模型进行购票行为检测之前,通过根据所述用户的访问异常衡量数值对所述用户进行二次验证,可以初步的判断出用户的购票行为是否正常,直接在初步判断过程可以将非正常购票行为的用户进行剔除,避免了出现在后续的购票行为检测过程中对已经存在非正常购票行为的用户进行二次验证,不仅节省了对用户的购票行为进行检测的检测时间,还节省了卖票方在验证过程所产生的费用。Before the ticket buying behavior detection model is used to detect the ticket buying behavior, the user can be preliminarily judged whether the user's ticket buying behavior is normal by verifying the user according to the user's abnormal access measurement value. The preliminary judgment process can eliminate users with abnormal ticket purchase behaviors, avoiding the secondary verification of users who already have abnormal ticket purchase behaviors in the subsequent ticket purchase behavior detection process, which not only saves the user's ticket purchase behavior. The detection time of behavior detection also saves the cost incurred by the seller in the verification process.
步骤108:在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。Step 108: When the calculated access abnormality measurement value of the ticket purchase dimension is less than the preset measurement threshold value of the ticket purchase dimension, input the page access data into the ticket purchase behavior detection model to perform ticket purchase behavior detection. Obtain the output detection result of the user's ticket purchase behavior.
具体的,在上述通过所述购票维度对应的访问异常衡量函数进行访问异常计算的基础上,进一步的,根据所述访问异常衡量函数确定所述用户的访问异常衡量数值,将所述方位异常衡量数值与所述衡量阈值进行比较,在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,说明在初步判断所述用户的购票行为时,初步判断结果为通过的,再将所述页面访问数据输入至所述购票行为检测模型,对所述用户的购票行为进行进一步的检测,所述购票行为检测模型输出所述用户的购票行为检测结果,所述购票行为检测结果包括用户正常购票,用户异常购票和用户非正常购票;Specifically, based on the above-mentioned access anomaly calculation using the access anomaly measurement function corresponding to the ticket purchase dimension, further, the user’s access anomaly measurement value is determined according to the access anomaly measurement function, and the location abnormality The measurement value is compared with the measurement threshold. When the calculated access abnormality measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, it is indicated that the user’s ticket purchase behavior is preliminarily determined When the preliminary judgment result is passed, the page access data is input to the ticket purchase behavior detection model to further detect the user's ticket purchase behavior, and the ticket purchase behavior detection model outputs the user The ticket purchase behavior detection result of the ticket purchase behavior includes the user's normal ticket purchase, the user's abnormal ticket purchase, and the user's abnormal ticket purchase;
其中,用户正常购票具体是指用户通过所述购票页面正常购买需要的票,用户异常购票具体是指用户通过所述购票页面正常购票需要票的情况下,产生了异常的购票行为,例如购买票的速度过快,可能导致用户异常购票,在用户异常购票的情况下可以对用户进行二次验证,验证通过的情况下,并不影响用户购票,用户非正常购票具体是指用户通过所述购票页面通过非正常手段进行虚假占座。Among them, the user’s normal ticket purchase specifically refers to the user’s normal purchase of the required ticket through the ticket purchase page, and the user’s abnormal ticket purchase specifically refers to the situation where the user normally purchases the ticket through the ticket purchase page and the abnormal purchase occurs. Ticket behavior, such as buying tickets too fast, may cause users to purchase tickets abnormally. In the case of abnormal ticket purchases, the user can be verified twice. If the verification is passed, it will not affect the user's ticket purchase, and the user is abnormal Ticket purchase specifically refers to the fact that the user falsely occupies a seat through abnormal means through the ticket purchase page.
在上述计算获得的所述购票维度的访问异常度衡量数值与所述购票维度预设的衡量阈值进行比较的基础上,进一步的,本实施例的一个或多个实施方式中,所述购票维度预设的衡量阈值通过如下方式确定:Based on the comparison of the access abnormality measurement value of the ticket purchase dimension obtained by the above calculation with the measurement threshold value preset in the ticket purchase dimension, further, in one or more implementation manners of this embodiment, the The preset measurement threshold of the ticket purchase dimension is determined as follows:
获取历史用户在所述购票维度的历史访问异常衡量数值;Obtaining historical abnormality measurement values of historical users in the ticket purchase dimension;
计算所述历史访问异常衡量数值的平均值作为所述购票维度预设的衡量阈值。Calculate the average value of the historical access abnormality measurement value as the preset measurement threshold value of the ticket purchase dimension.
具体的,在对所述访问异常衡量数值进行比较之前,需要确定所述购票维度的衡量阈值,不同购票维度对应有不同的衡量阈值,具体预设过程均可参见下述内容,通过 获取所述购票页面的大量历史用户,采集所述大量历史用户在所述购票页面所属的购票维度的历史访问异常衡量数值,通过将大量历史用户的历史访问异常衡量数值取平均值,作为所述购票维度预设的衡量阈值。Specifically, before comparing the access anomaly measurement values, it is necessary to determine the measurement thresholds of the ticket purchase dimensions. Different ticket purchase dimensions correspond to different measurement thresholds. For the specific preset process, please refer to the following content. The large number of historical users of the ticket purchase page collects the historical access abnormality measurement values of the large number of historical users in the ticket purchase dimension to which the ticket purchase page belongs, and averages the historical access abnormality measurement values of a large number of historical users as The preset measurement threshold of the ticket purchase dimension.
除此之外,所述衡量阈值还可以通过反馈匿名函询法进行预设,所述反馈匿名函询法即专家调查法,具体是指由承载购票页面的平台组成一个专门进行预测的机构,其中包括若干专家和购票预测者,按照规定的程序,背靠背地征询专家对购票用户的意见和判断,进而进行确定所述衡量阈值的方法。In addition, the measurement threshold can also be preset through the feedback anonymous inquiry method. The feedback anonymous inquiry method is the expert survey method, which specifically refers to a platform that hosts the ticket purchase page to form a special prediction agency , Including a number of experts and ticket purchase predictors, according to the prescribed procedures, back-to-back consulting experts on the opinions and judgments of the ticket users, and then proceed to determine the measurement threshold method.
在上述通过所述购票行为检测模型对所述用户的购票行为进行检测的基础上,进一步的,本实施例的一个或多个实施方式中,所述购票行为检测模型通过如下方式训练:Based on the detection of the user's ticket purchase behavior through the ticket purchase behavior detection model described above, further, in one or more implementation manners of this embodiment, the ticket purchase behavior detection model is trained in the following manner :
采集历史用户在所述购票页面的历史页面访问数据以及历史购票行为结果;Collect historical user access data on the historical page of the ticket purchase page and historical ticket purchase behavior results;
对所述历史页面访问数据对应的历史购票行为结果添加行为标签,将添加所述行为标签的历史购票行为结果以及对应的历史页面访问数据作为训练样本;Adding behavior tags to the historical ticket purchase behavior results corresponding to the historical page access data, and using the historical ticket purchase behavior results to which the behavior tags are added and the corresponding historical page access data as training samples;
将所述训练样本输入至基于所述历史页面访问数据与所述历史购票行为结果的关联关系构建的购票行为检测模型进行训练,获得所述购票行为检测模型。The training samples are input to a ticket buying behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket buying behavior results, and the ticket buying behavior detection model is obtained.
具体的,所述购票行为检测模型为有监督学习模型,基于此,采集历史用户在所述购票页面的历史页面访问数据以及历史购票行为结果,通过对所述历史页面访问数据对应的历史购票行为结果添加行为标签,将添加所述行为标签的历史购票行为结果以及对应的历史页面访问数据作为训练样本,所述训练样本中包含每个历史用户的历史页面访问数据以及其对应的历史购票行为结果,将所述训练样本输入至基于所述历史页面访问数据与所述历史购票行为结果的关联关系构建的购票行为检测模型进行训练,即可获得所述购票行为检测模型。Specifically, the ticket purchase behavior detection model is a supervised learning model. Based on this, the historical page access data and historical ticket purchase behavior results of historical users on the ticket purchase page are collected, and the historical page access data corresponds to Add a behavior tag to the historical ticket purchase behavior result, and use the historical ticket purchase behavior result with the behavior tag added and the corresponding historical page access data as a training sample. The training sample contains the historical page access data of each historical user and its corresponding The result of historical ticket purchase behavior, the training sample is input to the ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the result of the historical ticket purchase behavior for training, and the ticket purchase behavior can be obtained Check the model.
通过采用有监督的购票行为检测模型对所述用户的购票行为进行检测,保证了对所述用户的购票行为进行检测的准确性,减少了出现虚假占座的情况发生,有效的减少了卖票方的损失。By adopting a supervised ticket purchase behavior detection model to detect the user's ticket purchase behavior, the accuracy of the detection of the user's ticket purchase behavior is ensured, the occurrence of false seat occupations is reduced, and the occurrence of false seat occupation is effectively reduced. Loss of the seller.
在上述获得所述购票行为检测模型输出的购票行为检测结果的基础上,进一步的,本实施例的一个或多个实施方式中,在所述购票行为检测结果为非正常的情况下,所述用户存在虚假占座的情况,说明所述购票页面存在页面漏洞需要进行修复,具体确定所述页面漏洞的过程如下所述:On the basis of the above-mentioned obtaining the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model, further, in one or more implementations of this embodiment, when the ticket purchasing behavior detection result is abnormal , The fact that the user has false seat occupation indicates that there are page loopholes in the ticket purchase page that need to be repaired. The specific process for determining the page loopholes is as follows:
