CN112529505B - Method and device for detecting illegal bill, and readable storage medium - Google Patents

Method and device for detecting illegal bill, and readable storage medium Download PDF

Info

Publication number
CN112529505B
CN112529505B CN202011517318.9A CN202011517318A CN112529505B CN 112529505 B CN112529505 B CN 112529505B CN 202011517318 A CN202011517318 A CN 202011517318A CN 112529505 B CN112529505 B CN 112529505B
Authority
CN
China
Prior art keywords
user terminal
information
order
plug
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011517318.9A
Other languages
Chinese (zh)
Other versions
CN112529505A (en
Inventor
刁浩然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shunda Technology Co ltd
Original Assignee
Beijing Shunda Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shunda Technology Co ltd filed Critical Beijing Shunda Technology Co ltd
Priority to CN202011517318.9A priority Critical patent/CN112529505B/en
Publication of CN112529505A publication Critical patent/CN112529505A/en
Application granted granted Critical
Publication of CN112529505B publication Critical patent/CN112529505B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Development Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a method, a device and a readable storage medium for detecting a rule violation of a bill, wherein the method comprises the following steps: acquiring operation environment detection information sent by a user terminal, wherein the operation environment detection information comprises plug-in detection information; judging whether the running environment of the user terminal is normal or not based on the running environment detection information; if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed; judging whether the user terminal is a suspicious user terminal or not based on the robbery order information; if yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is a illegal bill-refreshing terminal. According to the scheme, the illegal bill-refreshing user corresponding to the illegal bill-refreshing terminal is detected, the amount of the illegal bill-refreshing users is reduced, and the distribution efficiency is improved.

