WO2022042194A1 - Block detection method and apparatus for login device, server, and storage medium - Google Patents

Block detection method and apparatus for login device, server, and storage medium Download PDF

Info

Publication number
WO2022042194A1
WO2022042194A1 PCT/CN2021/109010 CN2021109010W WO2022042194A1 WO 2022042194 A1 WO2022042194 A1 WO 2022042194A1 CN 2021109010 W CN2021109010 W CN 2021109010W WO 2022042194 A1 WO2022042194 A1 WO 2022042194A1
Authority
WO
WIPO (PCT)
Prior art keywords
banned
login
factor
ban
under
Prior art date
Application number
PCT/CN2021/109010
Other languages
French (fr)
Chinese (zh)
Inventor
杨景添
苏航
Original Assignee
百果园技术(新加坡)有限公司
杨景添
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 百果园技术(新加坡)有限公司, 杨景添 filed Critical 百果园技术(新加坡)有限公司
Publication of WO2022042194A1 publication Critical patent/WO2022042194A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures

Definitions

  • the embodiments of the present application relate to the field of Internet technologies, for example, to a method, apparatus, server, and storage medium for blocking and detecting a login device.
  • the risk control penalty logic mainly uses the identification information of the logged in device to determine whether the logged in device is a banned device, but network hackers and malicious users can use multiple Such multi-opening software is used to change the identification information of the device logged in this time, so as to bypass the violation detection of the banned device and continue to execute the corresponding violation behavior, which cannot guarantee the information browsing security of normal users.
  • Embodiments of the present application provide a method, device, server, and storage medium for blocking detection of a login device, which improve the accuracy of the login device for blocking detection and the timeliness of blocking on the basis of ensuring the normal operation of the login device.
  • an embodiment of the present application provides a method for detecting a ban on logging in to a device, the method comprising:
  • the blocked score of the logged-in device is determined based on the log-in parameter similarity between the logged-in device and each blocked device in the library of blocked devices under the reference device factor.
  • an embodiment of the present application provides a blocking detection device for logging in equipment, the device comprising:
  • a reference factor screening module configured to screen out a reference device factor from a plurality of device factors based on the login floating degree of at least one banned device in the banned device library under each device factor, wherein the at least one banned device There is a corresponding device factor;
  • the blocking detection module is configured to determine the blocked score of the logged-in device based on the log-in parameter similarity between the logged-in device and each blocked device in the blocked-device library under the reference device factor.
  • an embodiment of the present application provides a server, where the server includes:
  • processors one or more processors
  • storage means arranged to store one or more programs
  • the one or more processors are configured to execute the one or more programs to implement the method for detecting a ban on logging in to a device described in any embodiment of the present application.
  • an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the login described in any embodiment of the present application is implemented The device's ban detection method.
  • FIG. 1A is a flowchart of a method for detecting a ban on logging in to a device according to Embodiment 1 of the present application;
  • FIG. 1B is a schematic flowchart of a blocking detection process for logging in to a device according to Embodiment 1 of the present application;
  • FIG. 2A is a flowchart of a method for detecting a ban on logging in to a device according to Embodiment 2 of the present application;
  • FIG. 2B is a schematic flowchart of a blocking detection process for logging in to a device according to Embodiment 2 of the present application;
  • 3A is a flowchart of a method for detecting a ban on logging in to a device according to Embodiment 3 of the present application;
  • 3B is a schematic flowchart of a dynamic update process of a preset ban threshold value that is referenced when judging whether to ban or not, according to Embodiment 3 of the present application;
  • FIG. 4 is a schematic structural diagram of a blocking detection device for logging in equipment according to Embodiment 4 of the present application.
  • FIG. 5 is a schematic structural diagram of a server according to Embodiment 5 of the present application.
  • Clustering algorithm can be used to classify a large number of logged-in devices, and each logged-in device that exists under the category of banned devices can be banned, but at this time, the clustering algorithm can only initially delineate the scope of banned devices, and cannot guarantee banning equipment accuracy. Moreover, because the range of banned devices initially delineated by the clustering algorithm has a certain lag, it is impossible to guarantee timely banning of log-in devices that violate the rules.
  • the embodiments of the present application provide a method, device, server, and storage medium for blocking and detecting a login device.
  • FIG. 1A is a flowchart of a method for detecting banning of a login device according to Embodiment 1 of the present application.
  • This embodiment can detect whether the login device to be logged in or registered this time needs to be banned in any login scenario.
  • the blocking detection method for logging in equipment provided in this embodiment may be executed by the blocking detection apparatus for logging in equipment provided in this embodiment of the present application, which may be implemented in software and/or hardware, and integrated in a server that executes this method , and the server can be a background server of multiple types of applications configured with user account registration and login requirements.
  • the server can be connected to the login device, or it can be connected to the login device through an intermediate device.
  • the server can be wirelessly connected with the logging device, or can be electrically connected with the logging device.
  • the server may not be connected to the login device, and only obtain information related to the login device, such as the login float.
  • the method may include the following steps:
  • any login device that uses multi-open software to change the identification information of the currently logged in device is usually used as a banned device to ban The user performs any account-related operations on the login device, but the multi-open software is not only used by network hackers and malicious users to change the device identification information to bypass the ban detection, the multi-open software will also support the use of normal users.
  • the method of banning all login devices that use the multi-open software directly affects the normal operation of normal users, and the accuracy of the ban of the login devices cannot be guaranteed; or, by analyzing whether the category of the current login device clustering belongs to the banned device
  • the clustering algorithm is a coarse-grained classification, which cannot ensure the accuracy of the banning of logged-in devices, and there is a certain lag in the classification of banned devices after using the clustering algorithm, so it is impossible to guarantee login. Timeliness of device ban detection. Therefore, in order to avoid the above situation, this embodiment provides a new ban detection method.
  • IP Internet Protocol
  • Media Access Control media access control
  • the tampering costs of login parameters under different device factors are caused due to the different development and design difficulties of different device factors. It is also different, so the difficulty of tampering with different device factors is also different, that is to say, there will always be device factors whose login parameters are not easily tampered with in all device factors of a certain device.
  • the tampered device factor is used as the reference device factor for the blocking detection of the login device. At this time, the login parameters used by the login device under the reference device factor are not easily tampered with maliciously, and can better represent the real device information.
  • the possibility of whether the login device needs to be banned can be accurately determined to ensure that the login device faces the ban. Detection reliability.
  • the banned device library includes at least one banned device.
  • the device factors include device adaptive identification, IP address, MAC address, wireless network, client version, operating system, device model, screen resolution, and the like.
  • the reference device factor may be at least one type of multiple device factors, and the reference device factor may be a device factor whose login parameters are not easily tampered with. Login parameters are behavior data corresponding to different types of device factors when login or registration behavior occurs.
  • the login parameters used by the login device to log in to multiple user accounts under a certain device factor keep changing, it means that the login parameters under the device factor are less difficult to tamper with, that is, the login parameters under the device factor are easy to be tampered with. , so it cannot be used as a reference device factor for logging in device ban detection.
  • the difficulty of tampering with the device factor can be determined by analyzing the fluctuations of the login parameters used by multiple banned devices that have been detected under each device factor.
  • the login fluctuation degree is used to represent the fluctuation of the historical login parameters used under each device factor when registering or logging in a user account on multiple devices.
  • the login device can be blocked and detected. Therefore, the reference device factors with greater reference value for blocking detection can be selected from all device factors to improve the performance of the login device.
  • the accuracy of the ban detection at this time, in the banned device library that has completed the ban detection, it can be found that each banned device performs any account-related operation and is detected to be banned under each device factor.
  • the login fluctuation degree of the banned device library under each device factor is calculated separately;
  • the higher the login floating degree of the banned device library under a certain device factor the easier the login parameters under the device factor are to be maliciously tampered with, that is, the reference value of the device factor for the banning detection of the login device is low.
  • the lower the login floating degree of the device library under a certain device factor the less easily the login parameters under the device factor are maliciously tampered with, that is, the device factor has a higher reference value for the blocking detection of the login device.
  • the login fluctuation degree of the banned device library under each device factor some device factors with a lower login fluctuation degree can be selected from all the device factors, as the reference device factor in this embodiment.
  • the login device is in The login parameters used under multiple reference device factors are not easily tampered with maliciously.
  • the similarity between the login parameters used by the login device and each banned device in the banned device library under multiple reference device factors is analyzed. , it can accurately determine whether the login device is a banned device in the banned device library, and can accurately determine whether the login device needs to be banned, so as to ensure the reliability of the login device for ban detection.
  • the login device refers to the device to be logged in at the current moment.
  • the login parameter similarity refers to the similarity between the login parameters of the login device under the reference device factor and the login parameters of each banned device in the banned device library under the reference device factor.
  • this embodiment can find out the corresponding reference device factor.
  • the login parameters used by the login device under each reference device factor when performing any account-related operation, and the login parameters used under each reference device factor when each banned device in the banned device library is banned parameters respectively analyze the similarity between the login device and the login parameters used by each banned device under each reference device factor to determine whether the login device is a banned device in the banned device library, If the similarity between the login parameters used by the login device and a banned device under multiple reference device factors is high, it means that the login device and the banned device are very likely to be the same device.
  • the possibility that the logged-in device is the same as a blocked device can be used to calculate the blocked score of the logged-in device. It can be seen that in this embodiment, it is not necessary to block each login device using multi-open software, or to block the login devices by clustering. On the basis of ensuring that the login devices perform any normal operations, the lag of the detection of the ban is avoided. Subsequent use of this The banned score can accurately determine whether the login device currently needs to be banned, so as to prohibit the user from performing any account-related operations on the login device.
  • the numerical size of the banned score is used to determine whether to perform the banning behavior of logging in to the device.
  • the banned device m represents the mth banned device, m is a positive integer, the login float n represents the nth login float, n is a positive integer, and the reference device factor k represents the kth reference device factor , k is a positive integer.
  • the reference device factor can be selected from all the device factors based on the registration fluctuation of the banned device library under each device factor.
  • FIG. 2A is a flowchart of a method for detecting banning of a login device according to Embodiment 2 of the present application
  • FIG. 2B is a schematic flowchart of a process of detecting banning of a login device according to Embodiment 2 of the present application.
  • This embodiment is based on the above-described embodiment.
  • a type of implementation is given for the screening process of the reference device factor and the calculation process of the banned score of the login device.
  • this embodiment may include the following steps:
  • the login fluctuation degree can represent each blocked device in the banned device library. Changes in the historical login parameters used by the banned device under each device factor, so when this embodiment detects that the login device needs to perform any account-related operation (such as registering or logging in to a user account), it can find out each The historical login parameters used under each device factor when the banned device was banned. For each device factor, the historical login parameters used under the device factor when each banned device was banned are calculated separately. The frequency of continuously appearing in the banned device library is the repetition frequency of each historical login parameter under the device factor in the banned device library in this embodiment.
  • this embodiment can comprehensively analyze the repetition frequency of multiple historical login parameters used by the banned devices in the banned device library under each device factor, and calculate the value of the banned device library under each device factor. Login float.
  • information entropy can be used to represent the login floating degree of a banned device under each device factor.
  • multiple historical logins under the device factor are based on the banned device library.
  • the repetition frequency of the parameter, to calculate the login floating degree of the banned device library under the device factor can be performed on the repetition frequency of multiple historical login parameters of the banned device library under each device factor to obtain the banned device.
  • the degree of login float of the library under each device factor can be used to represent the login floating degree of a banned device under each device factor.
  • the device factor n represents the nth device factor
  • the blocking reference confidence level n represents the nth blocking reference confidence level
  • n is a positive integer
  • the entropy calculation is performed on the repetition frequency of at least one historical registration parameter adopted by the library under each device factor, and the entropy calculation formula is:
  • x i is the i-th historical login parameter used by the banned devices in the banned device library under each device factor
  • p(x i ) is the banned device in the banned device library under each device factor
  • n is a positive integer.
  • the login float of the banned device library under each device factor can be obtained.
  • this embodiment can be based on the banned device library in each device factor.
  • the degree of negative impact of the login floating degree below on the reference value of the ban detection is used to determine the ban reference confidence level of each device factor.
  • the reliability of the ban detection is used to determine the ban reference confidence level of each device factor.
  • the reliability of the ban detection is used to determine the ban reference confidence level of each device factor.
  • the reliability of the ban detection is used to determine the ban reference confidence level of each device factor.
  • this embodiment will preset a corresponding specified ban detection specification.
  • the specified ban detection specification can be the number of reference device factors, and is selected according to the ban reference confidence of each device factor. Multiple device factors that meet the specified ban detection specification are obtained as the reference device factors in this embodiment.
  • the TopK algorithm can be used to screen out the device factors whose ban reference confidence is the top K items from all the device factors, as the reference device. factor, where K represents a positive integer.
  • the device factor whose ban reference confidence meets the specified ban detection specification refers to the device factor whose ban reference confidence meets the ban reference confidence range corresponding to the first K items.
  • multiple device factors that meet the specified ban detection specification under a lower login floating degree can also be used as the reference device factors in this embodiment, and there is no need to calculate the ban reference confidence levels of multiple device factors, which saves money. Go to the screening steps for the reference device factor.
  • the login fluctuation degree and the ban reference confidence level are negatively correlated, and the top k device factors with the lowest login fluctuation degree are the device factors that meet the ban detection specification, as the selected reference device factor.
  • the login parameters used, and the login parameters used under each reference device factor when the banned device is banned respectively determine the login device and at least one banned device composed of the login parameters used under each reference device factor.
  • the device characteristics of the device use the corresponding similarity algorithm to analyze the similarity between the login device and the login parameters used by the at least one banned device under each reference device factor, and analyze the login parameters under each reference device factor.
  • Parameter similarity is comprehensively analyzed, and the banned similarity between the logged-in device and multiple banned devices is calculated respectively; at this time, by performing the above steps, the banned similarity between the logged-in device and each banned device can be calculated separately. .
  • the banned similarity between the login device and each banned device can be calculated by using the reverse influence between the Jaccard distance and the similarity.
  • Distance Calculates the device distance between the login device and the banned device (that is, the dissimilarity between the login device and the banned device).
  • the greater the device distance between the login device and a banned device calculated by using the Jaccard distance the smaller the ban similarity between the login device and the banned device.
  • the reference device factor is (serial, iid, uuid, eid, mac, aid)
  • the banned similarity between the login device and the banned device can be
  • the logged-in device if the logged-in device is similar to any banned device in the banned device library, it means that the logged-in device needs to be banned. For example, it can be determined whether the maximum similarity in the banned similarity between the logged-in device and each banned device reaches a preset similarity threshold, if the maximum similarity in the banned similarity between the logged-in device and each banned device is It is also lower than the preset similarity threshold, indicating that the login device is not similar to each banned device. Therefore, in this embodiment, the maximum similarity in the banned similarity between the logged-in device and each banned device can be used as the banned score of the logged-in device.
  • the maximum similarity indicates that the logged-in device is similar to a banned device If the devices are similar, then it can be accurately determined that the logged-in device needs to be banned, and the comprehensiveness of determining whether the logged-in device needs to be banned is improved by the banned score of the logged-in device.
  • the entropy operation is used to calculate the login floating degree of the banned device library under each device factor, which can ensure the accuracy of the login floating degree under each device factor;
  • the device factor that meets the specified ban detection specifications is screened out and used as a reference device factor to ensure the reliability of the reference device factor; by analyzing the login device and each banned device in the banned device library, multiple reference devices
  • the similarity of the login parameters under the factor is used to calculate the banned score of the login device, which can accurately determine whether the login device needs to be banned.
  • This embodiment can ensure the reliability of the login device for blocking detection, and it is not necessary to block each login device using multi-open software, or to block the login device by clustering. On the basis of ensuring that the login device performs any normal operation, It avoids the lag of ban detection, and improves the accuracy and timeliness of the login device for ban detection.
  • the degree of login fluctuation under the device factor may have a negative correlation with the reference confidence level of the ban.
  • R represents the reference confidence level of the ban
  • Hi represents the login fluctuation degree under a certain device factor
  • Hmin represents the minimum login fluctuation degree among all the device factor login fluctuation degrees.
  • FIG. 3A is a flowchart of a method for detecting a ban on a login device according to Embodiment 3 of the present application
  • FIG. 3B is a schematic flowchart of a dynamic update process of a preset ban threshold value referenced when judging whether to ban or not, according to Embodiment 3 of the present application.
  • This embodiment is based on the above-described embodiment. As shown in FIG. 3A , this embodiment is aimed at determining whether to block the login device according to the banned score of the login device.
  • the dynamic update process of the login floating degree when there is a change provides a kind of realization method.
  • this embodiment may include the following steps:
  • S330 Determine a preset ban threshold based on the ban accuracy rate and the ban recall rate corresponding to the target login device set that has completed the ban detection.
  • the target login device set includes at least one login device.
  • this embodiment in order to ensure the accuracy of the logging-in device-oriented ban detection, this embodiment can determine the banning accuracy and banning that characterize whether multiple log-in devices need to be banned by analyzing and adopting the banning detection method provided in this embodiment. Recall rate to dynamically update the corresponding preset ban threshold. After the ban detection is performed on each login device, regardless of the ban detection result, the ban detection method provided in this embodiment can be used to determine whether the ban result of each banned login device needs to be added to the target login device set . At this time, multiple login devices in the target login device set have completed the ban detection, there are login devices that need to be banned, and there are login devices that do not need to be banned.
  • the ban detection result and the real ban result during the ban detection process of logging in to the device, the corresponding ban accuracy rate and ban recall rate are continuously calculated, and the ban accuracy rate and the ban recall rate are used as the evaluation indicators of the preset ban threshold.
  • the corresponding preset ban threshold is dynamically updated.
  • the preset ban threshold may represent a scoring node that can accurately distinguish the login device that needs to be banned.
  • the calculation formula of the ban accuracy rate precision may be:
  • TP is the number of devices that need to be banned in the target login device set
  • FP is the number of devices that need to be banned in the target login device set.
  • the formula for calculating the recall rate recall can be:
  • FN is the number of devices that need to be banned in the target login device set and predicted as the number of devices that do not need to be banned.
  • the ban accuracy rate meets the corresponding accuracy requirements
  • the ban recall rate meets the ban score of the corresponding logged-in device under the corresponding recall requirements as the current preset ban threshold.
  • the ban accuracy rate is relatively high, and the ban recall rate needs to be within a certain range. Therefore, the target login device set can be banned from multiple login devices when the recall rate reaches a certain recall range. Among them, the banned score of the logged-in device when the ban accuracy rate is the highest is used as the current preset ban threshold. At this time, the preset ban threshold can ensure a relatively high ban recall based on the highest accuracy of ban detection. .
  • the login device after calculating the banned score of the login device, it can be determined whether the login device needs to be banned by comparing the value between the banned score of the login device and a preset ban threshold. If the banned score of the login device is greater than the preset ban threshold, it means that the login device is very likely to be banned, so the login device can be banned to prevent multiple users from executing any account-related activities on the login device. operation, reduce the widespread dissemination of illegal content, and improve the safety and health of normal users' browsing information.
  • the login device after a login device is banned, the login device can be directly added to the banned device library as a banned device, so that the subsequent login fluctuations of the banned device library under each device factor can be used. , to accurately filter out the reference device factor. Since the banned device library will change dynamically after the continuous ban detection of the login device, the login floating degree of the banned device library under each device factor will also change dynamically. Therefore, this embodiment will complete the When a banned login device is added to the banned device library, the same method as provided in the above-mentioned embodiment for calculating the login floating degree of the banned device library under each device factor can be used to recalculate the banned device library. The registration floating degree under each equipment factor is updated dynamically to improve the screening accuracy of the reference equipment factor.
  • the reference device factor can be selected from all the device factors.
  • the similarity of the login parameters under the reference device factor is used to calculate the banned score of the login device, accurately determine whether the login device needs to be banned, and ensure the reliability of the login device for ban detection.
  • FIG. 4 is a schematic structural diagram of a blocking detection device for logging in equipment according to Embodiment 4 of the present application. As shown in FIG. 4 , the device may include:
  • the reference factor screening module 410 is configured to screen out a reference device factor from a plurality of device factors based on the login floating degree of at least one banned device in the banned device library under each device factor, wherein the at least one banned device There is a corresponding device factor for the device;
  • the blocking detection module 420 is configured to determine the blocked score of the logged-in device based on the similarity of the logged-in device and the log-in parameter of each blocked device in the blocked-device library under the reference device factor.
  • the larger the login float of the banned device library under each device factor the greater the possibility of the device factor being tampered with, that is, the lower the reference value of the device factor for banning and detecting the login device. Therefore, based on the login floating degree of the banned device library under each device factor, the corresponding reference device factor can be screened from all the device factors.
  • the banned score of the login device can be calculated, which can accurately determine the possibility of whether the login device needs to be banned, and ensure the reliability of the login device for ban detection.
  • the blocking detection device for a login device provided in this embodiment is applicable to the blocking detection method for a login device provided in any of the above embodiments, and has corresponding functions and beneficial effects.
  • FIG. 5 is a schematic structural diagram of a server according to Embodiment 5 of the present application.
  • the server includes a processor 50, a storage device 51 and a communication device 52; the number of processors 50 in the server may be one or more One processor 50 is taken as an example in FIG. 5 ; the processor 50 , the storage device 51 and the communication device 52 in the server may be connected through a bus or other means, and the connection through a bus is taken as an example in FIG. 5 .
  • a server provided in this embodiment can be configured to execute the method for detecting a ban on logging in to a device provided by any of the above embodiments, and has corresponding functions and beneficial effects.
  • Embodiment 6 of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the method for detecting a log-in device ban in any of the foregoing embodiments can be implemented.
  • the method can include:
  • the blocked score of the logged-in device is determined based on the log-in parameter similarity between the logged-in device and each blocked device in the library of blocked devices under the reference device factor.
  • a storage medium containing computer-executable instructions provided by an embodiment of the present application can also execute the related procedures in the method for detecting a ban on logging in to a device provided by any embodiment of the present application. operate.
  • the present application can be implemented by means of software and general hardware, and certainly can also be implemented by hardware.
  • the embodiments of the present application may also be embodied in the form of software products, and the computer software products may be stored in a computer-readable storage medium, such as a floppy disk of a computer, a read-only memory (Read-Only Memory, ROM), Random access memory (Random Access Memory, RAM), flash memory (FLASH), hard disk or CD, etc.
  • the computer-readable storage medium may include instructions, and the instructions cause a computer device to execute the methods described in the various embodiments of the present application, and the computer device may be a personal computer, a server, or a network device.
  • the multiple units and modules included are divided according to functional logic, but there are various division methods; in addition, the names of the functional units are only for the convenience of distinguishing from each other.

Abstract

Disclosed in embodiments of the present application are a block detection method and apparatus for a login device, a server, and a storage medium. The method comprises: selecting a reference device factor from a plurality of device factors on the basis of a login floating degree of at least one blocked device in a blocked device library under each device factor; and determining a block score of a login device on the basis of the similarity between login parameters of the login device and each blocked device in the blocked device library under the reference device factor.