在所述购票行为检测结果为非正常的情况下,将所述用户添加至非正常用户名单, 采用蜜罐机制将所述购票页面跳转至蜜罐购票页面;In the case where the detection result of the ticket purchase behavior is abnormal, adding the user to the list of abnormal users, and using a honeypot mechanism to jump the ticket purchase page to the honeypot ticket purchase page;
采集所述用户在所述蜜罐购票页面的页面访问数据;Collecting page access data of the user on the honeypot ticket purchase page;
通过对所述用户在所述蜜罐购票页面的页面访问数据进行解析,确定所述购票页面的页面漏洞;By analyzing the page access data of the user's ticket purchase page on the honeypot, determine the page vulnerability of the ticket purchase page;
基于所述页面漏洞对所述购票页面进行修复。Repair the ticket purchase page based on the page vulnerability.
具体的,在所述购票行为检测模型输出的购票行为检测结果为非正常的情况下,说明所述用户存在虚假占座情况,则将所述用户添加至非正常用户名单,所述非正常用户名单具体是指被承载所述购票页面的平台确定为非正常用户加入的名单,被加入所述非正常用户名单的用户在设定时间内是不允许通过所述购票页面进行买票的;在所述用户的购票行为是非正常的情况下,说明所述购票页面存在页面漏洞,被用户所利用,则需要对所述页面漏洞进行修复,通过采用蜜罐机制将所述购票页面跳转至蜜罐购票页面,采集用户在所述蜜罐购票页面的页面访问数据,通过对所述页面访问数据进行解析,可以确定用户破解购票页面的方式,以及用户绕过购票页面防控机制的方法,以此来确定所述购票页面存在的页面漏洞,通过将用户利用的页面漏洞进行修复,提升所述购票页面的防控能力。Specifically, in the case that the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model is abnormal, indicating that the user has a false seat occupation, the user is added to the list of abnormal users, and the non-normal user The normal user list specifically refers to the list determined by the platform hosting the ticket purchase page as an abnormal user to join, and users who are added to the abnormal user list are not allowed to purchase through the ticket purchase page within a set time If the ticket purchase behavior of the user is abnormal, it means that the ticket purchase page has page loopholes, which are used by the user, and the page loopholes need to be repaired. The honeypot mechanism is used to fix the page loopholes. The ticket purchase page jumps to the honeypot ticket purchase page, collects the user's page access data on the honeypot ticket purchase page, and analyzes the page access data to determine how the user hacks the ticket purchase page and how the user bypasses it. The method of using the prevention and control mechanism of the ticket purchase page is used to determine the page vulnerabilities of the ticket purchase page, and the page vulnerabilities used by the user are repaired to improve the prevention and control ability of the ticket purchase page.
具体实施时,所述用户利用所述页面漏洞的方式可能是对所述购票页面的某些地方进行了破解,在此情况下可以通过对被破解的地方进行进一步的加密,防止在次被所述用户破解,进而避免了出现虚假占座情况发生。In specific implementation, the user may exploit the page vulnerability by cracking certain parts of the ticket purchase page. In this case, the cracked place can be further encrypted to prevent subsequent access. The user cracks, thereby avoiding the occurrence of false seat occupation.
实际应用中,仍以上述A航空公司通过购票行为检测模型对用户Y的购票行为进行检测为例,对修复页面漏洞的过程进行描述,其中,通过购票行为检测模型的输出购票行为检测结果确定,用户Y此次购票行为是非正常行为,则将用户Y添加至A航空公司设定的非正常用户名单,限定用户Y在3年内不允许通过A航空公司的购票页面进行购票,并且将A航空公司的购票页面跳转至蜜罐购票页面,采集用户在蜜罐购票页面的页面访问数据,进一步的确定A航空公司购票页面存在的页面漏洞,通过页面漏洞进行修复,避免其他用户利用页面漏洞而造成A航空公司产生经济损失。In practical applications, the above-mentioned airline A's detection of user Y's ticket purchase behavior through the ticket purchase behavior detection model is still used as an example to describe the process of fixing page vulnerabilities. Among them, the ticket purchase behavior is output from the ticket purchase behavior detection model. The detection result confirms that user Y’s ticket purchase behavior is abnormal, then user Y is added to the list of abnormal users set by Airline A, and user Y is not allowed to make purchases through Airline A’s ticket purchase page within 3 years. Tickets, and jump the ticket purchase page of Airline A to the honeypot ticket purchase page, collect the user's page access data on the honeypot ticket purchase page, and further determine the page loopholes in the Airline A ticket purchase page, through the page loopholes Carry out repairs to prevent other users from taking advantage of page loopholes to cause A airline to incur economic losses.
除此之外,还可以根据所述用户在所述蜜罐购票页面的页面访问数据,获取所述用户的更多数据,例如用户的社交数据,确定所述用户是否以此在进行非正常手段的售票行为,可以根据采集用户的数据对用户进行举报,避免该用户利用非正常的手段造成更多卖票方的损失。In addition, it is also possible to obtain more data of the user, such as the user’s social data, based on the page access data of the user’s ticket purchase page on the honeypot, and determine whether the user is performing abnormally with this. The ticket selling behavior of the means can be reported to the user based on the collected user data, so as to prevent the user from using abnormal means to cause more losses to the ticket seller.
通过引入蜜罐机制采集所述用户在所述蜜罐购票页面的页面访问数据,可以有效的确定所述购票页面存在的页面漏洞,在确定所述页面漏洞的情况下,可以对所述页面漏洞进行修复,避免产生更多的损失。By introducing a honeypot mechanism to collect the page access data of the user on the honeypot ticket purchase page, the page vulnerability of the ticket purchase page can be effectively determined. In the case of determining the page vulnerability, the The page vulnerabilities are repaired to avoid more losses.
本申请提供的用户购票行为检测方法,通过对用户在所述购票页面的页面访问数据进行解析,确定所述访问异常度,实现了初步对所述用户的购票行为进行检测,并且在所述访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,采用所述购票行为检测模型再次对所述用户的购票行为进行检测,实现了可以准确的确定所述用户的购票行为,并且在对所述用户的购票行为进行检测时是在用户购票过程中进行的,做到了对用户的购票行为进行无痕检测,大大的减少了对用户的购票流程的干扰,优化了用户的体验效果,同时引入蜜罐机制对存在非正常购票行为的用户进行防控,可以有效的减少卖票方的经济损失,并且可以对所述购票页面存在的漏洞进行修复,防止了其他非正常购票行为的用户再次利用页面漏洞进行虚假占座的情况发生。The user's ticket purchase behavior detection method provided by the present application analyzes the user's page access data on the ticket purchase page to determine the degree of access abnormality, and realizes the preliminary detection of the user's ticket purchase behavior. In the case that the access abnormality measurement value is less than the measurement threshold value preset in the ticket purchase dimension, the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user can be accurately determined The ticket purchase behavior of the user is detected during the user's ticket purchase process, so that the user's ticket purchase behavior is seamlessly detected, which greatly reduces the user's ticket purchase behavior. The interference of the process optimizes the user’s experience. At the same time, the honeypot mechanism is introduced to prevent and control users who have abnormal ticket purchase behaviors, which can effectively reduce the economic loss of the ticket seller, and can prevent the existence of the ticket purchase page. The vulnerabilities were repaired to prevent other users with abnormal ticket purchase behaviors from using page vulnerabilities to falsely occupy seats.
下述结合附图5,以本申请提供的用户购票行为检测方法在航空公司对乘客的购票行为进行检测的应用为例,对所述用户购票行为检测方法进行进一步说明。其中,图5示出了本申请一实施例提供的一种用户购票行为检测方法的处理过程流程图,具体步骤包括步骤502至步骤528。In the following, with reference to FIG. 5, the application of the user ticket buying behavior detection method provided in this application for detecting the passenger's ticket buying behavior in an airline is taken as an example to further illustrate the user ticket buying behavior detection method. Wherein, FIG. 5 shows a processing flow chart of a method for detecting a user's ticket purchase behavior provided by an embodiment of the present application, and the specific steps include step 502 to step 528.
步骤502:采集乘客P在飞机票购票页面的页面访问数据。Step 502: Collect the page access data of the passenger P on the plane ticket purchase page.
具体的,乘客P需要在飞机票购票页面购买一张飞机票;Specifically, passenger P needs to purchase a plane ticket on the plane ticket purchase page;
基于此,乘客P在购票页面进行购票操作产生页面访问数据,承载飞机票购票页面的平台为了防止出现虚假占座情况发生,会对每名乘客的购票行为进行检测,通过采集乘客P的页面访问数据,对乘客P的购票行为进行检测。Based on this, the passenger P performs the ticket purchase operation on the ticket purchase page to generate page access data. In order to prevent the occurrence of false seat occupation, the platform carrying the ticket purchase page will detect the ticket purchase behavior of each passenger by collecting passengers P's page access data is used to detect passenger P's ticket purchase behavior.
步骤504:通过对页面访问数据进行解析,获得乘客P在飞机票购票页面的行为链。Step 504: Obtain the behavior chain of passenger P on the plane ticket purchase page by analyzing the page access data.
具体的,乘客P在飞机票购票页面进行购票飞机票,需要经过一系列的购票流程;Specifically, passenger P needs to go through a series of ticket purchase procedures to purchase air tickets on the air ticket purchase page;
基于此,根据乘客P的在飞机票购票页面的操作数据,确定乘客P在飞机票购票页面的行为链。Based on this, according to the operation data of the passenger P on the plane ticket purchase page, the behavior chain of the passenger P on the plane ticket purchase page is determined.
步骤506:提取行为链中乘客P访问的购票节点以及在购票节点的访问时间。Step 506: Extract the ticket purchase node visited by the passenger P in the behavior chain and the visit time at the ticket purchase node.
具体的,通过上述确定的行为链,进一步的提取行为链中乘客P在飞机票购票页面访问的购票节点,以及访问每个购票节点的访问时间。Specifically, through the above-determined behavior chain, the ticket purchase nodes visited by the passenger P on the plane ticket purchase page in the behavior chain are further extracted, as well as the visit time for each ticket purchase node.