Description

Method and device for detecting illegal bill, and readable storage medium
Technical Field
The application relates to the technical field of logistics distribution, in particular to a method and a device for detecting illegal bill and a readable storage medium.
Background
In the current business involving offline delivery, some delivery operators use plug-in software to obtain high-quality orders (e.g., orders with short delivery path, low delivery difficulty, or high delivery unit price) in order to obtain higher profits. This unfair competing action can lead to an increased number of long orders to be processed (e.g., orders with long delivery routes, large delivery difficulties, or low delivery unit prices), resulting in backlog of orders and reduced delivery business efficiency.
Therefore, how to improve the distribution efficiency is a problem to be solved in the current logistics distribution technical field.
Disclosure of Invention
The application provides a method and a device for detecting illegal bill and a readable storage medium, which aim to solve the problem of how to improve the distribution efficiency, and are the problem to be solved in the technical field of current logistics distribution.
In one aspect, the present application provides a method for detecting a violation ticket, the method comprising:
acquiring operation environment detection information sent by a user terminal, wherein the operation environment detection information comprises plug-in detection information;
judging whether the running environment of the user terminal is normal or not based on the running environment detection information;
if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on a user terminal and order quality information corresponding to an order which the user has robbed;
Judging whether the user terminal is a suspicious user terminal or not based on the order-robbing information;
if yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is an illegal bill-refreshing terminal.
In one possible implementation manner of the present application, the determining, based on the operation environment detection information, whether the operation environment of the terminal is normal includes:
obtaining a preset plug-in blacklist, wherein the plug-in blacklist comprises at least one illegal plug-in identification information;
reading corresponding first plug-in identification information in the plug-in detection information;
judging whether illegal plug-in identification information which is the same as the first plug-in identification information exists in the plug-in blacklist;
if yes, determining that the running environment is abnormal;
if not, determining that the running environment is normal.
In one possible implementation manner of the present application, the determining, based on the robbery order information, whether the user terminal is a suspicious user terminal includes:
based on the order-robbing operation information, determining the corresponding order-robbing frequency of the user when the user robs an order in a preset time range;
determining the percentage of the orders which the user has preempted as good-quality orders based on the order quality information;
Judging whether the frequency of the bill is higher than a preset refreshing threshold value or not, and whether the percentage of the high-quality order is higher than a preset percentage preset or not;
if yes, determining the user terminal as a suspicious user terminal.
In one possible implementation manner of the present application, the order-robbing operation information includes interface request information sent by the user terminal, and the determining, based on the order-robbing operation information, a corresponding order-swiping frequency when the user robs an order in a preset time range includes:
monitoring interface request information sent by the user terminal within a preset time range to obtain the number of times of the request of the user terminal for the order taking completed within the preset time range;
and calculating the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing request times.
In one possible implementation manner of the present application, the dynamically verifying the suspicious ue to determine that the suspicious ue is a rule-breaking bill-refreshing terminal includes:
sending preset sensitive data to the suspicious user terminal to replace the original first encryption parameters of the suspicious user terminal, wherein the sensitive data comprises second encryption parameters;
Acquiring request information fed back by the suspicious user terminal, wherein the request information comprises a third encryption key;
judging whether the second encryption parameter is matched with the third encryption key or not so as to check whether the request information is legal or not;
if not, determining that the suspicious user terminal is the illegal bill-refreshing terminal.
In one possible implementation manner of the present application, after determining whether the user terminal is a suspicious user terminal based on the robbery order operation information, the method further includes:
obtaining a preset plug-in white list, wherein the plug-in white list comprises at least one piece of regular plug-in identification information;
reading corresponding second plug-in identification information in the plug-in detection information;
judging whether regular plug-in identification information which is the same as the second plug-in identification information exists in the plug-in white list;
if not, adding the second plug-in identification information to a preset plug-in gray list.
In one possible implementation manner of the present application, after determining that the suspicious user terminal is a rule-breaking bill-refreshing terminal, the method further includes:
obtaining the illegal terminal identification information and the illegal user identification information corresponding to the illegal bill-refreshing terminal;
Updating the illegal terminal identification information to a preset equipment blacklist;
updating the illegal user identification information to a preset user blacklist;
and transferring plug-in identification information corresponding to the illegal bill-refreshing terminal in the plug-in gray list to a preset plug-in blacklist.
In another aspect, the present application provides a device for detecting a ticket against a rule, the device comprising:
the first acquisition unit is used for acquiring operation environment detection information sent by the user terminal, wherein the operation environment detection information comprises plug-in detection information;
the first judging unit is used for judging whether the running environment of the terminal is normal or not based on the running environment detection information;
the second acquisition unit is used for acquiring the order-robbing information of the user in a preset time range if the user is in the preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed;
the second judging unit is used for judging whether the user terminal is a suspicious user terminal or not based on the order robbing information;
and the first determining unit is used for dynamically verifying the suspicious user terminal if yes so as to determine that the suspicious user terminal is an illegal bill-refreshing terminal.
In one possible implementation manner of the present application, the first determining unit is specifically configured to:
obtaining a preset plug-in blacklist, wherein the plug-in blacklist comprises at least one illegal plug-in identification information;
reading corresponding first plug-in identification information in the plug-in detection information;
judging whether illegal plug-in identification information which is the same as the first plug-in identification information exists in the plug-in blacklist;
if yes, determining that the running environment is abnormal;
if not, determining that the running environment is normal.
In one possible implementation manner of the present application, the second determining unit specifically includes:
the second determining unit is used for determining the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing operation information;
a third determining unit, configured to determine, based on the order quality information, a percentage of orders that have been preempted by the user that are good-quality orders;
the third judging unit is used for judging whether the frequency of the bill is higher than a preset refreshing threshold value or not, and whether the percentage of the high-quality order is higher than a preset percentage preset or not;
and the fourth determining unit is used for determining that the user terminal is a suspicious user terminal if the user terminal is the suspicious user terminal.
In one possible implementation manner of the present application, the first determining unit is specifically configured to:
monitoring interface request information sent by the user terminal within a preset time range to obtain the number of times of the request of the user terminal for the order taking completed within the preset time range;
and calculating the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing request times.
In one possible implementation manner of the present application, the first determining unit is specifically configured to:
sending preset sensitive data to the suspicious user terminal to replace the original first encryption parameters of the suspicious user terminal, wherein the sensitive data comprises second encryption parameters;
acquiring request information fed back by the suspicious user terminal, wherein the request information comprises a third encryption key;
judging whether the second encryption parameter is matched with the third encryption key or not so as to check whether the request information is legal or not;
if not, determining that the suspicious user terminal is the illegal bill-refreshing terminal.
In one possible implementation manner of the present application, the apparatus further includes:
A third obtaining unit, configured to obtain a preset plug-in white list, where the plug-in white list includes at least one regular plug-in identification information;
the first reading unit is used for reading corresponding second plug-in identification information in the plug-in detection information;
a fourth judging unit, configured to judge whether the regular plug-in identifier information identical to the second plug-in identifier information exists in the plug-in whitelist;
and the adding unit is used for adding the second plug-in identification information to a preset plug-in gray list if not.
In one possible implementation manner of the present application, the apparatus further includes:
a fourth obtaining unit, configured to obtain offence terminal identification information and offence user identification information corresponding to the offence bill terminal;
the first updating unit is used for updating the illegal terminal identification information to a preset equipment blacklist;