Description

登录设备的封禁检测方法、装置、服务器和存储介质Method, device, server and storage medium for blocking detection of login equipment
本公开要求在2020年08月26日提交中国专利局、申请号为202010872545.7的中国专利申请的优先权,以上申请的全部内容通过引用结合在本公开中。The present disclosure claims the priority of a Chinese patent application with application number 202010872545.7 filed with the China Patent Office on Aug. 26, 2020, the entire contents of which are incorporated into the present disclosure by reference.
技术领域technical field
本申请实施例涉及互联网技术领域,例如涉及一种登录设备的封禁检测方法、装置、服务器和存储介质。The embodiments of the present application relate to the field of Internet technologies, for example, to a method, apparatus, server, and storage medium for blocking and detecting a login device.
背景技术Background technique
随着互联网技术的快速发展,多种应用程序(Application,APP)平台或者网络社区内基本都会存在一些网络黑色产业链(即网络黑产)和恶意用户等,来传播一些违规信息;因此,为了限制网络黑产和恶意用户的违规行为,通常会预先设置相应的风控处罚逻辑,在网络黑产和恶意用户所使用的违规账号达到一定的封禁级别时,会同时封禁该违规账号和该违规账号所处的登录设备。此时,用户在某一设备上请求登录对应的账号时,该风控处罚逻辑主要采用该登录设备的标识信息来判断该登录设备是否为已封禁设备,但是网络黑产和恶意用户可以使用多类多开软件来更改本次登录设备的标识信息,以绕过已封禁设备的违规检测,继续执行对应的违规行为,无法保障正常用户的信息浏览安全。With the rapid development of Internet technology, there are basically some network black industry chains (ie network black products) and malicious users in various application (Application, APP) platforms or network communities to spread some illegal information; therefore, in order to To limit the illegal behaviors of network hackers and malicious users, the corresponding risk control and punishment logic is usually set in advance. When the illegal accounts used by network hackers and malicious users reach a certain ban level, the offending account and the illegal user will be banned at the same time. The login device where the account is located. At this time, when the user requests to log in to the corresponding account on a certain device, the risk control penalty logic mainly uses the identification information of the logged in device to determine whether the logged in device is a banned device, but network hackers and malicious users can use multiple Such multi-opening software is used to change the identification information of the device logged in this time, so as to bypass the violation detection of the banned device and continue to execute the corresponding violation behavior, which cannot guarantee the information browsing security of normal users.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种登录设备的封禁检测方法、装置、服务器和存储介质,在保证登录设备正常操作的基础上,提高登录设备面向封禁检测的准确性和封禁及时性。Embodiments of the present application provide a method, device, server, and storage medium for blocking detection of a login device, which improve the accuracy of the login device for blocking detection and the timeliness of blocking on the basis of ensuring the normal operation of the login device.
第一方面,本申请实施例提供了一种登录设备的封禁检测方法,该方法包括:In a first aspect, an embodiment of the present application provides a method for detecting a ban on logging in to a device, the method comprising:
基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子;Screening out a reference device factor from a plurality of device factors based on the login float of at least one banned device in the banned device library under each device factor, wherein the at least one banned device has a corresponding device factor;
基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分。The blocked score of the logged-in device is determined based on the log-in parameter similarity between the logged-in device and each blocked device in the library of blocked devices under the reference device factor.
第二方面,本申请实施例提供了一种登录设备的封禁检测装置,该装置包 括:In the second aspect, an embodiment of the present application provides a blocking detection device for logging in equipment, the device comprising:
参考因子筛选模块,设置为基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子;A reference factor screening module, configured to screen out a reference device factor from a plurality of device factors based on the login floating degree of at least one banned device in the banned device library under each device factor, wherein the at least one banned device There is a corresponding device factor;
封禁检测模块,设置为基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分。The blocking detection module is configured to determine the blocked score of the logged-in device based on the log-in parameter similarity between the logged-in device and each blocked device in the blocked-device library under the reference device factor.
第三方面,本申请实施例提供了一种服务器,该服务器包括:In a third aspect, an embodiment of the present application provides a server, where the server includes:
一个或多个处理器;one or more processors;
存储装置,设置为存储一个或多个程序;storage means arranged to store one or more programs;
所述一个或多个处理器,设置为执行所述一个或多个程序以实现本申请任意实施例所述的登录设备的封禁检测方法。The one or more processors are configured to execute the one or more programs to implement the method for detecting a ban on logging in to a device described in any embodiment of the present application.
第四方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现本申请任意实施例所述的登录设备的封禁检测方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the login described in any embodiment of the present application is implemented The device's ban detection method.
附图说明Description of drawings
图1A为本申请实施例一提供的一种登录设备的封禁检测方法的流程图;FIG. 1A is a flowchart of a method for detecting a ban on logging in to a device according to Embodiment 1 of the present application;
图1B为本申请实施例一提供的登录设备的封禁检测过程的流程示意图;FIG. 1B is a schematic flowchart of a blocking detection process for logging in to a device according to Embodiment 1 of the present application;
图2A为本申请实施例二提供的一种登录设备的封禁检测方法的流程图;FIG. 2A is a flowchart of a method for detecting a ban on logging in to a device according to Embodiment 2 of the present application;
图2B为本申请实施例二提供的登录设备的封禁检测过程的流程示意图;2B is a schematic flowchart of a blocking detection process for logging in to a device according to Embodiment 2 of the present application;
图3A为本申请实施例三提供的一种登录设备的封禁检测方法的流程图;3A is a flowchart of a method for detecting a ban on logging in to a device according to Embodiment 3 of the present application;
图3B为本申请实施例三提供的判断是否封禁时参考的预设封禁阈值的动态更新过程的流程示意图;3B is a schematic flowchart of a dynamic update process of a preset ban threshold value that is referenced when judging whether to ban or not, according to Embodiment 3 of the present application;
图4为本申请实施例四提供的一种登录设备的封禁检测装置的结构示意图;FIG. 4 is a schematic structural diagram of a blocking detection device for logging in equipment according to Embodiment 4 of the present application;
图5为本申请实施例五提供的一种服务器的结构示意图。FIG. 5 is a schematic structural diagram of a server according to Embodiment 5 of the present application.
具体实施方式detailed description
相关技术中,通常采用如下两种方式来应对网络黑产和恶意用户的违规行为:In related technologies, the following two methods are usually used to deal with the violations of network black products and malicious users:
(1)通过分析登录设备的上报信息判断是否使用多开软件,禁止用户在使用多开软件的登录设备上进行登录。但是,在很多使用APP的网络场景下,APP可能本身支持正常用户使用多开软件对登录设备的标识信息进行更改,此时若 禁止每一个使用多开软件的登录设备上的用户登录行为,将会直接影响到正常用户的常规操作,造成大量用户流失。(1) Determine whether to use the multi-open software by analyzing the reported information of the login device, and prohibit the user from logging in on the login device using the multi-open software. However, in many network scenarios where APP is used, the APP itself may support normal users to use the multi-open software to change the identification information of the login device. It will directly affect the normal operations of normal users, resulting in the loss of a large number of users.
(2)可采用聚类算法对大量登录设备进行分类,将存在于已封禁设备的类别下的每一登录设备进行封禁,但此时聚类算法仅能初步圈定封禁设备的范围,无法保证封禁设备的准确性。而且,由于聚类算法初步圈定的封禁设备范围存在一定滞后性,无法保证对存在违规行为的登录设备进行及时封禁。(2) Clustering algorithm can be used to classify a large number of logged-in devices, and each logged-in device that exists under the category of banned devices can be banned, but at this time, the clustering algorithm can only initially delineate the scope of banned devices, and cannot guarantee banning equipment accuracy. Moreover, because the range of banned devices initially delineated by the clustering algorithm has a certain lag, it is impossible to guarantee timely banning of log-in devices that violate the rules.
鉴于相关技术中的两类方式存在一定缺陷,本申请实施例给出了一种登录设备的封禁检测方法、装置、服务器和存储介质。Considering that the two types of methods in the related art have certain defects, the embodiments of the present application provide a method, device, server, and storage medium for blocking and detecting a login device.
下面结合附图和实施例对本申请进行说明。此外,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The present application will be described below with reference to the accompanying drawings and embodiments. Furthermore, the embodiments in this application and features in the embodiments may be combined with each other without conflict.
实施例一Example 1
图1A为本申请实施例一提供的一种登录设备的封禁检测方法的流程图,本实施例可在任一种登录场景下检测本次欲登录或注册的登录设备是否需要被封禁。本实施例提供的登录设备的封禁检测方法可以由本申请实施例提供的登录设备的封禁检测装置来执行,该装置可以通过软件和/或硬件的方式来实现,并集成在执行本方法的服务器中,该服务器可以是配置有用户账号注册和登录需求的多类应用程序的后台服务器。FIG. 1A is a flowchart of a method for detecting banning of a login device according to Embodiment 1 of the present application. This embodiment can detect whether the login device to be logged in or registered this time needs to be banned in any login scenario. The blocking detection method for logging in equipment provided in this embodiment may be executed by the blocking detection apparatus for logging in equipment provided in this embodiment of the present application, which may be implemented in software and/or hardware, and integrated in a server that executes this method , and the server can be a background server of multiple types of applications configured with user account registration and login requirements.
服务器可与登录设备连接,也可通过中间设备与登录设备连接。服务器可与登录设备无线连接,也可与登录设备电连接。The server can be connected to the login device, or it can be connected to the login device through an intermediate device. The server can be wirelessly connected with the logging device, or can be electrically connected with the logging device.
此外,服务器也可不与登录设备连接,仅获取与登录设备相关的信息,例如,登录浮动度等。In addition, the server may not be connected to the login device, and only obtain information related to the login device, such as the login float.
参考图1A,该方法可以包括如下步骤:Referring to Figure 1A, the method may include the following steps:
S110,基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子。S110, based on the login floating degree of at least one banned device in the banned device library under each device factor, screen out a reference device factor from a plurality of device factors, wherein the at least one banned device has a corresponding device factor .