步骤508:基于购票节点和访问时间计算乘客P在飞机票购票页面的访问异常度。Step 508: Calculate the abnormality degree of the passenger P's visit to the plane ticket purchase page based on the ticket purchase node and the visit time.
具体的,根据在行为链中提取的购票节点和访问时间,计算乘客P在购票节点的访问节点概率,以及乘客P在购票节点的访问时间概率;Specifically, according to the ticket purchasing node and access time extracted in the behavior chain, the probability of passenger P's visiting node at the ticket purchasing node and the probability of passenger P's visiting time at the ticket purchasing node are calculated;
基于此,计算访问节点概率和访问时间概率二者的乘积,作为乘客P在飞机票购票页面的访问异常度。Based on this, the product of the access node probability and the access time probability is calculated as the abnormality degree of the passenger P's access to the plane ticket purchase page.
步骤510:将访问异常度输入至飞机票购票页面对应的访问异常衡量函数进行计算,获得乘客P的访问异常衡量数值。Step 510: Input the visit anomaly degree into the visit anomaly measurement function corresponding to the ticket purchase page for calculation, and obtain the visit anomaly measurement value of the passenger P.
具体的,飞机票购票页面对应的访问异常衡量函数为计算平均值函数,通过将乘客P在飞机票购票页面的访问异常度作为变量输入至访问异常衡量函数,根据计算结果确定乘客P的访问异常衡量数值。Specifically, the access anomaly measurement function corresponding to the ticket purchase page is the calculation average function. By inputting the access anomaly degree of the passenger P on the ticket purchase page as a variable to the access anomaly measurement function, the calculation result is used to determine the value of the passenger P Access anomaly measurement value.
步骤512:判断访问异常衡量数值是否小于衡量阈值;若否,执行步骤514;若是,执行步骤520。Step 512: Determine whether the access abnormality measurement value is less than the measurement threshold; if not, go to step 514; if yes, go to step 520.
具体的,根据上述通过访问异常衡量函数计算获得的乘客P的访问异常衡量数值,再判断访问异常衡量数值是否小于飞机票购票页面预设的衡量阈值。Specifically, according to the visit anomaly measurement value of the passenger P calculated by the above-mentioned visit anomaly measurement function, it is then judged whether the visit anomaly measurement value is less than the measurement threshold preset on the plane ticket purchase page.
步骤514:对乘客P进行二次验证。Step 514: Perform a second verification on the passenger P.
具体的,确定乘客P的访问异常衡量数值大于等于飞机票购票页面预设的衡量阈值,说明乘客P可能存在虚假占座情况;Specifically, it is determined that the abnormality measurement value of passenger P is greater than or equal to the measurement threshold preset on the ticket purchase page, indicating that passenger P may have false seat occupation;
基于此,通过将飞机票购票页面跳转至二次验证页面对乘客P进行二次验证。Based on this, the passenger P is verified for the second time by jumping the plane ticket purchase page to the second verification page.
步骤516:判断乘客P是否通过二次验证;若否,执行步骤518;若是,执行步骤520。Step 516: Determine whether the passenger P has passed the secondary verification; if not, go to step 518; if yes, go to step 520.
步骤518:将乘客P加入非正常乘客名单。Step 518: Add passenger P to the list of abnormal passengers.
具体的,在乘客P未通过二次验证的情况下,说明乘客P可能存在非正常购票行为,将乘客P加入非正常乘客名单,限制乘客P在飞机票购票页面购票飞机票。Specifically, in the case that the passenger P fails the second verification, it indicates that the passenger P may have an abnormal ticket purchase behavior, the passenger P is added to the abnormal passenger list, and the passenger P is restricted from buying air tickets on the air ticket purchase page.
步骤520:将乘客P的页面访问数据输入至购票行为检测模型。Step 520: Input the page access data of the passenger P into the ticket purchase behavior detection model.
具体的,初步确定乘客P的购票行为是正常行为,则将乘客P的页面访问数据输入至购票行为检测模型,对乘客P的购票行为进行进一步的检测。Specifically, if it is preliminarily determined that passenger P's ticket purchase behavior is a normal behavior, then the page access data of passenger P is input into the ticket purchase behavior detection model, and the passenger P's ticket purchase behavior is further detected.
步骤522:获得购票行为检测模型输出的购票行为检测结果。Step 522: Obtain the ticket purchasing behavior detection result output by the ticket purchasing behavior detection model.
步骤524:在购票行为检测结果为非正常的情况下,将乘客P加入非正常乘客名单,并从飞机票购票页面跳转至蜜罐购票页面。Step 524: When the result of the ticket purchase behavior is abnormal, the passenger P is added to the abnormal passenger list, and the ticket purchase page is jumped to the honeypot ticket purchase page.
具体的,在购票行为检测结果为非正常的情况下,说明乘客P的购票行为是非正常的,可能存在虚假占座的情况;Specifically, in the case where the detection result of the ticket purchase behavior is abnormal, it indicates that the ticket purchase behavior of the passenger P is abnormal, and there may be a situation of false seat occupation;
基于此,将乘客P加入非正常乘客名单,限制乘客P在飞机票购票页面购票飞机票,同时采用蜜罐机制将乘客P所处的飞机票购票页面跳转至蜜罐购票页面。Based on this, passenger P is added to the list of abnormal passengers, and passenger P is restricted from buying air tickets on the ticket purchase page. At the same time, the honeypot mechanism is used to redirect the ticket purchase page of passenger P to the honeypot ticket purchase page. .
步骤526:采集乘客P在蜜罐购票页面的页面访问数据,根据页面访问数据确定飞机票购票页面的页面漏洞。Step 526: Collect the page access data of the passenger P's ticket purchase page on the honeypot, and determine the page vulnerability of the plane ticket purchase page according to the page access data.
具体的,采集乘客P在蜜罐购票页面的页面访问数据,通过对蜜罐购票页面的页面访问数据进行解析,确定乘客P利用的页面漏洞;Specifically, collect page access data of passenger P on the honeypot ticket purchase page, and analyze the page access data of the honeypot ticket purchase page to determine the page vulnerability used by passenger P;
基于此,根据乘客P利用的页面漏洞确定飞机票购票页面的页面漏洞。Based on this, the page vulnerabilities of the airline ticket purchase page are determined according to the page vulnerabilities used by the passenger P.
步骤528:基于页面漏洞对飞机票购票页面进行修复。Step 528: Repair the airplane ticket purchase page based on the page vulnerability.
本申请提供的用户购票行为检测方法,通过对乘客在飞机票购票页面的页面访问数据进行解析,确定乘客访问异常度,实现了初步对乘客的购票行为进行检测,并且在访问异常衡量数值小于衡量阈值的情况下,采用购票行为检测模型再次对乘客的购票行为进行检测,实现了可以准确的确定乘客的购票行为,并且在对乘客的购票行为进行检测时是在乘客购票过程中进行的,做到了对乘客的购票行为进行无痕检测,大大的减少了对乘客的购票流程的干扰,优化了乘客的体验效果,同时引入蜜罐机制对存在非正常购票行为的乘客进行防控,可以有效的减少售卖飞机票的售票方的经济损失,并且可以对飞机票购票页面存在的漏洞进行修复,防止了其他非正常购票行为的乘客再次利用页面漏洞进行虚假占座的情况发生。The user's ticket purchase behavior detection method provided in this application analyzes the passenger's page access data on the plane ticket purchase page to determine the degree of passenger abnormality, realizes the preliminary detection of the passenger's ticket purchase behavior, and measures the abnormality of the visit When the value is less than the measurement threshold, the ticket purchase behavior detection model is used to detect the passenger's ticket purchase behavior again, so that the passenger's ticket purchase behavior can be accurately determined, and the passenger's ticket purchase behavior is detected when the passenger's ticket purchase behavior is detected. During the ticket purchase process, the passenger’s ticket purchase behavior is seamlessly detected, which greatly reduces the interference to the passenger’s ticket purchase process and optimizes the passenger’s experience. At the same time, the honeypot mechanism is introduced to prevent abnormal purchases. The prevention and control of passengers with ticket behavior can effectively reduce the economic losses of the ticket seller who sells air tickets, and can repair the loopholes in the ticket purchase page to prevent other passengers with abnormal ticket purchase behavior from reusing the loopholes in the page False seat occupation occurred.
与上述方法实施例相对应,本申请还提供了用户购票行为检测装置实施例,图6示出了本申请一实施例提供的一种用户购票行为检测装置的结构示意图。如图6所示,该装置包括:Corresponding to the foregoing method embodiments, this application also provides an embodiment of a user ticket purchase behavior detection device. FIG. 6 shows a schematic structural diagram of a user ticket purchase behavior detection device provided by an embodiment of the present application. As shown in Figure 6, the device includes:
采集模块602,被配置为采集用户在购票页面的页面访问数据;The collection module 602 is configured to collect page access data of the user on the ticket purchase page;
确定模块604,被配置为通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;The determining module 604 is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data;
计算模块606,被配置为将所述访问异常度输入至所述购票页面所属的购票维度对 应的访问异常衡量函数进行访问异常计算;The calculation module 606 is configured to input the access anomaly degree into an access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation;
检测模块608,被配置为在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。The detection module 608 is configured to input the page access data into the ticket purchase behavior detection model when the calculated access abnormality measurement value of the ticket purchase dimension is less than the preset measurement threshold value of the ticket purchase dimension. Ticket behavior detection, to obtain the output of the user's ticket purchase behavior detection result.
一个可选的实施例中,所述确定模块604,包括:In an optional embodiment, the determining module 604 includes:
解析单元,被配置为通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链;The parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by parsing the page access data;