the second updating unit is used for updating the illegal user identification information to a preset user blacklist;
and the transferring unit is used for transferring the plug-in identification information corresponding to the illegal bill swiping terminal in the plug-in gray list to a preset plug-in black list.
In another aspect, the present application also provides a computer device, including:
One or more processors;
a memory; and
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the method of detecting a violation ticket.
In another aspect, the present application also provides a computer readable storage medium having stored thereon a computer program to be loaded by a processor for performing the steps of the method for detecting a violation ticket.
In the method, the running environment of the user terminal is detected firstly, the running environment of the user terminal is initially determined to be in a normal state, then whether the user terminal is a suspicious user terminal is further determined through the robbery list information of the user terminal, and finally the suspicious user terminal is dynamically verified to determine that the suspicious user terminal is a illegal list-refreshing terminal, so that illegal list-refreshing users corresponding to the illegal list-refreshing terminal are detected, the illegal list-refreshing user quantity is reduced, and the distribution efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of a scenario of a violation ticket detecting system provided in an embodiment of the present application;
FIG. 2 is a flow chart of one embodiment of a method for detecting a violation ticket in an embodiment of the present application;
FIG. 3 is a flow chart of one embodiment of step 202 in an embodiment of the present application;
FIG. 4 is a schematic flow chart of one embodiment of step 204 in the embodiments of the present application;
FIG. 5 is a schematic flow chart of one embodiment of step 401 in the embodiments of the present application;
FIG. 6 is a flow chart of one embodiment of step 205 in the embodiments of the present application;
FIG. 7 is a flow chart of another embodiment of a method for detecting a ticket for violations in an embodiment of the present application;
FIG. 8 is a flow chart of another embodiment of a method for detecting a ticket for violations in an embodiment of the present application;
FIG. 9 is a schematic diagram of one embodiment of a violation ticket detecting device provided in an embodiment of the present application;
FIG. 10 is a schematic diagram of one embodiment of a computer device provided in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
In the description of the present application, it should be understood that the terms "center," "longitudinal," "transverse," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate an orientation or positional relationship based on that shown in the drawings, merely for convenience of description and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be configured and operated in a particular orientation, and thus should not be construed as limiting the present application. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more of the described features. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
In this application, the term "exemplary" is used to mean "serving as an example, instance, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is presented to enable any person skilled in the art to make and use the application. In the following description, details are set forth for purposes of explanation. It will be apparent to one of ordinary skill in the art that the present application may be practiced without these specific details. In other instances, well-known structures and processes have not been shown in detail to avoid obscuring the description of the present application with unnecessary detail. Thus, the present application is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
The embodiment of the application provides a method and a device for detecting a violation ticket and a readable storage medium, and the method and the device are respectively described in detail below.
As shown in fig. 1, fig. 1 is a schematic view of a scenario of a system for detecting a rule-breaking ticket according to an embodiment of the present application, where the rule-breaking ticket detection system may include a plurality of terminals 100 and a server 200, where the terminals 100 are connected to the server 200 in a network, and a rule-breaking ticket detection device is integrated in the server 200, such as the server in fig. 1, and the terminals 100 may access the server 200.
The server 200 in this embodiment of the present application is mainly configured to obtain operation environment detection information sent by a user terminal, where the operation environment detection information includes plug-in detection information; judging whether the running environment of the user terminal is normal or not based on the running environment detection information; if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed; judging whether the user terminal is a suspicious user terminal or not based on the robbery order information; if yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is a illegal bill-refreshing terminal.
In this embodiment of the present application, the server 200 may be a stand-alone server, or may be a server network or a server cluster formed by servers, for example, the server 200 described in the embodiment of the present application includes, but is not limited to, a computer, a network terminal, a single network server, a plurality of network server sets, or a cloud server formed by a plurality of servers. Wherein the Cloud server is composed of a large number of computers or web servers based on Cloud Computing (Cloud Computing). In embodiments of the present application, communication between the server and the terminal may be achieved by any communication means, including, but not limited to, mobile communication based on the third generation partnership project (3rd Generation Partnership Project,3GPP), long term evolution (Long Term Evolution, LTE), worldwide interoperability for microwave access (Worldwide Interoperability for Microwave Access, wiMAX), or computer network communication based on the TCP/IP protocol family (TCP/IP Protocol Suite, TCP/IP), user datagram protocol (User Datagram Protocol, UDP), etc.
It is understood that the terminal 100 used in the embodiments of the present application may be a device including both receiving and transmitting hardware, i.e., a device having both receiving and transmitting hardware capable of performing two-way communication over a two-way communication link. Such a terminal may include: a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display. The terminal 100 may be a desktop terminal or a mobile terminal, and the terminal 100 may be one of a mobile phone, a tablet computer, a notebook computer, and the like.
Those skilled in the art will appreciate that the application environment shown in fig. 1 is merely one application scenario of the present application, and is not limited to the application scenario of the present application, and other application environments may also include more or fewer terminals than those shown in fig. 1, or a server network connection relationship, for example, only 1 server and 2 terminals are shown in fig. 1. It will be appreciated that the violation ticket detection system may also include one or more other servers, or/and one or more terminals connected to a server network, as is not limited in this regard.
In addition, as shown in FIG. 1, the violation ticket detection system may also include a memory 300 for storing data, such as user ticket data and violation ticket detection data, such as violation ticket detection data when the violation ticket detection system is in operation.
It should be noted that, the schematic view of the scenario of the rule-breaking bill detection system shown in fig. 1 is only an example, and the rule-breaking bill detection system and scenario described in the embodiments of the present application are for more clearly describing the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application, and as one of ordinary skill in the art can know, along with the evolution of the rule-breaking bill detection system and the appearance of a new service scenario, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.
Next, a method for detecting a rule-breaking bill according to the embodiment of the present application will be described.
In the embodiment of the method for detecting the illegal bill, the illegal bill detecting device is taken as an execution main body, and for simplifying and facilitating the description, the execution main body is omitted in the subsequent method embodiment, and the illegal bill detecting device is applied to computer equipment, and the method comprises the following steps: acquiring operation environment detection information sent by a user terminal, wherein the operation environment detection information comprises plug-in detection information; judging whether the running environment of the user terminal is normal or not based on the running environment detection information; if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed; judging whether the user terminal is a suspicious user terminal or not based on the robbery order information; if yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is a illegal bill-refreshing terminal.
Referring to fig. 2 to 10, fig. 2 is a flowchart illustrating an embodiment of a method for detecting a rule-breaking ticket according to an embodiment of the present application, where the method specifically includes steps 201, 202, 203, 204, and 205.
201. And acquiring the running environment detection information sent by the user terminal. Wherein the operating environment detection information includes plug-in detection information.
The running environment detection may generally include a login environment security detection and a payment environment security detection, and in this application, the login environment security detection is mainly a login environment security detection, and in particular, the login environment security detection may include a detection of an on state of an auxiliary function of the user terminal, and a plug-in detection.