例如,为了限制网络黑产和恶意用户的违规行为,避免在互联网领域内发布的多类违规内容的传播,用户在某一设备上注册或者登录某一应用程序的相应账号时,可先判断当前注册或登录行为所采用的该设备是否属于已经被检测出来的已封禁设备,此时通常会将使用多开软件以对当前登录设备的标识信息进行更改的任一登录设备作为封禁设备,来禁止用户在该登录设备上执行任何账号相关操作,但是多开软件除了被网络黑产和恶意用户使用,来更改设备标 识信息以绕过封禁检测之外,多开软件还会支持正常用户的使用,此时对所有使用多开软件的登录设备进行封禁的方式直接影响到正常用户的常规操作,无法保证登录设备的封禁准确性;或者,通过分析当前登录设备聚类后所属的类别是否为封禁设备类别,来判断当前登录设备是否为封禁设备,但是聚类算法属于粗粒度的分类,无法确保登录设备的封禁准确性,而且采用聚类算法后的封禁设备分类存在一定的滞后性,无法保证登录设备封禁检测的及时性。因此,为了避免上述状况,本实施例提供了一种新的封禁检测方式,在用户使用某个设备注册或登录相应账号时,不用限制用户在登录设备上使用多开软件时的操作;在保证用户在登录设备上执行多类正常操作的同时,还能够准确及时地检测出需要封禁的登录设备,限制用户在该需要封禁的登录设备上执行任何账号相关操作。For example, in order to limit the illegal behavior of online black products and malicious users, and avoid the spread of various types of illegal content published in the Internet field, when users register on a device or log in to the corresponding account of an application, they can first determine the current Whether the device used for registration or login behavior is a banned device that has been detected. At this time, any login device that uses multi-open software to change the identification information of the currently logged in device is usually used as a banned device to ban The user performs any account-related operations on the login device, but the multi-open software is not only used by network hackers and malicious users to change the device identification information to bypass the ban detection, the multi-open software will also support the use of normal users. At this time, the method of banning all login devices that use the multi-open software directly affects the normal operation of normal users, and the accuracy of the ban of the login devices cannot be guaranteed; or, by analyzing whether the category of the current login device clustering belongs to the banned device However, the clustering algorithm is a coarse-grained classification, which cannot ensure the accuracy of the banning of logged-in devices, and there is a certain lag in the classification of banned devices after using the clustering algorithm, so it is impossible to guarantee login. Timeliness of device ban detection. Therefore, in order to avoid the above situation, this embodiment provides a new ban detection method. When the user uses a certain device to register or log in to the corresponding account, there is no need to restrict the user's operation when using the multi-open software on the login device; While performing various types of normal operations on the login device, the user can also accurately and timely detect the login device that needs to be banned, and restrict the user from performing any account-related operations on the login device that needs to be banned.
此时,由于网络黑产和恶意用户通常会使用多开软件更改登录设备的标识信息来绕过已经检测出多个封禁设备的违规检测环节,在某一设备的多类应用程序上登录相应的用户账号时,该用户账号会处于所述某一设备的设备环境里。也就是说,不同登录设备上的用户账号在注册或登录时,该登录设备的设备环境中均会存在对应的设备自适应标识、互联网协议(Internet Protocol,IP)地址、介质访问控制(Media Access Control,MAC)地址、无线网络、客户端版本、操作***、设备型号和屏幕分辨率等多类设备因子。可以理解的是,网络黑产和恶意用户在对某一登录设备上的不同设备因子下的登录参数进行更改时,由于不同设备因子的开发设计难度不同而导致不同设备因子下登录参数的篡改成本也不同,那么不同设备因子被篡改的难度也不同,也就是说某一设备的全部设备因子中总是会存在登录参数不容易被篡改的设备因子,因此本实施例可以将登录参数不容易被篡改的设备因子作为对登录设备进行封禁检测的参***因子,此时登录设备在参***因子下所采用的登录参数不容易被恶意篡改,也就更能够代表真实的设备信息。通过分别比对登录设备和每个已经检测出的封禁设备在每一参***因子下的登录参数之间的相似度,可以准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性。At this time, because network hackers and malicious users usually use multi-open software to change the identification information of the login device to bypass the violation detection link that has detected multiple banned devices, log in to the corresponding application on a certain device. When a user account is used, the user account will be in the device environment of a certain device. That is to say, when a user account on a different login device is registered or logged in, there will be corresponding device adaptive identification, Internet Protocol (IP) address, media access control (Media Access Control) in the device environment of the login device. Control, MAC) address, wireless network, client version, operating system, device model and screen resolution and other types of device factors. It is understandable that when network hackers and malicious users change the login parameters under different device factors on a login device, the tampering costs of login parameters under different device factors are caused due to the different development and design difficulties of different device factors. It is also different, so the difficulty of tampering with different device factors is also different, that is to say, there will always be device factors whose login parameters are not easily tampered with in all device factors of a certain device. The tampered device factor is used as the reference device factor for the blocking detection of the login device. At this time, the login parameters used by the login device under the reference device factor are not easily tampered with maliciously, and can better represent the real device information. By comparing the similarity between the login device and the login parameters of each detected banned device under each reference device factor, the possibility of whether the login device needs to be banned can be accurately determined to ensure that the login device faces the ban. Detection reliability.
在一实施例中,已封禁设备库中包括,至少一个已封禁设备。In one embodiment, the banned device library includes at least one banned device.
在一实施例中,设备因子包括,设备自适应标识、IP地址、MAC地址、无线网络、客户端版本、操作***、设备型号和屏幕分辨率等。In one embodiment, the device factors include device adaptive identification, IP address, MAC address, wireless network, client version, operating system, device model, screen resolution, and the like.
在一实施例中,参***因子可为多个设备因子中的至少一类,参***因子可为登录参数不易被篡改的设备因子。登录参数为在发生登录或注册行为 时不同类型的设备因子对应的行为数据。In one embodiment, the reference device factor may be at least one type of multiple device factors, and the reference device factor may be a device factor whose login parameters are not easily tampered with. Login parameters are behavior data corresponding to different types of device factors when login or registration behavior occurs.
如果登录设备在某一设备因子下历史登录多种用户账号时所采用的登录参数发生不断变化,说明该设备因子下登录参数的被篡改难度较低,即该设备因子下的登录参数容易被篡改,因而不能作为登录设备封禁检测的参***因子。If the login parameters used by the login device to log in to multiple user accounts under a certain device factor keep changing, it means that the login parameters under the device factor are less difficult to tamper with, that is, the login parameters under the device factor are easy to be tampered with. , so it cannot be used as a reference device factor for logging in device ban detection.
在本实施例中,可以通过分析已经检测出的多个已封禁设备在每一设备因子下所采用的登录参数的浮动情况,来判断该设备因子的被篡改难度,此时本实施例中采用登录浮动度来表征在多个设备上注册或登录用户账号时在每一设备因子下所采用的历史登录参数的浮动情况。同时,由于在登录设备上注册或登录用户账号时,可对该登录设备进行封禁检测,因此可从全部设备因子中筛选出对封禁检测的参考价值较大的参***因子,以提高登录设备进行封禁检测的准确性;此时在已经封禁检测完成的已封禁设备库中,可查找出每一已封禁设备在执行任意账号相关操作而被检测出需要被封禁时在每一设备因子下所采用的历史登录参数,通过分析每个已封禁设备在每一设备因子下所采用的历史登录参数的变化情况,来分别计算已封禁设备库在每一设备因子下的登录浮动度;此时如果已封禁设备库在某一设备因子下的登录浮动度越高,说明该设备因子下的登录参数越容易被恶意篡改,即该设备因子对于登录设备进行封禁检测的参考价值较低,而如果已封禁设备库在某一设备因子下的登录浮动度越低,说明该设备因子下的登录参数越不容易被恶意篡改,即该设备因子对于登录设备进行封禁检测的参考价值较高。因此通过已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出登录浮动度较低的部分设备因子,作为本实施例中的参***因子,此时登录设备在多个参***因子下所采用的登录参数不容易被恶意篡改,后续通过分析登录设备与已封禁设备库中每一已封禁设备在多个参***因子下所采用的登录参数之间的相似度,可以准确判断该登录设备是否为已封禁设备库中的某个已封禁设备,可准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性。In this embodiment, the difficulty of tampering with the device factor can be determined by analyzing the fluctuations of the login parameters used by multiple banned devices that have been detected under each device factor. The login fluctuation degree is used to represent the fluctuation of the historical login parameters used under each device factor when registering or logging in a user account on multiple devices. At the same time, when registering or logging in a user account on a login device, the login device can be blocked and detected. Therefore, the reference device factors with greater reference value for blocking detection can be selected from all device factors to improve the performance of the login device. The accuracy of the ban detection; at this time, in the banned device library that has completed the ban detection, it can be found that each banned device performs any account-related operation and is detected to be banned under each device factor. , and by analyzing the changes of the historical login parameters used by each banned device under each device factor, the login fluctuation degree of the banned device library under each device factor is calculated separately; The higher the login floating degree of the banned device library under a certain device factor, the easier the login parameters under the device factor are to be maliciously tampered with, that is, the reference value of the device factor for the banning detection of the login device is low. The lower the login floating degree of the device library under a certain device factor, the less easily the login parameters under the device factor are maliciously tampered with, that is, the device factor has a higher reference value for the blocking detection of the login device. Therefore, according to the login fluctuation degree of the banned device library under each device factor, some device factors with a lower login fluctuation degree can be selected from all the device factors, as the reference device factor in this embodiment. At this time, the login device is in The login parameters used under multiple reference device factors are not easily tampered with maliciously. Subsequently, the similarity between the login parameters used by the login device and each banned device in the banned device library under multiple reference device factors is analyzed. , it can accurately determine whether the login device is a banned device in the banned device library, and can accurately determine whether the login device needs to be banned, so as to ensure the reliability of the login device for ban detection.
S120,基于登录设备和已封禁设备库中每一已封禁设备在参***因子下的登录参数相似度,确定登录设备的被封禁评分。S120, based on the log-in device and the log-in parameter similarity of each banned device in the banned device library under the reference device factor, determine the banned score of the logged-in device.
登录设备是指,当前时刻欲登录的设备。The login device refers to the device to be logged in at the current moment.
登录参数相似度是指,登录设备在参***因子下的登录参数,与,已封禁设备库中每一已封禁设备在参***因子下的登录参数之间的相似度。The login parameter similarity refers to the similarity between the login parameters of the login device under the reference device factor and the login parameters of each banned device in the banned device library under the reference device factor.
在一实施例中,在登录设备上注册或登录用户账号,并从多个设备因子中筛选出对应的参***因子之后,为了确保登录设备面向封禁检测的可靠性, 本实施例可查找出该登录设备在执行任意账号相关操作时在每一参***因子下所采用的登录参数,同时查找出已封禁设备库中的每一已封禁设备被封禁时在每一参***因子下所采用的登录参数,分别分析该登录设备与每一已封禁设备在每个参***因子下所采用的登录参数之间的相似度,来判断该登录设备是否为已封禁设备库中的某一已封禁设备,如果该登录设备与某一已封禁设备在多个参***因子下所采用的登录参数之间的相似度较高,说明该登录设备与该已封禁设备极有可能为同一设备,此时按照该登录设备与某一已封禁设备为同一设备的可能性,可以计算出该登录设备的被封禁评分。可见,本实施例无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,后续采用该被封禁评分可以准确判断该登录设备当前是否需要被封禁,以禁止用户在该登录设备执行任何的账号相关操作。In one embodiment, after registering or logging in a user account on the login device, and screening out the corresponding reference device factor from multiple device factors, in order to ensure the reliability of the login device for ban detection, this embodiment can find out the corresponding reference device factor. The login parameters used by the login device under each reference device factor when performing any account-related operation, and the login parameters used under each reference device factor when each banned device in the banned device library is banned parameters, respectively analyze the similarity between the login device and the login parameters used by each banned device under each reference device factor to determine whether the login device is a banned device in the banned device library, If the similarity between the login parameters used by the login device and a banned device under multiple reference device factors is high, it means that the login device and the banned device are very likely to be the same device. The possibility that the logged-in device is the same as a blocked device can be used to calculate the blocked score of the logged-in device. It can be seen that in this embodiment, it is not necessary to block each login device using multi-open software, or to block the login devices by clustering. On the basis of ensuring that the login devices perform any normal operations, the lag of the detection of the ban is avoided. Subsequent use of this The banned score can accurately determine whether the login device currently needs to be banned, so as to prohibit the user from performing any account-related operations on the login device.
被封禁评分的数值大小用于确定是否执行登录设备的封禁行为。The numerical size of the banned score is used to determine whether to perform the banning behavior of logging in to the device.