提取单元,被配置为在所述行为链中提取所述用户访问的购票节点以及在所述购票节点的访问时间;An extracting unit configured to extract the ticket purchasing node visited by the user and the time of visit at the ticket purchasing node in the behavior chain;
计算单元,被配置为基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度。The calculation unit is configured to perform an access abnormality calculation based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality.
一个可选的实施例中,所述用户购票行为检测装置,还包括:In an optional embodiment, the device for detecting user ticket purchase behavior further includes:
跳转模块,被配置为在所述购票行为检测结果为非正常的情况下,将所述用户添加至非正常用户名单,采用蜜罐机制将所述购票页面跳转至蜜罐购票页面;The jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot purchase ticket page;
采集页面访问数据模块,被配置为采集所述用户在所述蜜罐购票页面的页面访问数据;A page access data collection module configured to collect page access data of the user on the honeypot ticket purchase page;
确定页面漏洞模块,被配置为通过对所述用户在所述蜜罐购票页面的页面访问数据进行解析,确定所述购票页面的页面漏洞;The page vulnerability determining module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user on the honeypot ticket purchase page;
修复模块,被配置为基于所述页面漏洞对所述购票页面进行修复。The repair module is configured to repair the ticket purchase page based on the page vulnerability.
一个可选的实施例中,所述用户购票行为检测装置,还包括:In an optional embodiment, the device for detecting user ticket purchase behavior further includes:
二次验证模块,被配置为在计算获得的所述访问异常衡量数值大于或等于所述衡量阈值的情况下,将所述购票页面跳转至验证页面,对所述用户的购票行为进行二次验证;The secondary verification module is configured to jump the ticket purchase page to the verification page in the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, and perform the ticket purchase behavior of the user Secondary verification
在所述用户未通过所述二次验证的情况下,运行添加模块;If the user fails the second verification, run the adding module;
所述添加模块,被配置为将所述用户添加至购票行为异常名单;The adding module is configured to add the user to a list of abnormal ticket purchase behaviors;
在所述用户通过所述二次验证的情况下,运行所述检测模块608。In the case that the user passes the second verification, the detection module 608 is operated.
一个可选的实施例中,所述购票行为检测模型通过如下单元进行训练:In an optional embodiment, the ticket purchase behavior detection model is trained through the following units:
采集历史数据单元,被配置为采集历史用户在所述购票页面的历史页面访问数据以及历史购票行为结果;The historical data collection unit is configured to collect historical user access data on the historical page of the ticket purchase page and historical ticket purchase behavior results;
添加标签单元,被配置为对所述历史页面访问数据对应的历史购票行为结果添加行为标签,将添加所述行为标签的历史购票行为结果以及对应的历史页面访问数据作为训练样本;The tag adding unit is configured to add behavior tags to the historical ticket purchase behavior results corresponding to the historical page access data, and use the historical ticket purchase behavior results to which the behavior tags are added and the corresponding historical page access data as training samples;
训练购票行为检测模型单元,被配置为将所述训练样本输入至基于所述历史页面访问数据与所述历史购票行为结果的关联关系构建的购票行为检测模型进行训练,获得所述购票行为检测模型。The training ticket purchase behavior detection model unit is configured to input the training samples into a ticket purchase behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket purchase behavior results for training, to obtain the purchase behavior Ticket behavior detection model.
一个可选的实施例中,所述用户购票行为检测装置,还包括:In an optional embodiment, the device for detecting user ticket purchase behavior further includes:
确定购票账户模块,被配置为根据所述页面访问数据确定所述用户的购票账户;The ticket purchasing account determining module is configured to determine the ticket purchasing account of the user according to the page access data;
检测购票记录模块,被配置为检测所述购票账户中的购票记录,确定所述用户在购票时间内的购票数目;The ticket purchase record detection module is configured to detect the ticket purchase records in the ticket purchase account and determine the number of tickets purchased by the user during the ticket purchase time;
冻结购票账户模块,被配置为在所述购票时间小于预设的时间阈值并所述购票数目大于预设的数目阈值的情况下,冻结所述购票账户。The module for freezing the ticket purchase account is configured to freeze the ticket purchase account when the ticket purchase time is less than a preset time threshold and the number of tickets purchased is greater than the preset number threshold.
一个可选的实施例中,所述购票维度预设的衡量阈值通过如下单元确定:In an optional embodiment, the preset measurement threshold of the ticket purchase dimension is determined by the following units:
获取历史访问异常衡量数值单元,被配置为获取历史用户在所述购票维度的历史访问异常衡量数值;The historical visit anomaly measurement value unit is configured to obtain the historical visit anomaly measurement value of the historical user in the ticket purchase dimension;
计算衡量阈值单元,被配置为计算所述历史访问异常衡量数值的平均值作为所述购票维度预设的衡量阈值。The calculating threshold value unit is configured to calculate an average value of the historical access abnormality measurement value as the preset measurement threshold value of the ticket purchase dimension.
一个可选的实施例中,所述计算单元,包括:In an optional embodiment, the calculation unit includes:
第一确定子模块,被配置为根据所述页面访问数据确定所述用户点击的购票节点的第一节点数目,以及确定在所述行为链中提取的所述用户访问的购票节点的第二节点数目;The first determining sub-module is configured to determine the number of the first node of the ticket purchase node clicked by the user according to the page access data, and determine the number of the ticket purchase node accessed by the user extracted from the behavior chain Number of second nodes;
计算访问节点概率子模块,被配置为计算所述第一节点数目与所述第二节点数目二者的比值,确定为所述用户的访问节点概率;The calculating access node probability sub-module is configured to calculate the ratio of the number of the first nodes to the number of the second nodes, and determine it as the access node probability of the user;
第二确定子模块,被配置为根据所述页面访问数据确定所述用户开启所述购票页面的时间以及所述用户支付购票金额的时间;The second determining submodule is configured to determine the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount according to the page access data;
第三确定子模块,被配置为基于所述开启所述购票页面的时间以及所述用户支付购票金额的时间确定所述用户购票的总时间,以及所述用户访问所述购票节点的访问总时间;The third determining sub-module is configured to determine the total time for the user to purchase a ticket based on the time when the ticket purchase page is opened and the time when the user pays for the ticket purchase amount, and the user visits the ticket purchase node Total visit time;
计算访问时间概率子模块,被配置为计算所述总时间与所述访问总时间二者的比值,确定为所述用户的访问时间概率;The access time probability calculation sub-module is configured to calculate the ratio of the total time to the total access time, and determine it as the access time probability of the user;
确定访问异常度子模块,被配置为将所述访问节点概率以及所述访问时间概率进行乘积,根据乘积结果确定所述访问异常度。The access abnormality determination sub-module is configured to multiply the access node probability and the access time probability, and determine the access abnormality degree according to the product result.
一个可选的实施例中,所述采集模块602,包括:In an optional embodiment, the collection module 602 includes:
嵌入数据采集包单元,被配置为通过在承载所述购票页面的平台嵌入数据采集包,在承载所述购票页面的平台创建数据采集接口;The embedded data collection package unit is configured to create a data collection interface on the platform that carries the ticket purchase page by embedding the data collection package on the platform that carries the ticket purchase page;
调用采集接口单元,被配置为通过调用所述数据采集接口采集所述页面访问数据。The calling collection interface unit is configured to collect the page access data by calling the data collection interface.
一个可选的实施例中,所述确定模块604,包括:In an optional embodiment, the determining module 604 includes:
读取数目单元,被配置为读取所述页面访问数据中包含的页面点击数据、页面访问时间数据以及页面跳转数据;The reading number unit is configured to read page click data, page access time data, and page jump data included in the page access data;
确定单元,被配置为根据所述页面点击数据确定所述用户点击所述购票页面的点击次数,根据所述页面访问时间数据确定所述用户在所述购票页面的停留时间,以及根据所述页面跳转数据确定所述用户在所述购票页面的跳转次数;The determining unit is configured to determine, according to the page click data, the number of clicks the user clicks on the ticket purchase page, determine the user’s stay time on the ticket purchase page according to the page access time data, and according to all The page jump data determines the number of jumps of the user on the ticket purchase page;
计算乘积单元,被配置为计算所述点击次数与预设的点击权重系数二者的乘积,所述停留时间与预设的时间权重系数二者的乘积,以及所述跳转次数与预设的跳转权重系数二者的乘积;The product calculating unit is configured to calculate the product of the number of clicks and a preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the number of jumps and the preset time weighting factor. The product of the set jump weight coefficients;
确定访问异常度单元,被配置为将乘积结果进行求和,并计算求和结果与预设的访问异常标准值二者的比值,作为所述访问异常度。The access abnormality determination unit is configured to sum the product result, and calculate the ratio of the sum result to a preset access abnormality standard value as the access abnormality degree.