In general, the security detection of the login environment for the user terminal may be classified into detection at the time of login and detection after login. The embodiment is detection during login, namely when a user opens corresponding order-robbing software, the order-robbing software of the user terminal can detect whether the user terminal opens an auxiliary function and a plug-in. The auxiliary function is generally used by people with poor operation of mobile phones, such as people with poor eyesight, for example, middle-aged and elderly people. The voice reading device is used for some friends or old people with few books, words of where the mobile phone is pressed can be read, the magnifying glass function is also used for people with vision impairment, the functions of the words, the pictures and the icons can be magnified, and the auxiliary function of simulated clicking which needs to be detected in the application can automatically rob a bill, so that the fairness principle defined by the application is violated. The user referred to in the present application is typically a user who performs a robbery operation, such as a dispatcher (rider), and the user terminal is typically a terminal device such as a mobile phone, a tablet, or the like used by a dispatcher having authority to log in to robbery software.
If the current equipment starts the auxiliary function, the popup window prompts that the auxiliary function needs to be closed, and the user is forbidden to use the robbery bill software to rob bills. The Plug-in detection information refers to detection information of other Plug-ins except the robbery software, wherein the Plug-in (also called as add in, add-in, add on or add-on, and translate Plug-in) is a program written by an application program interface conforming to a certain specification. It can only run under a program-specified system platform (possibly supporting multiple platforms simultaneously) and cannot run separately from the specified platform. Because the plug-in needs to call the library of functions or data provided by the original clean system. Many software has plug-ins, which are numerous. For example, in the IE, after installing the related plug-in, the WEB browser can directly call the plug-in for processing the specific type of file. Some plug-ins can influence the balance of operation, and the plug-ins are equivalent to plug-ins in games, can replace manual operation to perform simulated clicking, and have the speed and accuracy far exceeding those of manual clicking.
Specifically, when the user terminal opens the corresponding order-robbing software, the order-robbing software will require to detect the running environment of the user terminal, after the detection is completed, the corresponding running environment detection information will be sent to the server, and when the server obtains the running environment detection information, the next step will be executed.
202. And judging whether the running environment of the user terminal is normal or not based on the running environment detection information.
After the running environment detection information sent by the user terminal is obtained in step 201, the running environment detection information may be judged, so as to determine whether the running environment of the user terminal is normal, and a specific judgment manner thereof is described in detail in the following embodiment, which is not repeated.
When the running environment of the user terminal is judged to be abnormal, abnormal feedback information can be generated to the user terminal so as to require the user terminal to forcedly withdraw from the robbery order software, thereby avoiding the robbery order operation of the user with abnormal running environment.
203. If yes, acquiring the order-robbing information of the user in a preset time range. The order-robbing information comprises order-robbing operation information when a user performs order-robbing on the user terminal and order quality information corresponding to an order which the user has robbed.
When the operation environment of the user terminal is judged to be normal, executing the step, and acquiring the order-robbing information of the user within a preset time range. The preset time range can be selected from the beginning of the first order-robbing operation of the user terminal to the ending of the next order-robbing operation as a time period. The order-robbing operation information may include network request information transmitted from the user terminal to the server when the user performs order-robbing.
The order quality information corresponding to the order that the user has preempted may include relevant order quality information such as distribution route quality information, distribution fee quality information, etc. corresponding to the order.
When the user operates the order-taking software (app for short) and clicks the order-taking button. And initiating a request to a server, wherein the request parameters comprise clear text information such as the id of the order, the longitude and latitude of the current position of the rider, the type of the order and the like, and encrypted parameter information. The encryption parameter is a string obtained by splicing the specific strings of the plaintext information according to a specific sequence by using a private key agreed by a server side and an app side, performing RSA encryption, and performing MD5 on the encrypted content. Wherein the string after MD5 encryption is not decryptable and irreversible.
After receiving the information from the user terminal, the server first checks whether this request is a normal request from the app. And after the plaintext parameter information from the app is correspondingly encrypted by using a private key according to a stipulated specific rule, MD5 is carried out to obtain a character string, and the character string is compared with the encrypted parameter sent by the app, so that subsequent order operation can be carried out after the comparison is successful.
204. Based on the robbery order information, whether the user terminal is a suspicious user terminal or not is judged.
In step 201, it is mentioned that, in general, the security detection of the login environment of the user terminal may be classified into detection during login and detection after login, and due to the operation rule of the robbery software, a preset detection mechanism is generally set, that is, detection is performed during login of the terminal, and detection after login is performed after triggering a certain preset scene after login. Because during actual operation the user may open the corresponding plug-in before using the robbery software or during use of the app. Therefore, in the process of using the order robbing software, preliminary judgment can be performed by monitoring the order robbing information generated by the user terminal so as to judge whether the user terminal is a possible user terminal. The specific determination method will be described in detail below, and will not be described in detail here.
205. If yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is a illegal bill-refreshing terminal.
After determining that the user terminal is a suspicious user terminal in step 204, further, performing dynamic verification on the suspicious user terminal, where the dynamic verification is mainly performed on dynamic issuing of sensitive data.
In the method, the running environment of the user terminal is detected firstly, the running environment of the user terminal is initially determined to be in a normal state, then whether the user terminal is a suspicious user terminal is further determined through the robbery list information of the user terminal, and finally the suspicious user terminal is dynamically verified to determine that the suspicious user terminal is a illegal list-refreshing terminal, so that illegal list-refreshing users corresponding to the illegal list-refreshing terminal are detected, the illegal list-refreshing user quantity is reduced, and the distribution efficiency is improved. Is a schematic flow chart of an embodiment of step 203 in the embodiment of the present application
In some embodiments of the present application, as shown in fig. 3, fig. 3 is a schematic flow chart of one embodiment of step 202 in the embodiment of the present application, and the determining, based on the operation environment detection information, whether the operation environment of the terminal is normal specifically includes step 301, step 302, step 303, step 304, and step 305.
301. And acquiring a preset plug-in blacklist. Wherein the plug-in blacklist includes at least one offending plug-in identification information.
302. And reading corresponding first plug-in identification information in the plug-in detection information.
303. Judging whether illegal plug-in identification information which is the same as the first plug-in identification information exists in the plug-in blacklist.
304. If yes, determining that the running environment is abnormal.
305. If not, determining that the running environment is normal.
The illegal plug-in identification information comprises identification information which is confirmed to correspond to the illegal single plug-in, and the plug-in blacklist at the current moment stores the previously confirmed illegal plug-in identification information. In step 303, specifically, the first plug-in identification information may be compared with all the illegal plug-in identification information in the plug-in blacklist to obtain a comparison result, and if the comparison result is that the illegal plug-in identification information identical to the first plug-in identification information exists in the plug-in blacklist, the operation environment of the user terminal is determined to be abnormal. And then, when the running environment of the user terminal is abnormal, abnormal feedback information can be generated to the user terminal so as to require the user terminal to forcedly exit the robbery order software, thereby avoiding the robbery order operation of the user with abnormal running environment.
It should be noted that, the plug-in blacklist may be updated separately or together with the system, for example, when a new offending plug-in is found in the detection process, the identification information corresponding to the new offending plug-in may be updated to the plug-in blacklist.
In some embodiments of the present application, as shown in fig. 4, fig. 4 is a schematic flow chart of an embodiment of step 204 in the embodiment of the present application, and the determining, based on the robbery information, whether the ue is a suspicious ue specifically includes step 401, step 402, step 403, and step 404.
401. And determining the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing operation information.
402. Based on the order quality information, a percentage of orders that the user has preempted that are good orders is determined.
403. And judging whether the frequency of the bill is higher than a preset refreshing threshold value, and whether the percentage of the high-quality order is higher than a preset percentage preset.
404. If yes, determining the user terminal as a suspicious user terminal.
Wherein, the preset time range can be selected from the user the terminal starts to perform the first time of the robbing operation, and ending the next order-robbing operation as a time period. The order-robbing operation information may include network request information transmitted from the user terminal to the server when the user performs order-robbing.