图1B所示,已封禁设备m表示第m个已封禁设备,m为正整数,登录浮动度n表示第n个登录浮动度,n为正整数,参***因子k表示第k个参***因子,k为正整数。As shown in FIG. 1B , the banned device m represents the mth banned device, m is a positive integer, the login float n represents the nth login float, n is a positive integer, and the reference device factor k represents the kth reference device factor , k is a positive integer.
本实施例,由于已封禁设备库中的已封禁设备在每一设备因子下的登录浮动越大,说明该设备因子被篡改的可能性越大,即该设备因子对登录设备进行封禁检测的参考价值越低,因此基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部的设备因子中筛选出参***因子。通过分析登录设备和该已封禁设备库中每一已封禁设备在多个参***因子下的登录参数相似度,来计算该登录设备的被封禁评分,可准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性。本实施例无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,可在保证登录设备执行任何正常操作的基础上,避免了封禁检测的滞后性,提高了登录设备面向封禁检测的准确性和封禁及时性。In this embodiment, because the greater the login float of the banned device in the banned device library under each device factor, the greater the possibility that the device factor has been tampered with, that is, the reference for the device factor to perform banning detection on the login device. The lower the value, the reference device factor can be selected from all the device factors based on the registration fluctuation of the banned device library under each device factor. By analyzing the similarity of the login parameters between the login device and each banned device in the banned device library under multiple reference device factors, the banned score of the login device can be calculated, and it can be accurately judged whether the login device needs to be banned. Possibility to ensure the reliability of the login device for blocking detection. In this embodiment, there is no need to block each login device using multi-open software, or to block the login devices by clustering, and on the basis of ensuring that the login devices perform any normal operation, the lag of the detection of the ban is avoided, and the login device is improved. The device is geared towards the accuracy of ban detection and the timeliness of bans.
实施例二Embodiment 2
图2A为本申请实施例二提供的一种登录设备的封禁检测方法的流程图,图2B为本申请实施例二提供的登录设备的封禁检测过程的流程示意图。本实施例基于上述实施例。如图2A所示,本实施例中对于参***因子的筛选过程以及登录设备的被封禁评分的计算过程,给出一类实现方式。FIG. 2A is a flowchart of a method for detecting banning of a login device according to Embodiment 2 of the present application, and FIG. 2B is a schematic flowchart of a process of detecting banning of a login device according to Embodiment 2 of the present application. This embodiment is based on the above-described embodiment. As shown in FIG. 2A , in this embodiment, a type of implementation is given for the screening process of the reference device factor and the calculation process of the banned score of the login device.
如图2A所示,本实施例中可以包括如下步骤:As shown in FIG. 2A, this embodiment may include the following steps:
S210,针对每一设备因子,基于已封禁设备库在每个设备因子下至少一个历史登录参数的重复频次,确定已封禁设备库在每个设备因子下的登录浮动度。S210 , for each device factor, based on the repetition frequency of at least one historical login parameter of the banned device library under each device factor, determine the login floating degree of the banned device library under each device factor.
在一实施例中,由于已封禁设备库中的每个已封禁设备被封禁时在每一设备因子下所采用的历史登录参数可能会不同,而登录浮动度可以表征已封禁设备库中每个已封禁设备在每一设备因子下所采用的历史登录参数的变化情况,因此本实施例在检测到登录设备需要执行任意账号相关操作(如注册或登录用户账号)时,可查找出每一已封禁设备被封禁时在在每一设备因子下所采用的历史登录参数,针对每一设备因子,分别计算出每个已封禁设备被封禁时在该设备因子下所采用的每一历史登录参数在已封禁设备库中不断出现的频次,作为本实施例中已封禁设备库在该设备因子下每个历史登录参数的重复频次。此时如果某一设备因子下至少一个历史登录参数的重复频次均比较高,则说明已封禁设备库在该设备因子下所使用的历史登录参数比较稳定,使得已封禁设备库在该设备因子下的浮动较低。因此本实施例可以通过对已封禁设备库中的已封禁设备在每一设备因子下所采用的多个历史登录参数的重复频次进行综合分析,计算出已封禁设备库在每一设备因子下的登录浮动度。In one embodiment, since the historical login parameters used under each device factor may be different when each banned device in the banned device library is banned, the login fluctuation degree can represent each blocked device in the banned device library. Changes in the historical login parameters used by the banned device under each device factor, so when this embodiment detects that the login device needs to perform any account-related operation (such as registering or logging in to a user account), it can find out each The historical login parameters used under each device factor when the banned device was banned. For each device factor, the historical login parameters used under the device factor when each banned device was banned are calculated separately. The frequency of continuously appearing in the banned device library is the repetition frequency of each historical login parameter under the device factor in the banned device library in this embodiment. At this time, if the repetition frequency of at least one historical login parameter under a certain device factor is relatively high, it means that the historical login parameters used by the banned device library under this device factor are relatively stable, so that the banned device library is under the device factor. float is lower. Therefore, this embodiment can comprehensively analyze the repetition frequency of multiple historical login parameters used by the banned devices in the banned device library under each device factor, and calculate the value of the banned device library under each device factor. Login float.
示例性的,由于信息熵能够准确度量一个***中信息的有序化程度,***中的信息越是有序,信息熵越低,而***中的信息越是混乱,信息熵越高,因此如图2B所示,本实施例可以通过信息熵来表示已封禁设备在每个设备因子下的登录浮动度,此时针对每一设备因子,基于已封禁设备库在该设备因子下多个历史登录参数的重复频次,计算已封禁设备库在该设备因子下的登录浮动度,例如,可对已封禁设备库在每一设备因子下多个历史登录参数的重复频次进行熵运算,得到已封禁设备库在每个设备因子下的登录浮动度。Exemplarily, since the information entropy can accurately measure the ordering degree of information in a system, the more orderly the information in the system is, the lower the information entropy is, and the more chaotic the information in the system is, the higher the information entropy is. As shown in FIG. 2B , in this embodiment, information entropy can be used to represent the login floating degree of a banned device under each device factor. At this time, for each device factor, multiple historical logins under the device factor are based on the banned device library. The repetition frequency of the parameter, to calculate the login floating degree of the banned device library under the device factor. For example, entropy operation can be performed on the repetition frequency of multiple historical login parameters of the banned device library under each device factor to obtain the banned device. The degree of login float of the library under each device factor.
图2B所示,设备因子n表示第n个设备因子,封禁参考置信度n表示第n个封禁参考置信度,n为正整数。As shown in FIG. 2B , the device factor n represents the nth device factor, the blocking reference confidence level n represents the nth blocking reference confidence level, and n is a positive integer.
例如,在查找出已封禁设备库在每一设备因子下所采用的历史登录参数,并确定出已封禁设备库在每一设备因子下至少一个历史登录参数的重复频次之后,可以对已封禁设备库在每一设备因子下所采用的至少一个历史登录参数的重复频次进行熵运算,该熵运算公式为:For example, after finding out the historical login parameters used by the banned device library under each device factor, and determining the repetition frequency of at least one historical login parameter under each device factor in the banned device library, you can The entropy calculation is performed on the repetition frequency of at least one historical registration parameter adopted by the library under each device factor, and the entropy calculation formula is:
Figure PCTCN2021109010-appb-000001
Figure PCTCN2021109010-appb-000001
其中,x i为已封禁设备库中的已封禁设备在每一设备因子下所采用的第i个历史登录参数,p(x i)为已封禁设备库中的已封禁设备在每一设备因子下的第 i个历史登录参数的重复频次下对应的频率,n为正整数。 Among them, x i is the i-th historical login parameter used by the banned devices in the banned device library under each device factor, p(x i ) is the banned device in the banned device library under each device factor The frequency corresponding to the repetition frequency of the i-th historical login parameter below, and n is a positive integer.
将已封禁设备库中的已封禁设备在每一设备因子下所采用的至少一个历史登录参数的重复频次进行熵运算的运算结果H,作为已封禁设备库在该设备因子下的登录浮动度;按照上述熵运算过程,可以得到已封禁设备库在每一设备因子下的登录浮动度。Taking the operation result H of entropy operation on the repetition frequency of at least one historical login parameter adopted by the banned device in the banned device library under each device factor, as the login float of the banned device library under the device factor; According to the above entropy calculation process, the login float of the banned device library under each device factor can be obtained.
S220,基于已封禁设备库在每一设备因子下的登录浮动度,确定每个设备因子的封禁参考置信度,并筛选出封禁参考置信度符合指定封禁检测规格的设备因子,作为参***因子。S220 , based on the registration floating degree of the banned device library under each device factor, determine the ban reference confidence level of each device factor, and filter out the device factor whose ban reference confidence meets the specified ban detection specification as the reference device factor.
在计算出已封禁设备库在每一设备因子下的登录浮动度之后,由于登录浮动度与设备因子对于封禁检测的参考价值成反比,因此本实施例可以基于已封禁设备库在每一设备因子下的登录浮动度对于封禁检测的参考价值的反向影响程度,来确定每个设备因子的封禁参考置信度,该封禁参考置信度能够准确表征某一设备因子作为参***因子来对登录设备进行封禁检测的可信程度。此时为了准确筛选相应数量的参***因子,本实施例会预先设置对应的指定封禁检测规格,该指定封禁检测规格可以为参***因子的数量,按照每个设备因子的封禁参考置信度,来筛选出符合该指定封禁检测规格的多个设备因子,作为本实施例中的参***因子,例如可以采用TopK算法从全部设备因子中筛选出封禁参考置信度为前K项的设备因子,作为参***因子,其中,K表示正整数。After calculating the login fluctuation degree of the banned device library under each device factor, since the login fluctuation degree is inversely proportional to the reference value of the device factor for ban detection, this embodiment can be based on the banned device library in each device factor. The degree of negative impact of the login floating degree below on the reference value of the ban detection is used to determine the ban reference confidence level of each device factor. The reliability of the ban detection. At this time, in order to accurately screen a corresponding number of reference device factors, this embodiment will preset a corresponding specified ban detection specification. The specified ban detection specification can be the number of reference device factors, and is selected according to the ban reference confidence of each device factor. Multiple device factors that meet the specified ban detection specification are obtained as the reference device factors in this embodiment. For example, the TopK algorithm can be used to screen out the device factors whose ban reference confidence is the top K items from all the device factors, as the reference device. factor, where K represents a positive integer.
例如,封禁参考置信度符合指定封禁检测规格的设备因子,即是指,封禁参考置信度符合前K项对应的封禁参考置信度范围的设备因子。For example, the device factor whose ban reference confidence meets the specified ban detection specification refers to the device factor whose ban reference confidence meets the ban reference confidence range corresponding to the first K items.
此外,本实施例中也可以将较低登录浮动度下符合该指定封禁检测规格的多个设备因子,作为本实施例中的参***因子,无需计算多个设备因子的封禁参考置信度,省去了参***因子的筛选步骤。In addition, in this embodiment, multiple device factors that meet the specified ban detection specification under a lower login floating degree can also be used as the reference device factors in this embodiment, and there is no need to calculate the ban reference confidence levels of multiple device factors, which saves money. Go to the screening steps for the reference device factor.
此外,就封禁检测规格而言,登录浮动度与封禁参考置信度为负相关关系,登录浮动度最低的前k个设备因子即为符合封禁检测规格的设备因子,作为所选的参***因子。In addition, as far as the ban detection specification is concerned, the login fluctuation degree and the ban reference confidence level are negatively correlated, and the top k device factors with the lowest login fluctuation degree are the device factors that meet the ban detection specification, as the selected reference device factor.
S230,针对已封禁设备库中的每一已封禁设备,基于登录设备和每个已封禁设备分别在参***因子下的登录参数,分别计算登录设备和每个已封禁设备之间的封禁相似度。S230, for each banned device in the banned device library, calculate the banned similarity between the logged in device and each banned device, respectively, based on the login parameters of the logged in device and each banned device under the reference device factor. .