本申请提供的用户购票行为检测装置,通过对用户在所述购票页面的页面访问数据进行解析,确定所述访问异常度,实现了初步对所述用户的购票行为进行检测,并且在所述访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,采用所述购票行为检测模型再次对所述用户的购票行为进行检测,实现了可以准确的确定所述用户的购票行为,并且在对所述用户的购票行为进行检测时是在用户购票过程中进行的,做到了对用户的购票行为进行无痕检测,大大的减少了对用户的购票流程的干扰,优化了用户 的体验效果,同时引入蜜罐机制对存在非正常购票行为的用户进行防控,可以有效的减少卖票方的经济损失,并且可以对所述购票页面存在的漏洞进行修复,防止了其他非正常购票行为的用户再次利用页面漏洞进行虚假占座的情况发生。The user's ticket purchase behavior detection device provided by the present application analyzes the user's page access data on the ticket purchase page to determine the degree of access abnormality, and realizes the preliminary detection of the user's ticket purchase behavior. In the case that the access abnormality measurement value is less than the measurement threshold value preset in the ticket purchase dimension, the ticket purchase behavior detection model is used to detect the user's ticket purchase behavior again, so that the user can be accurately determined The ticket purchase behavior of the user is detected during the user's ticket purchase process, so that the user's ticket purchase behavior is seamlessly detected, which greatly reduces the user's ticket purchase behavior. The interference of the process optimizes the user’s experience. At the same time, the honeypot mechanism is introduced to prevent and control users who have abnormal ticket purchase behaviors, which can effectively reduce the economic loss of the ticket seller, and can prevent the existence of the ticket purchase page. The vulnerabilities were repaired to prevent other users with abnormal ticket purchase behaviors from using page vulnerabilities to falsely occupy seats.
上述为本实施例的一种用户购票行为检测装置的示意性方案。需要说明的是,该用户购票行为检测装置的技术方案与上述的用户购票行为检测装置方法的技术方案属于同一构思,用户购票行为检测装置的技术方案未详细描述的细节内容,均可以参见上述用户购票行为检测装置方法的技术方案的描述。The foregoing is a schematic solution of a device for detecting a user's ticket purchase behavior in this embodiment. It should be noted that the technical solution of the user ticket purchase behavior detection device belongs to the same concept as the above technical solution of the user ticket purchase behavior detection device method. The details of the technical solution of the user ticket purchase behavior detection device that are not described in detail can be used. See the description of the technical solution of the above-mentioned user ticket purchase behavior detection device method.
图7示出了根据本申请一实施例提供的一种计算设备700的结构框图。该计算设备700的部件包括但不限于存储器710和处理器720。处理器720与存储器710通过总线730相连接,数据库750用于保存数据。Fig. 7 shows a structural block diagram of a computing device 700 provided according to an embodiment of the present application. The components of the computing device 700 include, but are not limited to, a memory 710 and a processor 720. The processor 720 and the memory 710 are connected through a bus 730, and the database 750 is used to store data.
计算设备700还包括接入设备740,接入设备740使得计算设备700能够经由一个或多个网络760通信。这些网络的示例包括公用交换电话网(PSTN)、局域网(LAN)、广域网(WAN)、个域网(PAN)或诸如因特网的通信网络的组合。接入设备740可以包括有线或无线的任何类型的网络接口(例如,网络接口卡(NIC))中的一个或多个,诸如IEEE802.11无线局域网(WLAN)无线接口、全球微波互联接入(Wi-MAX)接口、以太网接口、通用串行总线(USB)接口、蜂窝网络接口、蓝牙接口、近场通信(NFC)接口,等等。The computing device 700 also includes an access device 740 that enables the computing device 700 to communicate via one or more networks 760. Examples of these networks include a public switched telephone network (PSTN), a local area network (LAN), a wide area network (WAN), a personal area network (PAN), or a combination of communication networks such as the Internet. The access device 740 may include one or more of any type of wired or wireless network interface (for example, a network interface card (NIC)), such as IEEE802.11 wireless local area network (WLAN) wireless interface, global interconnection for microwave access ( Wi-MAX) interface, Ethernet interface, universal serial bus (USB) interface, cellular network interface, Bluetooth interface, near field communication (NFC) interface, etc.
在本申请的一个实施例中,计算设备700的上述部件以及图7中未示出的其他部件也可以彼此相连接,例如通过总线。应当理解,图7所示的计算设备结构框图仅仅是出于示例的目的,而不是对本申请范围的限制。本领域技术人员可以根据需要,增添或替换其他部件。In an embodiment of the present application, the aforementioned components of the computing device 700 and other components not shown in FIG. 7 may also be connected to each other, for example, via a bus. It should be understood that the structural block diagram of the computing device shown in FIG. 7 is only for the purpose of example, and is not intended to limit the scope of the present application. Those skilled in the art can add or replace other components as needed.
计算设备700可以是任何类型的静止或移动计算设备,包括移动计算机或移动计算设备(例如,平板计算机、个人数字助理、膝上型计算机、笔记本计算机、上网本等)、移动电话(例如,智能手机)、可佩戴的计算设备(例如,智能手表、智能眼镜等)或其他类型的移动设备,或者诸如台式计算机或PC的静止计算设备。计算设备700还可以是移动式或静止式的服务器。The computing device 700 can be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (for example, a tablet computer, a personal digital assistant, a laptop computer, a notebook computer, a netbook, etc.), a mobile phone (for example, a smart phone). ), wearable computing devices (for example, smart watches, smart glasses, etc.) or other types of mobile devices, or stationary computing devices such as desktop computers or PCs. The computing device 700 may also be a mobile or stationary server.
其中,处理器720用于执行如下计算机可执行指令:Wherein, the processor 720 is configured to execute the following computer executable instructions:
采集用户在购票页面的页面访问数据;Collect user access data on the ticket purchase page;
通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;By analyzing the page access data, determine the abnormality of the user's access to the ticket purchase page;
将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;Input the access abnormality degree into the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation;
在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
本申请一实施例还提供一种计算机可读存储介质,其存储有计算机指令,该指令被处理器执行时以用于:An embodiment of the present application further provides a computer-readable storage medium, which stores computer instructions, which are used when executed by a processor:
采集用户在购票页面的页面访问数据;Collect user access data on the ticket purchase page;
通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;By analyzing the page access data, determine the abnormality of the user's access to the ticket purchase page;
将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;Input the access abnormality degree into the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation;
在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
上述为本实施例的一种计算机可读存储介质的示意性方案。需要说明的是,该存储介质的技术方案与上述的用户购票行为检测装置方法的技术方案属于同一构思,存储介质的技术方案未详细描述的细节内容,均可以参见上述用户购票行为检测装置方法的技术方案的描述。The foregoing is a schematic solution of a computer-readable storage medium of this embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the user ticket purchase behavior detection device method described above. For details that are not described in detail in the technical solution of the storage medium, please refer to the above user ticket purchase behavior detection device. Description of the technical solution of the method.
上述对本申请特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The specific embodiments of the present application have been described above. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
所述计算机指令包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适 当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括电载波信号和电信信号。The computer instructions include computer program codes, and the computer program codes may be in the form of source code, object code, executable files, or some intermediate forms. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc. It should be noted that the content contained in the computer-readable medium can be appropriately added or deleted according to the requirements of the legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to the legislation and patent practice, the computer-readable medium Does not include electrical carrier signals and telecommunication signals.
需要说明的是,对于前述的各方法实施例,为了简便描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其它顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定都是本申请所必须的。It should be noted that for the foregoing method embodiments, for simplicity of description, they are all expressed as a series of action combinations, but those skilled in the art should know that this application is not limited by the described sequence of actions. Because according to this application, some steps can be performed in other order or at the same time. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the involved actions and modules are not necessarily all required by this application.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其它实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own focus. For a part that is not described in detail in an embodiment, reference may be made to related descriptions of other embodiments.
以上公开的本申请优选实施例只是用于帮助阐述本申请。可选实施例并没有详尽叙述所有的细节,也不限制该发明仅为所述的具体实施方式。显然,根据本申请的内容,可作很多的修改和变化。本申请选取并具体描述这些实施例,是为了更好地解释本申请的原理和实际应用,从而使所属技术领域技术人员能很好地理解和利用本申请。本申请仅受权利要求书及其全部范围和等效物的限制。The preferred embodiments of the application disclosed above are only used to help explain the application. The optional embodiment does not describe all the details in detail, nor does it limit the invention to only the described specific embodiments. Obviously, many modifications and changes can be made according to the content of this application. This application selects and specifically describes these embodiments in order to better explain the principles and practical applications of this application, so that those skilled in the art can understand and use this application well. This application is only limited by the claims and their full scope and equivalents.