Further, the quality of the product is a reference object, which can be set in advance, for example, the distribution range is generally within 5km, then the product belongs to the good order of the distribution distance within 3km, and the distribution amount of each order is generally slightly different, for example, in the case of the same distribution distance, the distribution amount of the catering product is 5 yuan/order, the distribution amount of the express product is 1.5 yuan/order, the distribution amount is 5 yuan/order, and the product belongs to the good order of the distribution amount.
The preset refresh threshold and the percentage of the good orders can be set in advance, and under normal conditions, the limit of a human body cannot be compared with the analog click in the electronic equipment, so that the artificial click frequency has a certain upper limit, for example, the upper limit is 10 lower/second, and the analog click speed can easily exceed 10 lower/second, and therefore, the refresh threshold can be set to 10 lower/second. Similarly, in order placement, the orders must have different distribution distances, if all the orders of a user are within 2km, the orders must be abnormal, and meanwhile, the percentage of the good-quality orders can be obtained through statistics according to historical order information. Therefore, in step 403, when the frequency of the refreshing exceeds the preset refreshing threshold and the percentage of the good order exceeds the preset percentage, it is indicated that the problem exists in the robbery operation of the ue, so that the ue may be determined as a suspicious ue first and then the subsequent inspection is performed.
In the embodiment of the application, whether the frequency of the bill is higher than a preset refreshing threshold and whether the percentage of the high-quality order is higher than a preset percentage can be independently judged, so that the judgment accuracy is higher, and the judgment frequency is higher, and particularly how to judge the bill can be set according to actual requirements.
In some embodiments of the present application, as shown in fig. 5, fig. 5 is a schematic flow chart of one embodiment of step 401 in the embodiment of the present application, where the order-robbing operation information includes interface request information sent by the user terminal, and based on the order-robbing operation information, determining a corresponding order-robbing frequency when the user robs an order in a preset time range, and specifically includes step 501 and step 502.
501. Monitoring interface request information sent by a user terminal within a preset time range to obtain the number of times of order robbing requests completed by the user terminal within the preset time range;
502. and calculating the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing request times.
When the user performs the order-robbing operation on the user terminal, clicking operation is performed on the terminal display screen, and corresponding interface request information is generated once for each click, so that the server can determine the order-robbing request times of the user terminal completed within a preset time range according to the times of the interface request information.
In step 502, the time is determined to be within a preset time range, for example, the preset time range is 3 seconds, and the frequency of the bill swiping of the user can be calculated through the 3 seconds and the number of the bill swiping requests completed within the 3 seconds.
In some embodiments of the present application, as shown in fig. 6, fig. 6 is a schematic flow chart of one embodiment of step 205 in the embodiment of the present application, where the dynamic verification is performed on the suspicious ue to determine that the suspicious ue is a illegal ticket terminal, and specifically includes step 601, step 602, step 603, and step 604.
601. And sending preset sensitive data to the suspicious user terminal to replace the original first encryption parameters of the suspicious user terminal, wherein the sensitive data comprises the second encryption parameters.
602. And acquiring request information fed back by the suspicious user terminal, wherein the request information comprises a third encryption key.
603. And judging whether the second encryption parameter is matched with the third encryption key or not so as to check whether the request information is legal or not.
604. If not, determining that the suspicious user terminal is the illegal bill-refreshing terminal.
Specifically, the second encryption parameter issued by the server may include a new key value and an agreed encryption rule (where the encryption rule refers to a specific parameter sequence and a specific spliced character string), and the app replaces the key corresponding to the existing first encryption parameter on the server after receiving the new key. The method is characterized in that the whole process is not perceived for a user, after the user triggers the robbery operation, the App uses a new key corresponding to the new replaced second encryption parameter to encrypt the parameter with the specific rule of the last step, and the method is used for MD5. For users using plug-in software (such software is mainly simulating data requests before the app, triggering the requests in the form of a secondary click, generating keys corresponding to the corresponding third encryption parameters). At the moment, the server uses the new encryption rule after replacement and the new key corresponding to the second encryption parameter to verify the request parameter, and the verification cannot be passed, so that the purpose of intercepting the plug-in software robbery is achieved.
In some embodiments of the present application, as shown in fig. 7, fig. 7 is a flowchart of another embodiment of a method for detecting a rule-breaking ticket in an embodiment of the present application, after determining whether the user terminal is a suspicious user terminal based on the rule-breaking operation information, the method further includes:
701. and acquiring a preset plug-in white list. Wherein the plug-in whitelist includes at least one regular plug-in identification information.
702. And reading corresponding second plug-in identification information in the plug-in detection information.
703. And judging whether the regular plugin identification information which is the same as the second plugin identification information exists in the plugin white list.
704. If not, adding the second plug-in identification information to a preset plug-in gray list.
The regular plug-in identification information comprises identification information which is confirmed to be corresponding to the regular brush list plug-in, and the plug-in white list stores the regular plug-in identification information which is confirmed before at the current moment.
In some embodiments of the present application, as shown in fig. 8, fig. 8 is another embodiment, after determining that the suspicious ue is the offending ticket terminal, the method further includes step 801, step 802, step 803, and step 804:
801. And obtaining the identification information of the violation terminal and the identification information of the violation user corresponding to the violation bill-refreshing terminal.
802. Updating the illegal terminal identification information to a preset device blacklist.
803. Updating the illegal user identification information to a preset user blacklist.
804. And transferring plug-in identification information corresponding to the illegal bill-refreshing terminal in the plug-in gray list to a preset plug-in blacklist.
The preset plug-in blacklist is the plug-in blacklist used in the embodiment, and the plug-in blacklist is updated by means of plug-in identification information corresponding to the illegal bill swiping terminal in the plug-in gray list.
After detecting the user using the plug-in software, the blacklist is recorded and registered on the equipment, and the penalty on the cheating user by means of off-line verification is considered for perfecting the scheme.
In order to better implement the method for detecting the rule-breaking bill in the embodiment of the present application, on the basis of the method for detecting the rule-breaking bill, a device for detecting the rule-breaking bill is further provided in the embodiment of the present application, as shown in fig. 9, fig. 9 is a schematic structural diagram of an embodiment of the device for detecting the rule-breaking bill provided in the embodiment of the present application, where the device 900 for detecting the rule-breaking bill includes a first obtaining unit 901, a first judging unit 902, a second obtaining unit 903, a second judging unit 904, and a first determining unit 905.
A first obtaining unit 901, configured to obtain operation environment detection information sent by a user terminal, where the operation environment detection information includes plug-in detection information;
a first judging unit 902, configured to judge whether the operating environment of the terminal is normal based on the operating environment detection information;
the second obtaining unit 903 is configured to obtain, if yes, order-taking information of the user within a preset time range, where the order-taking information includes order-taking operation information when the user performs order-taking on the user terminal and order quality information corresponding to an order that the user has taken;
a second judging unit 904, configured to judge whether the user terminal is a suspicious user terminal based on the robbery information;
and a first determining unit 905, configured to dynamically verify the suspicious ue if yes, so as to determine that the suspicious ue is an illegal ticket terminal.
In some embodiments of the present application, the first determining unit 902 is specifically configured to:
obtaining a preset plug-in blacklist, wherein the plug-in blacklist comprises at least one illegal plug-in identification information;
reading corresponding first plug-in identification information in the plug-in detection information;
Judging whether illegal plug-in identification information which is the same as the first plug-in identification information exists in the plug-in blacklist;
if yes, determining that the running environment is abnormal;
if not, determining that the running environment is normal.
In some embodiments of the present application, the second determining unit 904 specifically includes:
the second determining unit is used for determining the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing operation information;
a third determining unit, configured to determine, based on the order quality information, a percentage of orders that have been preempted by the user that are good-quality orders;