在筛选出对应的参***因子之后,可以针对已封禁设备库中的每一已封禁设备,分别查找出当前欲登录或注册的登录设备执行任意的账号相关操作时 在每一参***因子下所采用的登录参数,以及已封禁设备被封禁时在每一参***因子下所采用的登录参数;分别确定出每一参***因子下所采用的登录参数组成的该登录设备和至少一个已封禁设备的设备特征,采用相应的相似度算法分别分析该登录设备和该至少一个已封禁设备在每一参***因子下所采用的登录参数之间的相似度,并对每一参***因子下的登录参数相似度进行综合分析,分别计算出登录设备和多个已封禁设备之间的封禁相似度;此时通过执行上述步骤,可以分别计算出登录设备和每一已封禁设备之间的封禁相似度。After filtering out the corresponding reference device factors, for each banned device in the banned device library, you can separately find out the current login device to be logged in or registered under each reference device factor when performing any account-related operation. The login parameters used, and the login parameters used under each reference device factor when the banned device is banned; respectively determine the login device and at least one banned device composed of the login parameters used under each reference device factor. the device characteristics of the device, use the corresponding similarity algorithm to analyze the similarity between the login device and the login parameters used by the at least one banned device under each reference device factor, and analyze the login parameters under each reference device factor. Parameter similarity is comprehensively analyzed, and the banned similarity between the logged-in device and multiple banned devices is calculated respectively; at this time, by performing the above steps, the banned similarity between the logged-in device and each banned device can be calculated separately. .
所采用的相似度算法存在多种,本实施例中登录设备和每一已封禁设备之间的封禁相似度可以采用杰卡德距离与相似度之间的反向影响来计算,通过杰卡德距离计算登录设备与已封禁设备的设备距离(也就是登录设备与已封禁设备之间的相异度),该设备距离与封禁相似度之间存在反向影响的关系。此时采用杰卡德距离所计算出的登录设备和某一已封禁设备之间的设备距离越大,那么登录设备和该已封禁设备之间的封禁相似度越小。例如,如果参***因子为(serial,iid,uuid,eid,mac,aid),而登录设备在每一参***因子下所采用的登录参数为A=(efd313432,a3bedbd,4cc33ea,78c5b4a,01:01:01:01:01:01,e683acb),某一已封禁设备在每一参***因子下所采用的登录参数为B=(ABCDFG,a3bedbd,4cc33ea,78c5b4a,02:02:02:02:02:02,c4aabcd5673),那么登录设备和该已封禁设备之间的封禁相似度可以为There are many similarity algorithms used. In this embodiment, the banned similarity between the login device and each banned device can be calculated by using the reverse influence between the Jaccard distance and the similarity. Distance Calculates the device distance between the login device and the banned device (that is, the dissimilarity between the login device and the banned device). There is an inverse relationship between the device distance and the banned similarity. At this time, the greater the device distance between the login device and a banned device calculated by using the Jaccard distance, the smaller the ban similarity between the login device and the banned device. For example, if the reference device factor is (serial, iid, uuid, eid, mac, aid), and the login parameter used by the login device under each reference device factor is A=(efd313432, a3bedbd, 4cc33ea, 78c5b4a, 01: 01:01:01:01:01, e683acb), the login parameter used by a banned device under each reference device factor is B=(ABCDFG, a3bedbd, 4cc33ea, 78c5b4a, 02:02:02:02: 02:02, c4aabcd5673), then the banned similarity between the login device and the banned device can be
Figure PCTCN2021109010-appb-000002
Figure PCTCN2021109010-appb-000002
此时|A∪B|为9,|A∩B|为3,因此登录设备和该已封禁设备之间的设备距离d f(A,B)为2/3,该设备距离所对应的封禁相似度可为1/3,j为正整数,。 At this time, |A∪B| is 9 and |A∩B| is 3, so the device distance d f (A, B) between the login device and the banned device is 2/3, and the distance corresponding to the banned device is 2/3. The similarity can be 1/3, and j is a positive integer.
S240,将登录设备和每一已封禁设备之间的封禁相似度中的最大相似度,作为登录设备的被封禁评分。S240, taking the maximum similarity among the banned similarities between the logged-in device and each banned device as the banned score of the logged-in device.
在一实施例中,如果登录设备和已封禁设备库中任意一个已封禁设备之间相似,那么说明该登录设备需要被封禁。例如,可判断登录设备和每一已封禁设备之间的封禁相似度中的最大相似度是否达到预设相似阈值,如果登录设备和每一已封禁设备之间的封禁相似度中的最大相似度也低于该预设相似阈值,说明该登录设备和每一已封禁设备均不相似。因此本实施例中可以将登录设备 和每一已封禁设备之间的封禁相似度中的最大相似度,作为登录设备的被封禁评分,此时如果最大相似度表示该登录设备与某一已封禁设备相似,那么则可以准确确定该登录设备需要被封禁,提高通过登录设备的被封禁评分来判定该登录设备是否需要被封禁的全面性。In one embodiment, if the logged-in device is similar to any banned device in the banned device library, it means that the logged-in device needs to be banned. For example, it can be determined whether the maximum similarity in the banned similarity between the logged-in device and each banned device reaches a preset similarity threshold, if the maximum similarity in the banned similarity between the logged-in device and each banned device is It is also lower than the preset similarity threshold, indicating that the login device is not similar to each banned device. Therefore, in this embodiment, the maximum similarity in the banned similarity between the logged-in device and each banned device can be used as the banned score of the logged-in device. At this time, if the maximum similarity indicates that the logged-in device is similar to a banned device If the devices are similar, then it can be accurately determined that the logged-in device needs to be banned, and the comprehensiveness of determining whether the logged-in device needs to be banned is improved by the banned score of the logged-in device.
本实施例,通过熵运算来计算已封禁设备库在每一设备因子下的登录浮动度,能够确保每一设备因子下的登录浮动度的准确性;基于已封禁设备库在每一设备因子下的登录浮动度,筛选出符合指定封禁检测规格的设备因子,作为参***因子,确保参***因子的可靠性;通过分析登录设备和该已封禁设备库中每一已封禁设备在多个参***因子下的登录参数相似度,来计算该登录设备的被封禁评分,可准确判断该登录设备是否需要被封禁。本实施例,可确保登录设备面向封禁检测的可靠性,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,提高了登录设备面向封禁检测的准确性和封禁及时性。In this embodiment, the entropy operation is used to calculate the login floating degree of the banned device library under each device factor, which can ensure the accuracy of the login floating degree under each device factor; The device factor that meets the specified ban detection specifications is screened out and used as a reference device factor to ensure the reliability of the reference device factor; by analyzing the login device and each banned device in the banned device library, multiple reference devices The similarity of the login parameters under the factor is used to calculate the banned score of the login device, which can accurately determine whether the login device needs to be banned. This embodiment can ensure the reliability of the login device for blocking detection, and it is not necessary to block each login device using multi-open software, or to block the login device by clustering. On the basis of ensuring that the login device performs any normal operation, It avoids the lag of ban detection, and improves the accuracy and timeliness of the login device for ban detection.
在一实施例中,例如,设备因子下的登录浮动度,与封禁参考置信度可为负相关关系。In one embodiment, for example, the degree of login fluctuation under the device factor may have a negative correlation with the reference confidence level of the ban.
封禁参考置信度的计算方式可为,R=1+Hmin–Hi。The calculation method of the ban reference confidence level can be, R=1+Hmin-Hi.
其中,R表示封禁参考置信度,Hi表示某设备因子下的登录浮动度,Hmin表示所有设备因子登录浮动度中最小登录浮动度。Among them, R represents the reference confidence level of the ban, Hi represents the login fluctuation degree under a certain device factor, and Hmin represents the minimum login fluctuation degree among all the device factor login fluctuation degrees.
实施例三Embodiment 3
图3A为本申请实施例三提供的一种登录设备的封禁检测方法的流程图,图3B为本申请实施例三提供的判断是否封禁时参考的预设封禁阈值的动态更新过程的流程示意图。本实施例是基于上述实施例。如图3A所示,本实施例针对,根据登录设备的被封禁评分判断是否封禁该登录设备时参考的预设封禁阈值以及由于已封禁设备库的变化而使每一设备因子下的登录浮动度发生变化时登录浮动度的动态更新过程,给出了一类实现方式。3A is a flowchart of a method for detecting a ban on a login device according to Embodiment 3 of the present application, and FIG. 3B is a schematic flowchart of a dynamic update process of a preset ban threshold value referenced when judging whether to ban or not, according to Embodiment 3 of the present application. This embodiment is based on the above-described embodiment. As shown in FIG. 3A , this embodiment is aimed at determining whether to block the login device according to the banned score of the login device. The preset ban threshold value and the login fluctuation degree of each device factor due to the change of the banned device library The dynamic update process of the login floating degree when there is a change provides a kind of realization method.
如图3A所示,本实施例中可以包括如下步骤:As shown in FIG. 3A, this embodiment may include the following steps:
S310,基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子。S310 , based on the registration floating degree of at least one banned device in the banned device library under each device factor, screen out a reference device factor from multiple device factors.
S320,基于登录设备和已封禁设备库中每一已封禁设备在参***因子下的登录参数相似度,计算登录设备的被封禁评分。S320, based on the log-in device and the log-in parameter similarity of each banned device in the banned device library under the reference device factor, calculate the banned score of the logged-in device.
S330,基于完成封禁检测的目标登录设备集合对应的封禁准确率和封禁召回率,确定预设封禁阈值。S330: Determine a preset ban threshold based on the ban accuracy rate and the ban recall rate corresponding to the target login device set that has completed the ban detection.
目标登录设备集合中包括至少一个登录设备。The target login device set includes at least one login device.
在一实施例中,为了确保登录设备面向封禁检测的准确性,本实施例可以通过分析采用本实施例中提供的封禁检测方式来确定表征多个登录设备是否需要被封禁的封禁准确性和封禁召回率,来动态更新对应的预设封禁阈值。在对每一登录设备进行封禁检测之后,无论封禁检测结果如何,均可以采用本实施例提供的封禁检测方式来判断是否需要将被封禁的每一登录设备的封禁结果添加到目标登录设备集合中。此时该目标登录设备集合中的多个登录设备均已经完成封禁检测,存在需要封禁的登录设备,也存在不需要封禁的登录设备,因此可以通过确定该目标登录设备集合中每一登录设备的封禁检测结果和真实封禁结果,在登录设备的封禁检测过程中,不断计算出对应的封禁准确率和封禁召回率,将该封禁准确率和该封禁召回率作为预设封禁阈值的评价指标,来动态更新对应的预设封禁阈值,此时该预设封禁阈值可以表示能够准确区分需要被封禁的登录设备时的评分节点。In one embodiment, in order to ensure the accuracy of the logging-in device-oriented ban detection, this embodiment can determine the banning accuracy and banning that characterize whether multiple log-in devices need to be banned by analyzing and adopting the banning detection method provided in this embodiment. Recall rate to dynamically update the corresponding preset ban threshold. After the ban detection is performed on each login device, regardless of the ban detection result, the ban detection method provided in this embodiment can be used to determine whether the ban result of each banned login device needs to be added to the target login device set . At this time, multiple login devices in the target login device set have completed the ban detection, there are login devices that need to be banned, and there are login devices that do not need to be banned. The ban detection result and the real ban result, during the ban detection process of logging in to the device, the corresponding ban accuracy rate and ban recall rate are continuously calculated, and the ban accuracy rate and the ban recall rate are used as the evaluation indicators of the preset ban threshold. The corresponding preset ban threshold is dynamically updated. In this case, the preset ban threshold may represent a scoring node that can accurately distinguish the login device that needs to be banned.
示例性的,该封禁准确率precision的计算公式可以为:Exemplarily, the calculation formula of the ban accuracy rate precision may be:
Figure PCTCN2021109010-appb-000003
Figure PCTCN2021109010-appb-000003
其中,TP为目标登录设备集合内将需要被封禁的登录设备预测为需要被封禁的设备数量,FP为目标登录设备集合内将不需要被封禁的登录设备预测为需要被封禁的设备数量。Among them, TP is the number of devices that need to be banned in the target login device set, and FP is the number of devices that need to be banned in the target login device set.
该封禁召回率recall的计算公式可以为:The formula for calculating the recall rate recall can be:
Figure PCTCN2021109010-appb-000004
Figure PCTCN2021109010-appb-000004
其中,FN为目标登录设备集合内将需要被封禁的登录设备预测为不需要被封禁的设备数量。Among them, FN is the number of devices that need to be banned in the target login device set and predicted as the number of devices that do not need to be banned.