Claims (15)

  1. 一种用户购票行为检测方法,其特征在于,包括:A method for detecting user ticket purchase behavior, which is characterized in that it includes:
    采集用户在购票页面的页面访问数据;Collect user access data on the ticket purchase page;
    通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;By analyzing the page access data, determine the abnormality of the user's access to the ticket purchase page;
    将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;Input the access abnormality degree into the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation;
    在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
  2. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度,包括:The method for detecting a user's ticket purchase behavior according to claim 1, wherein the determining the abnormality of the user's access to the ticket purchase page by analyzing the page access data comprises:
    通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链;Obtain the behavior chain of the user on the ticket purchase page by analyzing the page access data;
    在所述行为链中提取所述用户访问的购票节点以及在所述购票节点的访问时间;Extracting the ticket purchasing node visited by the user and the visit time at the ticket purchasing node in the behavior chain;
    基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度。The access abnormality degree calculation is performed based on the ticket purchasing node and the access time, and the calculation result is used as the access abnormality degree.
  3. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤执行之后,还包括:The user ticket purchase behavior detection method according to claim 1, wherein the page access data is input into a ticket purchase behavior detection model for ticket purchase behavior detection, and the output of the user's ticket purchase behavior detection result is obtained After the steps are executed, it also includes:
    在所述购票行为检测结果为非正常的情况下,将所述用户添加至非正常用户名单,采用蜜罐机制将所述购票页面跳转至蜜罐购票页面;In the case where the detection result of the ticket purchase behavior is abnormal, adding the user to the list of abnormal users, and using a honeypot mechanism to jump the ticket purchase page to the honeypot ticket purchase page;
    采集所述用户在所述蜜罐购票页面的页面访问数据;Collecting page access data of the user on the honeypot ticket purchase page;
    通过对所述用户在所述蜜罐购票页面的页面访问数据进行解析,确定所述购票页面的页面漏洞;By analyzing the page access data of the user's ticket purchase page on the honeypot, determine the page vulnerability of the ticket purchase page;
    基于所述页面漏洞对所述购票页面进行修复。Repair the ticket purchase page based on the page vulnerability.
  4. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算步骤执行之后,所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤执行之前,还包括:The method for detecting a user's ticket purchase behavior according to claim 1, wherein the step of inputting the access anomaly degree into the access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs is performed to perform the access anomaly calculation step After that, before the step of inputting the page access data into the ticket buying behavior detection model to perform ticket buying behavior detection, and obtaining the output of the user's ticket buying behavior detection result, the step further includes:
    在计算获得的所述访问异常衡量数值大于或等于所述衡量阈值的情况下,将所述购票页面跳转至验证页面,对所述用户的购票行为进行二次验证;In the case that the calculated access abnormality measurement value is greater than or equal to the measurement threshold, jump the ticket purchase page to a verification page, and perform a second verification on the user's ticket purchase behavior;
    在所述用户未通过所述二次验证的情况下,将所述用户添加至购票行为异常名单;In the case that the user fails the secondary verification, adding the user to the list of abnormal ticket purchase behaviors;
    在所述用户通过所述二次验证的情况下,执行所述将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果步骤。In the case that the user passes the secondary verification, the step of inputting the page access data into the ticket purchasing behavior detection model to perform ticket purchasing behavior detection is performed, and the output of the user's ticket purchasing behavior detection result is obtained.
  5. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述购票行为检测模型通过如下方式训练:The method for detecting user ticket purchase behavior according to claim 1, wherein the ticket purchase behavior detection model is trained in the following manner:
    采集历史用户在所述购票页面的历史页面访问数据以及历史购票行为结果;Collect historical user access data on the historical page of the ticket purchase page and historical ticket purchase behavior results;
    对所述历史页面访问数据对应的历史购票行为结果添加行为标签,将添加所述行为标签的历史购票行为结果以及对应的历史页面访问数据作为训练样本;Adding behavior tags to the historical ticket purchase behavior results corresponding to the historical page access data, and using the historical ticket purchase behavior results to which the behavior tags are added and the corresponding historical page access data as training samples;
    将所述训练样本输入至基于所述历史页面访问数据与所述历史购票行为结果的关联关系构建的购票行为检测模型进行训练,获得所述购票行为检测模型。The training samples are input to a ticket buying behavior detection model constructed based on the association relationship between the historical page access data and the historical ticket buying behavior results, and the ticket buying behavior detection model is obtained.
  6. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述采集用户在购票页面的页面访问数据步骤执行之后,还包括:The method for detecting a user's ticket purchase behavior according to claim 1, wherein after the step of collecting user's page access data on the ticket purchase page is executed, the method further comprises:
    根据所述页面访问数据确定所述用户的购票账户;Determining the ticket purchase account of the user according to the page access data;
    检测所述购票账户中的购票记录,确定所述用户在购票时间内的购票数目;Detect the ticket purchase records in the ticket purchase account, and determine the number of tickets purchased by the user during the ticket purchase time;
    在所述购票时间小于预设的时间阈值并所述购票数目大于预设的数目阈值的情况下,冻结所述购票账户。In a case where the ticket purchase time is less than a preset time threshold and the number of tickets purchased is greater than the preset number threshold, the ticket purchase account is frozen.
  7. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述购票维度预设的衡量阈值通过如下方式确定:The method for detecting a user's ticket purchase behavior according to claim 1, wherein the preset measurement threshold of the ticket purchase dimension is determined in the following manner:
    获取历史用户在所述购票维度的历史访问异常衡量数值;Obtaining historical abnormality measurement values of historical users in the ticket purchase dimension;
    计算所述历史访问异常衡量数值的平均值作为所述购票维度预设的衡量阈值。Calculate the average value of the historical access abnormality measurement value as the preset measurement threshold value of the ticket purchase dimension.
  8. 根据权利要求2所述的用户购票行为检测方法,其特征在于,所述基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度,包括:The method for detecting a user's ticket purchase behavior according to claim 2, wherein the calculating an access abnormality degree based on the ticket purchasing node and the access time, and using the calculation result as the access abnormality degree, comprises:
    根据所述页面访问数据确定所述用户点击的购票节点的第一节点数目,以及确定在所述行为链中提取的所述用户访问的购票节点的第二节点数目;Determining, according to the page access data, the number of first nodes of the ticket purchasing node clicked by the user, and determining the number of second nodes of the ticket purchasing node accessed by the user extracted from the behavior chain;
    计算所述第一节点数目与所述第二节点数目二者的比值,确定为所述用户的访问节点概率;Calculate the ratio of the number of the first nodes to the number of the second nodes, and determine it as the node access probability of the user;