the third judging unit is used for judging whether the frequency of the bill is higher than a preset refreshing threshold value or not, and whether the percentage of the high-quality order is higher than a preset percentage preset or not;
and the fourth determining unit is used for determining that the user terminal is a suspicious user terminal if the user terminal is the suspicious user terminal.
In some embodiments of the present application, the first determining unit is specifically configured to:
monitoring interface request information sent by the user terminal within a preset time range to obtain the number of times of the request of the user terminal for the order taking completed within the preset time range;
And calculating the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing request times.
In some embodiments of the present application, the first determining unit 905 is specifically configured to:
sending preset sensitive data to the suspicious user terminal to replace the original first encryption parameters of the suspicious user terminal, wherein the sensitive data comprises second encryption parameters;
acquiring request information fed back by the suspicious user terminal, wherein the request information comprises a third encryption key;
judging whether the second encryption parameter is matched with the third encryption key or not so as to check whether the request information is legal or not;
if not, determining that the suspicious user terminal is the illegal bill-refreshing terminal.
In some embodiments of the present application, the apparatus further comprises:
a third obtaining unit, configured to obtain a preset plug-in white list, where the plug-in white list includes at least one regular plug-in identification information;
the first reading unit is used for reading corresponding second plug-in identification information in the plug-in detection information;
a fourth judging unit, configured to judge whether the regular plug-in identifier information identical to the second plug-in identifier information exists in the plug-in whitelist;
And the adding unit is used for adding the second plug-in identification information to a preset plug-in gray list if not.
In some embodiments of the present application, the apparatus further comprises:
a fourth obtaining unit, configured to obtain offence terminal identification information and offence user identification information corresponding to the offence bill terminal;
the first updating unit is used for updating the illegal terminal identification information to a preset equipment blacklist;
the second updating unit is used for updating the illegal user identification information to a preset user blacklist;
and the transferring unit is used for transferring the plug-in identification information corresponding to the illegal bill swiping terminal in the plug-in gray list to a preset plug-in black list.
In the method, the running environment of the user terminal is detected firstly, the running environment of the user terminal is initially determined to be in a normal state, then whether the user terminal is a suspicious user terminal is further determined through the robbery list information of the user terminal, and finally the suspicious user terminal is dynamically verified to determine that the suspicious user terminal is a illegal list-refreshing terminal, so that illegal list-refreshing users corresponding to the illegal list-refreshing terminal are detected, the illegal list-refreshing user quantity is reduced, and the distribution efficiency is improved.
In addition to the above description of the method and apparatus for detecting a rule-breaking bill, embodiments of the present application further provide a computer device, which integrates any of the rule-breaking bill detection apparatuses provided in the embodiments of the present application, where the computer device includes:
one or more processors;
a memory; and
one or more applications, wherein the one or more applications are stored in the memory and configured to perform the operations of any of the methods described in any of the above-described embodiments of the method for detecting a violation ticket by the processor.
The embodiment of the application also provides computer equipment which integrates any of the illegal bill detection devices provided by the embodiment of the application. Referring to fig. 10, fig. 10 is a schematic structural diagram of an embodiment of a computer device according to an embodiment of the present application.
As shown in fig. 10, a schematic structural diagram of an illegal ticket checking device according to an embodiment of the present application is shown, specifically:
the violation ticket detection device may include components such as a processor 1001 of one or more processing cores, a memory 1002 of one or more computer readable storage media, a power supply 1003, and an output unit 1004. It will be appreciated by those skilled in the art that the violation ticket detecting device configuration shown in fig. 10 is not limiting of the violation ticket detecting device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components. Wherein:
The processor is a control center of the rule-breaking bill detection device, and uses various interfaces and lines to connect various parts of the whole rule-breaking bill detection device, and executes various functions and processing data of the rule-breaking bill detection device by running or executing software programs and/or modules stored in the memory 1002 and calling data stored in the memory 1002, thereby performing overall monitoring on the rule-breaking bill detection device. Optionally, the processor 1001 may include one or more processing cores; preferably, the processor 1001 may integrate an application processor and a modem processor, wherein the application processor mainly processes an operating system, a user interface, an application program, and the like, and the modem processor mainly processes wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 1001.
The memory 1002 may be used to store software programs and modules, and the processor 1001 executes various functional applications and data processing by executing the software programs and modules stored in the memory 1002. The memory 1002 may mainly include a storage program area that may store an operating system, application programs required for at least one function (such as a sound playing function, an image playing function, etc.), and a storage data area; the stored data area may store data created from the use of the violation ticket detecting device, etc. In addition, memory 1002 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 1002 may also include a memory controller to provide the processor 1001 with access to the memory 1002.
The offence ticket detection device further includes a power supply 1003 for supplying power to each component, and preferably, the power supply 1003 may be logically connected to the processor 1001 through a power management system, so that functions of managing charging, discharging, power consumption management, etc. are implemented through the power management system. The power supply 1003 may also include one or more of any of a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
The offensive ticket detection device may further include an input unit 1004, which input unit 1004 may be used to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
Although not shown, the illegal ticket checking device may further include a display unit or the like, which is not described herein. In particular, in the embodiment of the present application, the processor 1001 in the rule-breaking ticket detection apparatus loads executable files corresponding to the processes of one or more application programs into the memory 1002 according to the following instructions, and the processor 1002 executes the application programs stored in the memory 1002, so as to implement various functions as follows:
Acquiring operation environment detection information sent by a user terminal, wherein the operation environment detection information comprises plug-in detection information; judging whether the running environment of the user terminal is normal or not based on the running environment detection information; if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed; judging whether the user terminal is a suspicious user terminal or not based on the robbery order information; if yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is a illegal bill-refreshing terminal.
In the method, the running environment of the user terminal is detected firstly, the running environment of the user terminal is initially determined to be in a normal state, then whether the user terminal is a suspicious user terminal is further determined through the robbery list information of the user terminal, and finally the suspicious user terminal is dynamically verified to determine that the suspicious user terminal is a illegal list-refreshing terminal, so that illegal list-refreshing users corresponding to the illegal list-refreshing terminal are detected, the illegal list-refreshing user quantity is reduced, and the distribution efficiency is improved.
To this end, embodiments of the present application provide a computer-readable storage medium, which may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like. The computer readable storage medium has stored therein a plurality of instructions that can be loaded by a processor to perform the steps of any of the method for detecting a violation ticket provided by the embodiments of the present application. For example, the instructions may perform the steps of:
acquiring operation environment detection information sent by a user terminal, wherein the operation environment detection information comprises plug-in detection information; judging whether the running environment of the user terminal is normal or not based on the running environment detection information; if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed; judging whether the user terminal is a suspicious user terminal or not based on the robbery order information; if yes, the suspicious user terminal is dynamically verified to determine whether the suspicious user terminal is a illegal bill-refreshing terminal.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.
The foregoing describes in detail a method, an apparatus, and a readable storage medium for detecting a rule-breaking ticket according to embodiments of the present application, and specific examples are applied to describe the principles and implementations of the present application, where the descriptions of the foregoing embodiments are only used to help understand the method and core ideas of the present application; meanwhile, those skilled in the art will have variations in the specific embodiments and application scope in light of the ideas of the present application, and the present description should not be construed as limiting the present application in view of the above.