此时,可以将封禁准确率达到相应准确性要求,且封禁召回率达到相应的召回要求下对应的登录设备的被封禁评分作为当前的预设封禁阈值。例如本实施例对于封禁准确率要求较高,而对于封禁召回率要求能够达到某一范围即可,因此可以将目标登录设备集合下封禁召回率达到某一召回范围的要求时的多个登录设备中,封禁准确率最高时的该登录设备的被封禁评分作为当前的预设封禁阈值,此时该预设封禁阈值能够在保证相对高的封禁召回的基础上,使封禁 检测的准确性达到最高。At this time, the ban accuracy rate meets the corresponding accuracy requirements, and the ban recall rate meets the ban score of the corresponding logged-in device under the corresponding recall requirements as the current preset ban threshold. For example, in this embodiment, the ban accuracy rate is relatively high, and the ban recall rate needs to be within a certain range. Therefore, the target login device set can be banned from multiple login devices when the recall rate reaches a certain recall range. Among them, the banned score of the logged-in device when the ban accuracy rate is the highest is used as the current preset ban threshold. At this time, the preset ban threshold can ensure a relatively high ban recall based on the highest accuracy of ban detection. .
S340,响应于登录设备的被封禁评分大于预设封禁阈值,对登录设备进行封禁。S340, in response to the blocked score of the logged-in device being greater than the preset ban threshold, block the logged-in device.
在一实施例中,在计算出登录设备的被封禁评分之后,可以通过比对该登录设备的被封禁评分与预设封禁阈值之间的大小,来判断该登录设备是否需要被封禁。如果登录设备的被封禁评分大于该预设封禁阈值,则说明该登录设备极有可能需要被封禁,因此可以对该登录设备进行封禁,以避免多个用户在该登录设备上执行任何的账号相关操作,降低违规内容的广泛传播,提高正常用户浏览信息的安全健康性。In one embodiment, after calculating the banned score of the login device, it can be determined whether the login device needs to be banned by comparing the value between the banned score of the login device and a preset ban threshold. If the banned score of the login device is greater than the preset ban threshold, it means that the login device is very likely to be banned, so the login device can be banned to prevent multiple users from executing any account-related activities on the login device. operation, reduce the widespread dissemination of illegal content, and improve the safety and health of normal users' browsing information.
S350,将完成封禁的登录设备添加至已封禁设备库中,并更新已封禁设备库在每一设备因子下的登录浮动度。S350 , adding the blocked login device to the blocked device library, and updating the login floating degree of the blocked device library under each device factor.
在一实施例中,在对登录设备进行封禁之后,可以直接将该登录设备作为已封禁设备,添加至已封禁设备库中,以便后续基于已封禁设备库在每一设备因子下的登录浮动度,来准确筛选出参***因子。由于不断对登录设备进行封禁检测之后,会使已封禁设备库发生动态变化,那么已封禁设备库在每一设备因子下的登录浮动度也会随着发生动态变化,因此本实施例在将完成封禁的登录设备添加至已封禁设备库中,可采用与上述实施例中提供的对已封禁设备库在每一设备因子下的登录浮动度进行计算时的相同方式,来重新计算已封禁设备库在每一设备因子下的登录浮动度,以对每一设备因子下的登录浮动度进行动态更新,提高参***因子的筛选准确性。In one embodiment, after a login device is banned, the login device can be directly added to the banned device library as a banned device, so that the subsequent login fluctuations of the banned device library under each device factor can be used. , to accurately filter out the reference device factor. Since the banned device library will change dynamically after the continuous ban detection of the login device, the login floating degree of the banned device library under each device factor will also change dynamically. Therefore, this embodiment will complete the When a banned login device is added to the banned device library, the same method as provided in the above-mentioned embodiment for calculating the login floating degree of the banned device library under each device factor can be used to recalculate the banned device library. The registration floating degree under each equipment factor is updated dynamically to improve the screening accuracy of the reference equipment factor.
本实施例,基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出参***因子,通过分析登录设备和该已封禁设备库中每一已封禁设备在每个参***因子下的登录参数相似度,来计算该登录设备的被封禁评分,准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性。本实施例,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,提高了登录设备面向封禁检测的准确性和封禁及时性;同时,还可参考完成封禁检测的目标登录设备集合下的封禁准确率和封禁召回率,动态更新对应的预设封禁阈值,可确保登录设备面向封禁检测的准确性;同时,将完成封禁的登录设备不断添加至已封禁设备库中,并动态更新已封禁设备库在每一设备因子下的登录浮动度,可提高参***因子的筛选准确性。In this embodiment, based on the login floating degree of the banned device library under each device factor, the reference device factor can be selected from all the device factors. By analyzing the login device and each banned device in the banned device library The similarity of the login parameters under the reference device factor is used to calculate the banned score of the login device, accurately determine whether the login device needs to be banned, and ensure the reliability of the login device for ban detection. In this embodiment, it is not necessary to block each login device using multi-open software, or to block the login devices by clustering. On the basis of ensuring that the login device performs any normal operation, the lag of the detection of the ban is avoided, and the login device is improved. For the accuracy and timeliness of ban detection; at the same time, you can also refer to the ban accuracy rate and ban recall rate under the set of target login devices that have completed the ban detection, and dynamically update the corresponding preset ban threshold to ensure that the login device faces the ban detection. At the same time, continuously adding the banned login devices to the banned device library, and dynamically updating the login floating degree of the banned device library under each device factor, can improve the screening accuracy of the reference device factor.
实施例四Embodiment 4
图4为本申请实施例四提供的一种登录设备的封禁检测装置的结构示意图,如图4所示,该装置可以包括:FIG. 4 is a schematic structural diagram of a blocking detection device for logging in equipment according to Embodiment 4 of the present application. As shown in FIG. 4 , the device may include:
参考因子筛选模块410,设置为基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子;The reference factor screening module 410 is configured to screen out a reference device factor from a plurality of device factors based on the login floating degree of at least one banned device in the banned device library under each device factor, wherein the at least one banned device There is a corresponding device factor for the device;
封禁检测模块420,设置为基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分。The blocking detection module 420 is configured to determine the blocked score of the logged-in device based on the similarity of the logged-in device and the log-in parameter of each blocked device in the blocked-device library under the reference device factor.
本实施例,由于已封禁设备库在每一设备因子下的登录浮动越大,说明该设备因子被篡改的可能性越大,也就是该设备因子对登录设备进行封禁检测的参考价值越低。因此基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出对应的参***因子,通过分析登录设备和该已封禁设备库中每一已封禁设备在每个参***因子下的登录参数相似度,来计算该登录设备的被封禁评分,可准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性。本实施例,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,提高了登录设备面向封禁检测的准确性和封禁及时性。In this embodiment, the larger the login float of the banned device library under each device factor, the greater the possibility of the device factor being tampered with, that is, the lower the reference value of the device factor for banning and detecting the login device. Therefore, based on the login floating degree of the banned device library under each device factor, the corresponding reference device factor can be screened from all the device factors. By analyzing the login device and each banned device in the banned device library By referring to the similarity of the login parameters under the device factor, the banned score of the login device can be calculated, which can accurately determine the possibility of whether the login device needs to be banned, and ensure the reliability of the login device for ban detection. In this embodiment, it is not necessary to block each login device using multi-open software, or to block the login devices by clustering. On the basis of ensuring that the login device performs any normal operation, the lag of the detection of the ban is avoided, and the login device is improved. For the accuracy of ban detection and ban timeliness.
本实施例提供的登录设备的封禁检测装置可适用于上述任意实施例提供的登录设备的封禁检测方法,具备相应的功能和有益效果。The blocking detection device for a login device provided in this embodiment is applicable to the blocking detection method for a login device provided in any of the above embodiments, and has corresponding functions and beneficial effects.
实施例五Embodiment 5
图5为本申请实施例五提供的一种服务器的结构示意图,如图5所示,该服务器包括处理器50、存储装置51和通信装置52;服务器中处理器50的数量可以是一个或多个,图5中以一个处理器50为例;服务器中的处理器50、存储装置51和通信装置52可以通过总线或其他方式连接,图5中以通过总线连接为例。FIG. 5 is a schematic structural diagram of a server according to Embodiment 5 of the present application. As shown in FIG. 5 , the server includes a processor 50, a storage device 51 and a communication device 52; the number of processors 50 in the server may be one or more One processor 50 is taken as an example in FIG. 5 ; the processor 50 , the storage device 51 and the communication device 52 in the server may be connected through a bus or other means, and the connection through a bus is taken as an example in FIG. 5 .
本实施例提供的一种服务器可设置为执行上述任意实施例提供的登录设备的封禁检测方法,具备相应的功能和有益效果。A server provided in this embodiment can be configured to execute the method for detecting a ban on logging in to a device provided by any of the above embodiments, and has corresponding functions and beneficial effects.
实施例六Embodiment 6
本申请实施例六还提供了一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时可实现上述任意实施例中的登录设备的封禁检测方法。该方法可以包括:Embodiment 6 of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the method for detecting a log-in device ban in any of the foregoing embodiments can be implemented. The method can include:
基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子;Screening out a reference device factor from a plurality of device factors based on the login float of at least one banned device in the banned device library under each device factor, wherein the at least one banned device has a corresponding device factor;
基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分。The blocked score of the logged-in device is determined based on the log-in parameter similarity between the logged-in device and each blocked device in the library of blocked devices under the reference device factor.
本申请实施例所提供的一种包含计算机可执行指令的存储介质,计算机可执行指令除了如上所述的方法操作,还可以执行本申请任意实施例所提供的登录设备的封禁检测方法中的相关操作。A storage medium containing computer-executable instructions provided by an embodiment of the present application, the computer-executable instructions, in addition to the above-mentioned method operations, can also execute the related procedures in the method for detecting a ban on logging in to a device provided by any embodiment of the present application. operate.
通过以上关于实施方式的描述,所属领域的技术人员可以清楚地了解到,本申请可借助软件及通用硬件来实现,当然也可以通过硬件实现。基于这样的理解,本申请实施例还可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如计算机的软盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、闪存(FLASH)、硬盘或光盘等。计算机可读存储介质中可包括指令,指令使得一台计算机设备执行本申请多个实施例所述的方法,计算机设备可以是个人计算机,服务器,或者网络设备等。From the above description of the embodiments, those skilled in the art can clearly understand that the present application can be implemented by means of software and general hardware, and certainly can also be implemented by hardware. Based on this understanding, the embodiments of the present application may also be embodied in the form of software products, and the computer software products may be stored in a computer-readable storage medium, such as a floppy disk of a computer, a read-only memory (Read-Only Memory, ROM), Random access memory (Random Access Memory, RAM), flash memory (FLASH), hard disk or CD, etc. The computer-readable storage medium may include instructions, and the instructions cause a computer device to execute the methods described in the various embodiments of the present application, and the computer device may be a personal computer, a server, or a network device.
上述登录设备的封禁检测装置的实施例中,所包括的多个单元和模块按照功能逻辑进行划分的,但存在多种划分方式;另外,功能单元的名称也只是为了便于相互区分。In the above embodiment of the blocking detection device for logging in equipment, the multiple units and modules included are divided according to functional logic, but there are various division methods; in addition, the names of the functional units are only for the convenience of distinguishing from each other.