    根据所述页面访问数据确定所述用户开启所述购票页面的时间以及所述用户支付购票金额的时间;Determining, according to the page access data, the time when the user opens the ticket purchase page and the time when the user pays the ticket purchase amount;
    基于所述开启所述购票页面的时间以及所述用户支付购票金额的时间确定所述用户购票的总时间,以及所述用户访问所述购票节点的访问总时间;Determining the total time for the user to purchase tickets and the total time for the user to visit the ticket purchasing node based on the time when the ticket purchase page is opened and the time when the user pays the amount of the ticket;
    计算所述总时间与所述访问总时间二者的比值,确定为所述用户的访问时间概率;Calculate the ratio of the total time to the total access time, and determine it as the access time probability of the user;
    将所述访问节点概率以及所述访问时间概率进行乘积,根据乘积结果确定所述访问 异常度。The access node probability and the access time probability are multiplied, and the access abnormality degree is determined according to the product result.
  9. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述采集用户在购票页面的页面访问数据,包括:The method for detecting a ticket purchase behavior of a user according to claim 1, wherein the collecting the page access data of the user on the ticket purchase page comprises:
    通过在承载所述购票页面的平台嵌入数据采集包,在承载所述购票页面的平台创建数据采集接口;By embedding a data collection package on the platform carrying the ticket purchase page, creating a data collection interface on the platform carrying the ticket purchase page;
    通过调用所述数据采集接口采集所述页面访问数据。Collect the page access data by calling the data collection interface.
  10. 根据权利要求1所述的用户购票行为检测方法,其特征在于,所述通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度,包括:The method for detecting a user's ticket purchase behavior according to claim 1, wherein the determining the abnormality of the user's access to the ticket purchase page by analyzing the page access data comprises:
    读取所述页面访问数据中包含的页面点击数据、页面访问时间数据以及页面跳转数据;Reading page click data, page access time data, and page jump data included in the page access data;
    根据所述页面点击数据确定所述用户点击所述购票页面的点击次数,根据所述页面访问时间数据确定所述用户在所述购票页面的停留时间,以及根据所述页面跳转数据确定所述用户在所述购票页面的跳转次数;Determine the number of times the user clicks on the ticket purchase page according to the page click data, determine the user’s stay time on the ticket purchase page according to the page access time data, and determine according to the page jump data The number of jumps by the user on the ticket purchase page;
    计算所述点击次数与预设的点击权重系数二者的乘积,所述停留时间与预设的时间权重系数二者的乘积,以及所述跳转次数与预设的跳转权重系数二者的乘积;Calculate the product of the number of clicks and the preset click weighting factor, the product of the dwell time and the preset time weighting factor, and the number of jumps and the preset jump weighting factor The product of the two;
    将乘积结果进行求和,并计算求和结果与预设的访问异常标准值二者的比值,作为所述访问异常度。The product result is summed, and the ratio between the sum result and the preset access abnormality standard value is calculated as the access abnormality degree.
  11. 一种用户购票行为检测装置,其特征在于,包括:A user ticket purchase behavior detection device, which is characterized in that it comprises:
    采集模块,被配置为采集用户在购票页面的页面访问数据;The collection module is configured to collect user access data on the ticket purchase page;
    确定模块,被配置为通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;The determining module is configured to determine the abnormality of the user's access to the ticket purchase page by analyzing the page access data;
    计算模块,被配置为将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;A calculation module configured to input the access anomaly degree into an access anomaly measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access anomaly calculation;
    检测模块,被配置为在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。The detection module is configured to input the page access data into the ticket purchase behavior detection model to purchase tickets when the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension. Behavior detection, to obtain the output detection result of the user's ticket purchase behavior.
  12. 根据权利要求11所述的用户购票行为检测装置,其特征在于,所述确定模块,包括:The device for detecting user ticket purchase behavior according to claim 11, wherein the determining module comprises:
    解析单元,被配置为通过对所述页面访问数据进行解析,获得所述用户在所述购票页面的行为链;The parsing unit is configured to obtain the behavior chain of the user on the ticket purchase page by parsing the page access data;
    提取单元,被配置为在所述行为链中提取所述用户访问的购票节点以及在所述购票 节点的访问时间;An extracting unit configured to extract, from the behavior chain, the ticket purchasing node visited by the user and the visit time at the ticket purchasing node;
    计算单元,被配置为基于所述购票节点以及所述访问时间进行访问异常度计算,将计算结果作为所述访问异常度。The calculation unit is configured to perform an access abnormality calculation based on the ticket purchasing node and the access time, and use the calculation result as the access abnormality.
  13. 根据权利要求11所述的用户购票行为检测装置,其特征在于,还包括:The device for detecting a user's ticket purchase behavior according to claim 11, further comprising:
    跳转模块,被配置为在所述购票行为检测结果为非正常的情况下,将所述用户添加至非正常用户名单,采用蜜罐机制将所述购票页面跳转至蜜罐购票页面;The jump module is configured to add the user to the list of abnormal users when the detection result of the ticket purchase behavior is abnormal, and use the honeypot mechanism to jump the ticket purchase page to the honeypot purchase ticket page;
    采集页面访问数据模块,被配置为采集所述用户在所述蜜罐购票页面的页面访问数据;A page access data collection module configured to collect page access data of the user on the honeypot ticket purchase page;
    确定页面漏洞模块,被配置为通过对所述用户在所述蜜罐购票页面的页面访问数据进行解析,确定所述购票页面的页面漏洞;The page vulnerability determining module is configured to determine the page vulnerability of the ticket purchase page by analyzing the page access data of the user on the honeypot ticket purchase page;
    修复模块,被配置为基于所述页面漏洞对所述购票页面进行修复。The repair module is configured to repair the ticket purchase page based on the page vulnerability.
  14. 一种计算设备,其特征在于,包括:A computing device, characterized in that it comprises:
    存储器和处理器;Memory and processor;
    所述存储器用于存储计算机可执行指令,所述处理器用于执行所述计算机可执行指令:The memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions:
    采集用户在购票页面的页面访问数据;Collect user access data on the ticket purchase page;
    通过对所述页面访问数据进行解析,确定所述用户在所述购票页面的访问异常度;By analyzing the page access data, determine the abnormality of the user's access to the ticket purchase page;
    将所述访问异常度输入至所述购票页面所属的购票维度对应的访问异常衡量函数进行访问异常计算;Input the access abnormality degree into the access abnormality measurement function corresponding to the ticket purchase dimension to which the ticket purchase page belongs to perform access abnormality calculation;
    在计算获得的所述购票维度的访问异常衡量数值小于所述购票维度预设的衡量阈值的情况下,将所述页面访问数据输入购票行为检测模型进行购票行为检测,获得输出的所述用户的购票行为检测结果。In the case that the calculated access anomaly measurement value of the ticket purchase dimension is less than the preset measurement threshold of the ticket purchase dimension, the page access data is input into the ticket purchase behavior detection model for ticket purchase behavior detection, and the output is obtained The detection result of the user's ticket purchase behavior.
  15. 一种计算机可读存储介质,其存储有计算机指令,其特征在于,该指令被处理器执行时实现权利要求1至10任意一项所述用户购票行为检测方法的步骤。A computer-readable storage medium storing computer instructions, characterized in that, when the instructions are executed by a processor, the steps of the method for detecting a user's ticket purchase behavior according to any one of claims 1 to 10 are realized.
PCT/CN2020/097581 2019-09-27 2020-06-23 User ticket purchase behavior detection method and device WO2021057131A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910922200.5 2019-09-27
CN201910922200.5A CN110675228B (en) 2019-09-27 2019-09-27 User ticket buying behavior detection method and device