Claims (9)

1. A method of detecting a violation ticket, the method comprising:
acquiring operation environment detection information sent by a user terminal, wherein the operation environment detection information comprises plug-in detection information;
judging whether the running environment of the user terminal is normal or not based on the running environment detection information;
if yes, acquiring order-robbing information of the user in a preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on a user terminal and order quality information corresponding to an order which the user has robbed;
Judging whether the user terminal is a suspicious user terminal or not based on the order-robbing information;
if yes, carrying out dynamic verification on the suspicious user terminal to determine whether the suspicious user terminal is an illegal bill-refreshing terminal;
wherein, based on the order robbing information, judging whether the user terminal is a suspicious user terminal or not includes:
based on the order-robbing operation information, determining the corresponding order-robbing frequency of the user when the user robs an order in a preset time range;
determining the percentage of the orders which the user has preempted as good-quality orders based on the order quality information;
judging whether the frequency of the bill is higher than a preset refreshing threshold value or not, and whether the percentage of the high-quality order is higher than a preset percentage preset or not;
if yes, determining the user terminal as a suspicious user terminal.
2. The method for detecting a ticket against a violation according to claim 1, wherein the determining whether the operating environment of the terminal is normal based on the operating environment detection information includes:
obtaining a preset plug-in blacklist, wherein the plug-in blacklist comprises at least one illegal plug-in identification information;
reading corresponding first plug-in identification information in the plug-in detection information;
Judging whether illegal plug-in identification information which is the same as the first plug-in identification information exists in the plug-in blacklist;
if yes, determining that the running environment is abnormal;
if not, determining that the running environment is normal.
3. The method for detecting a ticket against rule according to claim 1, wherein the ticket swiping operation information includes interface request information sent by the user terminal, and the determining, based on the ticket swiping operation information, a corresponding ticket swiping frequency when the user swips in a preset time range includes:
monitoring interface request information sent by the user terminal within a preset time range to obtain the number of times of the request of the user terminal for the order taking completed within the preset time range;
and calculating the corresponding bill frequency when the user robs the bill in a preset time range based on the bill robbing request times.
4. The method of claim 1, wherein the dynamically verifying the suspicious user terminal to determine that the suspicious user terminal is a violation ticket terminal comprises:
sending preset sensitive data to the suspicious user terminal to replace the original first encryption parameters of the suspicious user terminal, wherein the sensitive data comprises second encryption parameters;
Acquiring request information fed back by the suspicious user terminal, wherein the request information comprises a third encryption key;
judging whether the second encryption parameter is matched with the third encryption key or not so as to check whether the request information is legal or not;
if not, determining that the suspicious user terminal is the illegal bill-refreshing terminal.
5. The method of claim 1, wherein after determining whether the user terminal is a suspicious user terminal based on the robbery handling information, the method further comprises:
obtaining a preset plug-in white list, wherein the plug-in white list comprises at least one piece of regular plug-in identification information;
reading corresponding second plug-in identification information in the plug-in detection information;
judging whether regular plug-in identification information which is the same as the second plug-in identification information exists in the plug-in white list;
if not, adding the second plug-in identification information to a preset plug-in gray list.
6. The method of claim 5, wherein upon determining that the suspicious user terminal is a violation ticket terminal, the method further comprises:
obtaining the illegal terminal identification information and the illegal user identification information corresponding to the illegal bill-refreshing terminal;
Updating the illegal terminal identification information to a preset equipment blacklist;
updating the illegal user identification information to a preset user blacklist;
and transferring plug-in identification information corresponding to the illegal bill-refreshing terminal in the plug-in gray list to a preset plug-in blacklist.
7. An offensive ticket detection device, said device comprising:
the first acquisition unit is used for acquiring operation environment detection information sent by the user terminal, wherein the operation environment detection information comprises plug-in detection information;
the first judging unit is used for judging whether the running environment of the terminal is normal or not based on the running environment detection information;
the second acquisition unit is used for acquiring the order-robbing information of the user in a preset time range if the user is in the preset time range, wherein the order-robbing information comprises order-robbing operation information when the user performs order-robbing on the user terminal and order quality information corresponding to the order which the user has robbed;
the second judging unit is used for judging whether the user terminal is a suspicious user terminal or not based on the order robbing information;
the first determining unit is used for dynamically verifying the suspicious user terminal if yes so as to determine that the suspicious user terminal is an illegal bill-refreshing terminal;
Wherein, based on the order robbing information, judging whether the user terminal is a suspicious user terminal or not includes:
based on the order-robbing operation information, determining the corresponding order-robbing frequency of the user when the user robs an order in a preset time range;
determining the percentage of the orders which the user has preempted as good-quality orders based on the order quality information;
judging whether the frequency of the bill is higher than a preset refreshing threshold value or not, and whether the percentage of the high-quality order is higher than a preset percentage preset or not;
if yes, determining the user terminal as a suspicious user terminal.
8. A computer device, the computer device comprising:
one or more processors;
a memory; and
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the method of detecting a violation ticket of any of claims 1 to 6.
9. A computer readable storage medium having stored thereon a computer program, the computer program being loaded by a processor to perform the steps of the method for detecting a violation ticket of any of claims 1 to 6.
CN202011517318.9A 2020-12-21 2020-12-21 Method and device for detecting illegal bill, and readable storage medium Active CN112529505B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011517318.9A CN112529505B (en) 2020-12-21 2020-12-21 Method and device for detecting illegal bill, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011517318.9A CN112529505B (en) 2020-12-21 2020-12-21 Method and device for detecting illegal bill, and readable storage medium