Claims (12)

  1. 一种登录设备的封禁检测方法,包括:A blocking detection method for logging in to a device, comprising:
    基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子;Screening out a reference device factor from a plurality of device factors based on the login float of at least one banned device in the banned device library under each device factor, wherein the at least one banned device has a corresponding device factor;
    基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分。The blocked score of the logged-in device is determined based on the log-in parameter similarity between the logged-in device and each blocked device in the library of blocked devices under the reference device factor.
  2. 根据权利要求1所述的方法,其中,所述基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分,包括:The method according to claim 1, wherein the blocked device is determined based on the log-in device and the log-in parameter similarity of each banned device in the banned device library under the reference device factor. Scoring, including:
    针对所述已封禁设备库中的每一已封禁设备,基于所述登录设备和所述每个已封禁设备分别在所述参***因子下的登录参数,分别计算所述登录设备和所述每个已封禁设备之间的封禁相似度;For each banned device in the banned device library, based on the log-in device and the respective log-in parameters of each banned device under the reference device factor, calculate the log-in device and each banned device respectively. Ban similarity between banned devices;
    将所述登录设备和所述每一已封禁设备之间的封禁相似度中的最大相似度,作为所述登录设备的被封禁评分。The maximum similarity among the banned similarities between the logged-in device and each of the banned devices is taken as the banned score of the logged-in device.
  3. 根据权利要求2所述的方法,其中,所述封禁相似度采用杰卡德距离与相似度之间的反向影响来计算。The method of claim 2, wherein the ban similarity is calculated using an inverse effect between the Jaccard distance and the similarity.
  4. 根据权利要求1所述的方法,其中,所述基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,包括:The method according to claim 1, wherein, based on the login floating degree of at least one banned device in the banned device library under each device factor, the reference device factor is selected from a plurality of device factors, comprising:
    基于已封禁设备库在每一设备因子下的登录浮动度,确定所述每个设备因子的封禁参考置信度,并筛选出所述封禁参考置信度符合指定封禁检测规格的设备因子,作为所述参***因子。Based on the login floating degree of the banned device library under each device factor, the ban reference confidence level of each device factor is determined, and the device factor whose ban reference confidence level meets the specified ban detection specification is selected as the ban reference confidence level. Reference device factor.
  5. 根据权利要求1所述的方法,在基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子之前,还包括:The method according to claim 1, before filtering out a reference device factor from a plurality of device factors based on the login floating degree of at least one banned device in the banned device library under each device factor, further comprising:
    针对每一设备因子,基于所述已封禁设备库在所述每个设备因子下至少一个历史登录参数的重复频次,确定所述已封禁设备库在所述每个设备因子下的登录浮动度。For each device factor, based on the repetition frequency of at least one historical login parameter of the banned device library under each device factor, the degree of login fluctuation of the banned device library under each device factor is determined.
  6. 根据权利要求5所述的方法,其中,所述针对每一设备因子,基于所述已封禁设备库在所述每个设备因子下至少一个历史登录参数的重复频次,确定所述已封禁设备库在所述每个设备因子下的登录浮动度,包括:The method according to claim 5, wherein, for each device factor, the banned device library is determined based on the repetition frequency of at least one historical login parameter of the banned device library under each device factor Login float under each of the device factors, including:
    对所述已封禁设备库在每一设备因子下至少一个历史登录参数的重复频次 进行熵运算,得到所述已封禁设备库在所述每个设备因子下的登录浮动度。Entropy operation is performed on the repetition frequency of at least one historical registration parameter of the banned device library under each device factor, to obtain the log-in floating degree of the banned device library under each device factor.
  7. 根据权利要求1-6任一项所述的方法,在确定所述登录设备的被封禁评分之后,还包括:The method according to any one of claims 1-6, after determining the banned score of the login device, further comprising:
    响应于所述登录设备的被封禁评分大于预设封禁阈值,对所述登录设备进行封禁。In response to the blocked score of the logged-in device being greater than a preset ban threshold, the logged-in device is blocked.
  8. 根据权利要求7所述的方法,在对所述登录设备进行封禁之后,还包括:The method according to claim 7, after banning the login device, further comprising:
    将完成封禁的登录设备添加至所述已封禁设备库中,并更新所述已封禁设备库在每一设备因子下的登录浮动度。The blocked login devices are added to the banned device library, and the login floating degree of the banned device library under each device factor is updated.
  9. 根据权利要求7所述的方法,还包括:The method of claim 7, further comprising:
    基于完成封禁检测的目标登录设备集合对应的封禁准确率和封禁召回率,确定预设封禁阈值。The preset ban threshold is determined based on the ban accuracy rate and ban recall rate corresponding to the set of target login devices that have completed ban detection.
  10. 一种登录设备的封禁检测装置,包括:A blocking detection device for logging in equipment, comprising:
    参考因子筛选模块,设置为基于已封禁设备库中的至少一个已封禁设备在每一设备因子下的登录浮动度,从多个设备因子中筛选出参***因子,其中所述至少一个已封禁设备存在对应的设备因子;A reference factor screening module, configured to screen out a reference device factor from a plurality of device factors based on the login floating degree of at least one banned device in the banned device library under each device factor, wherein the at least one banned device There is a corresponding device factor;
    封禁检测模块,设置为基于登录设备和所述已封禁设备库中每一已封禁设备在所述参***因子下的登录参数相似度,确定所述登录设备的被封禁评分。The block detection module is configured to determine the block score of the log-in device based on the log-in parameter similarity between the log-in device and each blocked device in the banned device library under the reference device factor.
  11. 一种服务器,所述服务器包括:A server comprising:
    一个或多个处理器;one or more processors;
    存储装置,设置为存储一个或多个程序;storage means arranged to store one or more programs;
    所述一个或多个处理器,设置为执行所述一个或多个程序以实现如权利要求1-9中任一所述的登录设备的封禁检测方法。The one or more processors are configured to execute the one or more programs to implement the method for detecting the banning of a login device according to any one of claims 1-9.
  12. 一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1-9中任一所述的登录设备的封禁检测方法。A computer-readable storage medium storing a computer program on the computer-readable storage medium, when the computer program is executed by a processor, implements the method for detecting a ban on logging in to a device according to any one of claims 1-9.
PCT/CN2021/109010 2020-08-26 2021-07-28 Block detection method and apparatus for login device, server, and storage medium WO2022042194A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010872545.7A CN112016078A (en) 2020-08-26 2020-08-26 Method, device, server and storage medium for detecting forbidding of login equipment
CN202010872545.7 2020-08-26

Publications (1)

Publication Number Publication Date
WO2022042194A1 true WO2022042194A1 (en) 2022-03-03

Family

ID=73502242

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/109010 WO2022042194A1 (en) 2020-08-26 2021-07-28 Block detection method and apparatus for login device, server, and storage medium

Country Status (2)

Country Link
CN (1) CN112016078A (en)
WO (1) WO2022042194A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545645A (en) * 2023-03-20 2023-08-04 中国华能集团有限公司北京招标分公司 IP address blocking method
CN117421729A (en) * 2023-12-18 2024-01-19 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium
CN117421729B (en) * 2023-12-18 2024-04-26 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016078A (en) * 2020-08-26 2020-12-01 广州市百果园信息技术有限公司 Method, device, server and storage medium for detecting forbidding of login equipment
CN113591898B (en) * 2021-06-04 2024-01-02 广州三七极创网络科技有限公司 Method and device for classifying accounts in game and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107481126A (en) * 2017-09-27 2017-12-15 北京同城必应科技有限公司 A kind of single method of anti-brush, server and client side
CN108494796A (en) * 2018-04-11 2018-09-04 广州虎牙信息科技有限公司 Method for managing black list, device, equipment and storage medium
US20180332019A1 (en) * 2014-06-12 2018-11-15 Nadapass, Inc. Password-less authentication system and method
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN111586028A (en) * 2020-04-30 2020-08-25 广州市百果园信息技术有限公司 Abnormal login evaluation method and device, server and storage medium
CN112016078A (en) * 2020-08-26 2020-12-01 广州市百果园信息技术有限公司 Method, device, server and storage medium for detecting forbidding of login equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180332019A1 (en) * 2014-06-12 2018-11-15 Nadapass, Inc. Password-less authentication system and method
CN107481126A (en) * 2017-09-27 2017-12-15 北京同城必应科技有限公司 A kind of single method of anti-brush, server and client side
CN108494796A (en) * 2018-04-11 2018-09-04 广州虎牙信息科技有限公司 Method for managing black list, device, equipment and storage medium
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN111586028A (en) * 2020-04-30 2020-08-25 广州市百果园信息技术有限公司 Abnormal login evaluation method and device, server and storage medium
CN112016078A (en) * 2020-08-26 2020-12-01 广州市百果园信息技术有限公司 Method, device, server and storage medium for detecting forbidding of login equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545645A (en) * 2023-03-20 2023-08-04 中国华能集团有限公司北京招标分公司 IP address blocking method
CN117421729A (en) * 2023-12-18 2024-01-19 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium
CN117421729B (en) * 2023-12-18 2024-04-26 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium

Also Published As

Publication number Publication date
CN112016078A (en) 2020-12-01

Similar Documents

Publication Publication Date Title
WO2022042194A1 (en) Block detection method and apparatus for login device, server, and storage medium
CN109831465B (en) Website intrusion detection method based on big data log analysis
CN110602029B (en) Method and system for identifying network attack
CN109257390B (en) CC attack detection method and device and electronic equipment
CN106850647B (en) Malicious domain name detection algorithm based on DNS request period
CN110830445B (en) Method and device for identifying abnormal access object
US10567398B2 (en) Method and apparatus for remote malware monitoring
CN107426136B (en) Network attack identification method and device
US20200380117A1 (en) Aggregating anomaly scores from anomaly detectors
US10757029B2 (en) Network traffic pattern based machine readable instruction identification
US11206277B1 (en) Method and apparatus for detecting abnormal behavior in network
WO2020057523A1 (en) Method and device for triggering vulnerability detection
US20230086187A1 (en) Detection of anomalies associated with fraudulent access to a service platform
CN111600894A (en) Network attack detection method and device
CN107231383B (en) CC attack detection method and device
US20100083375A1 (en) Detection accuracy tuning for security
CN111030887B (en) Web server discovery method and device and electronic equipment
CN111652284A (en) Scanner identification method and device, electronic equipment and storage medium
TWI610196B (en) Network attack pattern determination apparatus, determination method, and computer program product thereof
CN109495471B (en) Method, device and equipment for judging WEB attack result and readable storage medium
CN111131166B (en) User behavior prejudging method and related equipment
CN107995167B (en) Equipment identification method and server
CN113792291B (en) Host recognition method and device infected by domain generation algorithm malicious software
CN112769739A (en) Database operation violation processing method, device and equipment
US20220329625A1 (en) Systems and methods for ip spoofing security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21860034

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21860034

Country of ref document: EP

Kind code of ref document: A1