Publications (1)

Publication Number Publication Date
WO2021057131A1 true WO2021057131A1 (en) 2021-04-01

Family

ID=69079757

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/097581 WO2021057131A1 (en) 2019-09-27 2020-06-23 User ticket purchase behavior detection method and device

Country Status (3)

Country Link
CN (1) CN110675228B (en)
TW (1) TWI740507B (en)
WO (1) WO2021057131A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110675228B (en) * 2019-09-27 2021-05-28 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device
CN111260440B (en) * 2020-01-15 2023-07-18 中国铁道科学研究院集团有限公司电子计算技术研究所 Order processing method, order processing device, storage medium and computer equipment
CN111598162A (en) * 2020-05-14 2020-08-28 万达信息股份有限公司 Cattle risk monitoring method, terminal equipment and storage medium
CN112801668A (en) * 2021-02-05 2021-05-14 绿盟科技集团股份有限公司 Method for preventing automatic ticket swiping
CN115277142A (en) * 2022-07-18 2022-11-01 支付宝(杭州)信息技术有限公司 Safety protection method and device, storage medium and electronic equipment
CN117421729B (en) * 2023-12-18 2024-04-26 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902366A (en) * 2009-05-27 2010-12-01 北京启明星辰信息技术股份有限公司 Method and system for detecting abnormal service behaviors
CN106101116A (en) * 2016-06-29 2016-11-09 东北大学 A kind of user behavior abnormality detection system based on principal component analysis and method
CN110119896A (en) * 2019-05-13 2019-08-13 湖南易景通智能科技有限公司 A kind of anti-down bill system in scenic spot
CN110148034A (en) * 2019-04-24 2019-08-20 珠海市珠澳跨境工业区好易通科技有限公司 A kind of excellent device and method of online shopping system architecture
CN110675228A (en) * 2019-09-27 2020-01-10 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170134405A1 (en) * 2015-11-09 2017-05-11 Qualcomm Incorporated Dynamic Honeypot System
CN106982196B (en) * 2016-01-19 2020-07-31 阿里巴巴集团控股有限公司 Abnormal access detection method and equipment
CN105808639B (en) * 2016-02-24 2021-02-09 平安科技(深圳)有限公司 Network access behavior identification method and device
CN106453357A (en) * 2016-11-01 2017-02-22 北京红马传媒文化发展有限公司 Network ticket buying abnormal behavior recognition method and system and equipment
CN106657007A (en) * 2016-11-18 2017-05-10 北京红马传媒文化发展有限公司 Method for recognizing abnormal batch ticket booking behavior based on DBSCAN model
CN107481090A (en) * 2017-07-06 2017-12-15 众安信息技术服务有限公司 A kind of user's anomaly detection method, device and system
CN108055281B (en) * 2017-12-27 2021-05-18 百度在线网络技术(北京)有限公司 Account abnormity detection method, device, server and storage medium
CN108229749A (en) * 2018-01-16 2018-06-29 厦门快商通信息技术有限公司 Bad booking behavior management method based on deep learning
CN109167773B (en) * 2018-08-22 2021-01-26 杭州安恒信息技术股份有限公司 Access anomaly detection method and system based on Markov model
CN109255230A (en) * 2018-09-29 2019-01-22 武汉极意网络科技有限公司 Recognition methods, system, user equipment and the storage medium of abnormal verifying behavior

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902366A (en) * 2009-05-27 2010-12-01 北京启明星辰信息技术股份有限公司 Method and system for detecting abnormal service behaviors
CN106101116A (en) * 2016-06-29 2016-11-09 东北大学 A kind of user behavior abnormality detection system based on principal component analysis and method
CN110148034A (en) * 2019-04-24 2019-08-20 珠海市珠澳跨境工业区好易通科技有限公司 A kind of excellent device and method of online shopping system architecture
CN110119896A (en) * 2019-05-13 2019-08-13 湖南易景通智能科技有限公司 A kind of anti-down bill system in scenic spot
CN110675228A (en) * 2019-09-27 2020-01-10 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device

Also Published As

Publication number Publication date
CN110675228B (en) 2021-05-28
CN110675228A (en) 2020-01-10
TWI740507B (en) 2021-09-21
TW202113694A (en) 2021-04-01

Similar Documents

Publication Publication Date Title
WO2021057131A1 (en) User ticket purchase behavior detection method and device
JP7073343B2 (en) Security vulnerabilities and intrusion detection and repair in obfuscated website content
US20190156426A1 (en) Systems and methods for collecting and processing alternative data sources for risk analysis and insurance
US20170140382A1 (en) Identifying transactional fraud utilizing transaction payment relationship graph link prediction
CN111201528B (en) System and method for integrating network fraud intelligence and payment risk decisions
US20200118215A1 (en) Dynamic pricing of insurance policies for shared goods
US10755196B2 (en) Determining retraining of predictive models
US20150227934A1 (en) Method and system for determining and assessing geolocation proximity
US20160292687A1 (en) Verification location determination for entity presence confirmation of online purchases
US11216794B1 (en) Systematic crowdsourcing of geolocation data
US11429565B2 (en) Terms of service platform using blockchain
US20190188579A1 (en) Self learning data loading optimization for a rule engine
US20140365305A1 (en) Providing geospatial-temporal next-best-action decisions
CN111078880A (en) Risk identification method and device for sub-application
CN115310762A (en) Target service determination method and device based on heterogeneous graph neural network
Wang et al. Into the deep web: Understanding e-commercefraud from autonomous chat with cybercriminals
Robin et al. Public-private partnerships for statistics: Lessons learned, future steps: A focus on the use of non-official data sources for national statistics and public policy
CN111951008A (en) Risk prediction method and device, electronic equipment and readable storage medium
CN113298121A (en) Message sending method and device based on multi-data source modeling and electronic equipment
CN110324418B (en) Method and device for pushing service based on user relationship
Yang et al. Based big data analysis of fraud detection for online transaction orders
KR102612002B1 (en) System for providing advertisement platform service using public transportation
Robin et al. Public-Private Partnerships for Statistics: Lessons Learned, Future Steps
US20170076292A1 (en) Enhanced fraud screening process for filtering of network statistics in order to detect, block, and deter fraudulent on-line activity
Yesuf et al. Fraud risk modelling: requirements elicitation in the case of telecom services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20869208

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20869208

Country of ref document: EP

Kind code of ref document: A1