Publications (2)

Publication Number Publication Date
CN112529505A CN112529505A (en) 2021-03-19
CN112529505B true CN112529505B (en) 2024-02-27

Family

ID=75001991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011517318.9A Active CN112529505B (en) 2020-12-21 2020-12-21 Method and device for detecting illegal bill, and readable storage medium

Country Status (1)

Country Link
CN (1) CN112529505B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014160296A1 (en) * 2013-03-13 2014-10-02 Guardian Analytics, Inc. Fraud detection and analysis
CN105447383A (en) * 2013-09-10 2016-03-30 北京奇虎科技有限公司 Browser operating environment detection method, client, server and browser operating environment detection system
CN108921581A (en) * 2018-07-18 2018-11-30 北京三快在线科技有限公司 A kind of brush single operation recognition methods, device and computer readable storage medium
CN109522475A (en) * 2018-10-26 2019-03-26 浙江工业大学之江学院 A kind of merchant recommendation method based on user's history consumption data
CN109657166A (en) * 2018-10-16 2019-04-19 深圳壹账通智能科技有限公司 The Internet activity participatory approaches, device, equipment and readable storage medium storing program for executing
CN109784934A (en) * 2019-03-14 2019-05-21 浙江鲸腾网络科技有限公司 A kind of transaction risk control method, apparatus and relevant device and medium
CN110335098A (en) * 2019-04-24 2019-10-15 上海恺英网络科技有限公司 Order recognition methods and equipment at production payment center service end
CN111127151A (en) * 2019-12-23 2020-05-08 山东爱城市网信息技术有限公司 Method, equipment and medium for managing online order based on block chain
CN111343173A (en) * 2020-02-21 2020-06-26 腾讯云计算(北京)有限责任公司 Data access abnormity monitoring method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020052858A1 (en) * 1999-10-31 2002-05-02 Insyst Ltd. Method and tool for data mining in automatic decision making systems

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014160296A1 (en) * 2013-03-13 2014-10-02 Guardian Analytics, Inc. Fraud detection and analysis
CN105447383A (en) * 2013-09-10 2016-03-30 北京奇虎科技有限公司 Browser operating environment detection method, client, server and browser operating environment detection system
CN108921581A (en) * 2018-07-18 2018-11-30 北京三快在线科技有限公司 A kind of brush single operation recognition methods, device and computer readable storage medium
CN109657166A (en) * 2018-10-16 2019-04-19 深圳壹账通智能科技有限公司 The Internet activity participatory approaches, device, equipment and readable storage medium storing program for executing
CN109522475A (en) * 2018-10-26 2019-03-26 浙江工业大学之江学院 A kind of merchant recommendation method based on user's history consumption data
CN109784934A (en) * 2019-03-14 2019-05-21 浙江鲸腾网络科技有限公司 A kind of transaction risk control method, apparatus and relevant device and medium
CN110335098A (en) * 2019-04-24 2019-10-15 上海恺英网络科技有限公司 Order recognition methods and equipment at production payment center service end
CN111127151A (en) * 2019-12-23 2020-05-08 山东爱城市网信息技术有限公司 Method, equipment and medium for managing online order based on block chain
CN111343173A (en) * 2020-02-21 2020-06-26 腾讯云计算(北京)有限责任公司 Data access abnormity monitoring method and device

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
OSR: Optimal and Secure Routing Protocol in Multi-hop Wireless Networks;jie zhou;《2012 32nd International Conference on Distributed Computing Systems Workshops》;187-193 *
基于RFID技术的黑龙江省特色农产品质量安全可追溯***设计;蒋春铭;《物流技术》;第39卷(第01期);65-68+105 *
基于风险矩阵与模糊集理论的众包物流风险评估研究;刘向阳;《中国优秀硕士学位论文全文数据库》(第12期);J145-97 *
数据隐私保护新思路:从依赖他方到自主可控;姚前;《中国信息安全》(第01期);104-107 *
面向用户的电商平台刷单行为智能检测方法;康海燕;《计算机应用》;第38卷(第02期);596-601 *

Also Published As

Publication number Publication date
CN112529505A (en) 2021-03-19

Similar Documents

Publication Publication Date Title
US11212271B2 (en) Trusted login of user accounts
US11663577B2 (en) Resource transfer method and apparatus and storage medium
CN102624677B (en) Method and server for monitoring network user behavior
CN108846657B (en) Electronic transfer method and related device
CN110365996A (en) Management method, live streaming management platform, electronic equipment and storage medium is broadcast live
CN104917749B (en) account registration method and device
CN107392618A (en) It is implanted into the method and apparatus of intelligent contract
CN112257110A (en) Electronic signature management method, management system and computer readable storage medium
CN109670968A (en) Processing method, device, equipment and the computer storage medium of insurance data
CN104954343B (en) Checking information processing method, server and system
CN111260478A (en) Credit data interaction method and system
TW201518977A (en) Method for applying safety verification, applying server, applying client and system
CN109828924A (en) Test method, device and calculating equipment and medium
CN109635529A (en) Account shares detection method, device, medium and electronic equipment
CN112529505B (en) Method and device for detecting illegal bill, and readable storage medium
CN113596040A (en) Security policy deployment method, access control method and device and access control system
CN105512208B (en) Information publishing method, device and system
CN105577621B (en) Business operation verification method, device and system
CN109348472B (en) OTA (over the air) upgrading method and system based on single-point pushing
CN107507086B (en) Invoice processing method and invoice processing system
CN112351030B (en) Data processing method and computer equipment
WO2018049813A1 (en) Authority configuration method and device
CN102165734A (en) Providing simplified internet access
CN111294311B (en) Traffic charging method and system for preventing traffic fraud
CN113610535A (en) Risk monitoring method and device suitable for consumption staging business process

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant