CN104836781A - Method distinguishing identities of access users, and device - Google Patents
Method distinguishing identities of access users, and device Download PDFInfo
- Publication number
- CN104836781A CN104836781A CN201410060028.4A CN201410060028A CN104836781A CN 104836781 A CN104836781 A CN 104836781A CN 201410060028 A CN201410060028 A CN 201410060028A CN 104836781 A CN104836781 A CN 104836781A
- Authority
- CN
- China
- Prior art keywords
- user
- access
- value
- unauthorized access
- sample
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000012545 processing Methods 0.000 claims description 14
- 238000011156 evaluation Methods 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 31
- 238000004364 calculation method Methods 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 description 150
- 230000000875 corresponding effect Effects 0.000 description 21
- 238000004458 analytical method Methods 0.000 description 17
- 235000014510 cooky Nutrition 0.000 description 14
- 230000009471 action Effects 0.000 description 5
- 238000012512 characterization method Methods 0.000 description 5
- 230000004069 differentiation Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000010200 validation analysis Methods 0.000 description 4
- 208000012260 Accidental injury Diseases 0.000 description 3
- 230000003542 behavioural effect Effects 0.000 description 3
- 239000010432 diamond Substances 0.000 description 3
- 208000014674 injury Diseases 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000000205 computational method Methods 0.000 description 2
- 230000002596 correlated effect Effects 0.000 description 2
- 238000005194 fractionation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000010422 painting Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method distinguishing identities of access users, and a device. The method comprises acquiring a plurality of behavior characteristic information of a current access user, acquiring a legal characteristic probability value and an illegal characteristic probability value of each behavior characteristic information in a sample database, performing a condition probability calculation according to the legal characteristic probability value and the illegal characteristic probability value of each behavior characteristic information to obtain a legal access probability value and an illegal access probability value of the current access user, and comparing the legal access probability value of the current access user and the illegal access probability value of the current access user to determine the current access user to be a legal access user or to be an illegal access user. Through adoption of the method and the device, the technical problem of poor accuracy of the fact that the user is determined to be the legal user or the illegal user in the prior art is solved, the effect that the user is accurately determined to be the legal user or the illegal user is achieved, and then the missing judgment rate and the misjudgment rate for the illegal user are reduced.
Description
Technical field
The present invention relates to internet arena, in particular to a kind of method and the device of distinguishing calling party identity.
Background technology
In internet industry, user brings into use application within certain period, and through after a period of time, still continue to use being construed to of applying to retain, this part user is and retains user.Operations such as guiding user's access or download can be used in prior art to keep the liveness of user, retain user to increase and increase visit capacity.Such as, in the design of video activity, user has generally only needed some instant tasks can participate in prize drawing, instant task can be only click video link, open the operations such as video page, also can be other user's access not needing to pay completely or click behaviors, the participation colony of video activity can be the user accessing or do not access this website.
The certification of above-mentioned instant task completes on network, and the certification of instant task, once the cost being identified forgery is very low, is easy to be brushed prize.When occurring that disabled user brushes prize, because the visit capacity of prize drawing is very large, if the rate of winning prize of video activity setting is low, validated user is difficult to get the winning number in a bond, and if the rate of winning prize height of video activity setting has a large amount of prize and brushed away by the disabled user brushing prize.
In order to distinguish Lawful access user and unauthorized access user, in prior art, there is following several solution:
1.ip access times limit: limit the access times that single ip is maximum, also namely arrange the threshold value of the access times of same ip, and this threshold value of access times superelevation just thinks that it is disabled user (i.e. brush prize user).Wherein, ip is computer network and carries out each other communicating and the agreement designed;
2.cookie similarity limits: the request that cookie is the same limits, and also namely limits the access times of the same request of cookie, and the number of times exceeding restriction just no longer allows the user access of this cookie.Wherein, cookie is stored in the data on user local terminal, specifically refers to that some website is in order to distinguish user identity, conversate and follow the tracks of and storage data on the subscriber terminal (these data are usually through encryption);
3. frequency of operation restriction: the frequency of operation of restriction unique user, limits the frequency of operation of single ip;
4. identifying code checking: need input correct verification code before each draw, wherein, identifying code a kind ofly but divides user to be the public full auto-programs of computer and people, identifying code can be used to prevent maliciously decryption, brush ticket, forum from pouring water, effectively prevent certain hacker from carrying out the data assemblies of continuous login attempt to some particular registered user specific program Brute Force modes.
But there is a lot of defect in above-mentioned solution:
(1) experience is poor: same company or identical Internet bar use identical ip address mostly, in this case, that a corresponding ip is multiple users, may be even a large amount of users, adopt the method for ip access times restriction, can limit by high to frequency of operation or that access times are many ip, thus all users under limiting same ip, to using the different user (comprising validated user and disabled user) of identical ip address to cause accidental injury, accidental injury rate is high.In addition, the input of identifying code is also often complained by people.
(2) misdetection rate is high, and accidental injury rate is high: the professional level of brush prize user is very high, and analysis and learning ability are all very strong, and cost line being copied ip and cookie is not high, and disabled user can copy different ip and cookie and carry out brush prize.Because unauthorized access user can copy ip and cookie in a large number, restriction ip access times and cookie similarity, probability disabled user missed is very large, and by also very high for the probability of normal Lawful access user restriction, accurately cannot judge the legitimacy of user, use the method for the restriction of ip access times and the restriction of cookie similarity to judge that the restriction of the legitimacy of calling party is more and more less.
Judge the problem of user as the poor accuracy of validated user or disabled user for above-mentioned, not yet propose effective solution at present.
Summary of the invention
Embodiments provide a kind of method and the device of distinguishing calling party identity, with at least solve judge user as validated user or disabled user poor accuracy technical problem.
According to an aspect of the embodiment of the present invention, provide a kind of method distinguishing calling party identity, the method comprises: the multiple behavior characteristic information obtaining current accessed user; The legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value is obtained from sample database; Carry out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user; Compare Lawful access probable value and the unauthorized access probable value of current accessed user, determine that current accessed user is Lawful access user or unauthorized access user.
According to the another aspect of the embodiment of the present invention, additionally provide a kind of device distinguishing calling party identity, this device comprises: the first acquisition module, for obtaining multiple behavior characteristic information of current accessed user; Second acquisition module, for obtaining the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value from sample database; Processing module, for carrying out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtains Lawful access probable value and the unauthorized access probable value of calling party; Determination module, for comparing Lawful access probable value and the unauthorized access probable value of current accessed user, determines that current accessed user is Lawful access user or unauthorized access user.
In the application, after the first acquisition module obtains multiple behavior characteristic information of current accessed user, second acquisition module obtains the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value from sample database, processing module carries out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, Lawful access probable value and the unauthorized access probable value of current accessed user is compared by determination module, thus can determine that current accessed user is Lawful access user or unauthorized access user.Pass through the application, carry out conditional probability according to the legal characteristic probability value of current accessed user and illegal probability characteristics value and calculate Lawful access probable value and unauthorized access probable value, then the Lawful access probable value that calculates is compared and unauthorized access probable value determines that active user is Lawful access user or unauthorized access user, said method is adopted to start with from the operating habit of user, behavior characteristic information analysis based on user determines that user is Lawful access user or unauthorized access user, accurately can judge that user is Lawful access user or unauthorized access user, solve in prior art and judge that user is the technical problem of the poor accuracy of validated user or disabled user, achieve and accurately judge the effect of user as validated user or disabled user, thus the misdetection rate reduced disabled user and False Rate.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the structural representation of the device of differentiation calling party identity according to the embodiment of the present invention one;
Fig. 2 is the flow chart of the method for differentiation calling party identity according to the embodiment of the present invention two;
Fig. 3 is the flow chart of the method for a kind of optional differentiation calling party identity according to the embodiment of the present invention two; And
Fig. 4 is the flow chart of data processing figure optionally distinguishing the method for calling party identity according to the another kind of the embodiment of the present invention two.
Embodiment
First, the part noun occurred in the process be described the embodiment of the present invention or term are applicable to description below:
Access control, carry out the access of limited subscriber to some item of information by user identity and a certain definition that belongs to thereof, or limiting the access that some controls energy supply, access control is generally used for system manager and controls the access of user to Internet resources such as server, catalogue, files.
In access control, prevent the user entering shielded Internet resources from being unauthorized access user; The user allowing the shielded Internet resources of access in access control is Lawful access user.
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.
It should be noted that, term " first ", " second " etc. in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged in the appropriate case, so as embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
Embodiment 1
Before the further details of each embodiment describing the application, can be used for the suitable counting system structure of of the principle realizing the application by describing.In the following description, except as otherwise noted, the symbol otherwise with reference to the action performed by one or more computer and operation represents each embodiment describing the application.Thus, be appreciated that processing unit that this kind of action performed sometimes referred to as computer and operation comprise computer is to the manipulation of the signal of telecommunication representing data with structured form.It is safeguarded in this manipulation transforms data or the position in the accumulator system of computer, and this reshuffles or changes the operation of computer in the mode that those skilled in the art understands.The data structure of service data is the physical location of the memory of the particular community that the form with data defines.But although describe the application in above-mentioned context, it does not also mean that restrictive, as understood by those skilled in the art, hereinafter described action and each side of operation also can realize with hardware.
In the configuration that it is the most basic, Fig. 1 is the structural representation of the device of differentiation calling party identity according to the embodiment of the present invention one.For purposes of illustration, the architecture of painting is only an example of proper environment, not proposes any limitation to the scope of application of the application or function.
As shown in Figure 1, this device can comprise: the first acquisition module 10, second acquisition module 20, processing module 30 and determination module 40.
Wherein, the first acquisition module 10, for obtaining multiple behavior characteristic information of current accessed user.
Second acquisition module 20, for obtaining the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value from sample database.
Processing module 30, for carrying out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtains Lawful access probable value and the unauthorized access probable value of calling party.
Determination module 40, for comparing Lawful access probable value and the unauthorized access probable value of current accessed user, determines that current accessed user is Lawful access user or unauthorized access user.
In the above embodiments of the present application one, after the first acquisition module obtains multiple behavior characteristic information of current accessed user, second acquisition module obtains the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value from sample database, processing module carries out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, Lawful access probable value and the unauthorized access probable value of current accessed user is compared by determination module, thus can determine that current accessed user is Lawful access user or unauthorized access user.Pass through the application, carry out conditional probability according to the legal characteristic probability value of current accessed user and illegal probability characteristics value and calculate Lawful access probable value and unauthorized access probable value, then the Lawful access probable value that calculates is compared and unauthorized access probable value determines that active user is Lawful access user or unauthorized access user, said method is adopted to start with from the operating habit of user, behavior characteristic information analysis based on user determines that user is Lawful access user or unauthorized access user, accurately can judge that user is Lawful access user or unauthorized access user, solve in prior art and judge that user is the technical problem of the poor accuracy of validated user or disabled user, achieve and accurately judge the effect of user as validated user or disabled user, thus the misdetection rate reduced disabled user and False Rate.
Legal feature in the embodiment of the present application one is the feature allowing the access behavior carried out in the access control of Internet resources, is illegally characterized as the feature of the access behavior forbidden in the access control of Internet resources.
The above embodiment of the present invention can be applied in the judgement of the legitimacy of the prize drawing user to video marketing activity.Such as, the prize drawing user in video marketing activity is divided into Lawful access user (being validated user in this application scenarios) and unauthorized access user (being brush prize user in this application scenarios).
Such as, after access behavior current accessed user (as prize drawing user) being detected, characterization analysis is carried out to the access behavior of prize drawing user, obtain multiple behavior characteristic information of current accessed user (prize drawing user), after the multiple behavior characteristic information obtaining prize drawing user, the legal characteristic probability value of above-mentioned each behavior characteristic information and illegal characteristic probability value is obtained from sample database, and carry out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, to compare Lawful access probable value and the unauthorized access probable value of current accessed user, thus can determine that current accessed user (prize drawing user) is for Lawful access user (validated user) or unauthorized access user (brush prize user), to the accurate judgement of the legitimacy of prize drawing user, reduce brush prize user's misdetection rate and False Rate, the participation that improve user is on the whole experienced.
Particularly, the step obtaining multiple behavior characteristic information of current accessed user can realize by the following method: detect that the access line of current accessed user (namely draw a lottery user) is for afterwards at browser, send the request of the legitimacy judging current accessed user, when processor receives judgement request, the access behavioral data (as session information) of the first acquisition module Real-time Obtaining current accessed user shown in Fig. 1, by the identity ID(with current accessed user as qq number) and the getable relevant information of the browser (as: user name of current accessed user, access time etc.) from access behavior extracting data out, to obtain behavior characteristic information (the i.e. correlated characteristic behavior of prize drawing user, as whether the user that draws a lottery has the information of viewing video, whether prize drawing user is blue diamond user etc.).
Wherein, the identity ID in above-described embodiment is identify label number.
In the above embodiments of the present application one, the device shown in Fig. 1 can also comprise: creation module.
Wherein, creation module is for creating sample database.Particularly, sample database comprises: all behavior characteristic information A of Lawful access sample of users B1 and unauthorized access sample of users B2, the property value Ai of each behavior characteristic information and the legal characteristic probability value P(Ai|B1 of each behavior characteristic information) and illegal characteristic probability value P(Ai|B2).
The above embodiment of the present invention can be applied in video marketing activity, particularly, before the legitimacy (for Lawful access user or unauthorized access user) to current accessed user judges, the historical sample data choosing corresponding same video activity carries out cultivating and identifying, to create sample database.
From the historical sample data of same video activity, choose sample establishment sample database in the above-described embodiments can ensure the follow-up accuracy to user request analysis.
Particularly, creation module can comprise: select module, enquiry module and computing module, wherein, selects module for choosing Lawful access sample of users B1 and the unauthorized access sample of users B2 of predetermined number; Enquiry module is for inquiring about property value Ai corresponding to each behavior characteristic information of obtaining Lawful access sample of users and unauthorized access sample of users; Computing module carries out conditional probability calculating for using property value Ai corresponding to each behavior characteristic information of Lawful access sample of users B1 and unauthorized access sample of users B2, obtain the legal characteristic probability value P(Ai|B1 of each behavior characteristic information in Lawful access sample of users), and in unauthorized access sample of users the illegal characteristic probability value P(Ai|B2 of each behavior characteristic information).
The method that above-mentioned selection module, enquiry module and the computing module step S302 to step S306 respectively in corresponding embodiment two realizes, the example that above-mentioned three modules and corresponding step realize is identical with application scenarios, but is not limited to the content disclosed in above-described embodiment two.Above-mentioned selection module, enquiry module and computing module operate in terminal, can pass through software or hardware implementing.
Need to illustrate further, the processing module 30 in the embodiment of the present application one can comprise: probability evaluation entity.
Particularly, probability evaluation entity, Lawful access probable value P(B1|Ai for using following Bayesian formula to calculate calling party) and unauthorized access probable value P(B2|Ai): P(B1|Ai)=P(Ai|B1) P(B1)/P(Ai), wherein, P(Ai|B1) be the legal characteristic probability value of each behavior characteristic information in Lawful access sample of users, P(B1) be the predetermined probability value of Lawful access sample of users, P(Ai) for having the probability of behavior characteristic information A in Lawful access sample of users, i is natural number; P(B2|Ai)=P(Ai|B2) P(B2)/P(Ai), wherein, P(Ai|B2) be the illegal characteristic probability value of each behavior characteristic information in unauthorized access sample of users, P(B2) be the predetermined probability value of unauthorized access sample of users, P(Ai) for having the probability of behavior characteristic information A in unauthorized access sample of users, i is natural number.
What needs further illustrated is, Bayesian formula is used to calculate Lawful access probable value and the unauthorized access probable value of calling party in the above-described embodiments, start with from analysis real user operating habit, weaken the restriction of ip and cookie, quality preferably user can remove the trouble of input validation code from, the participation that improve user is on the whole experienced, and improves the threshold that disabled user (i.e. brush prize user) forges ip and cookie request simultaneously, greatly reduces misdetection rate and False Rate.
According to the above embodiment of the present invention, the difference that validated user encourages user with brush is embodied in: historical behavior is more perfect, operation behavior is more reasonable, use Bayesian computational methods, the historical behavior of user is carried out characterization fractionation, calculate the Credibility probability (the legal characteristic probability value namely in above-described embodiment and illegal characteristic probability value) of each behavior characteristic information, the legal characteristic probability value of each behavior characteristic information of current accessed user and illegal characteristic probability value are carried out Lawful access probable value and the unauthorized access probable value that Bayes calculates current accessed user, and finally show that user is the possibility of validated user and brushes the possibility of encouraging user, two results (and Lawful access probable value in above-described embodiment and unauthorized access probable value) are compared, thus can judge that user is that the possibility which is classified is higher, also namely accurately can judge that user belongs to Lawful access user or unauthorized access user.
The method that the step S206 of above-mentioned probability evaluation entity respectively in corresponding embodiment one realizes, the example that above-mentioned module realizes with corresponding step is identical with application scenarios, but is not limited to the content disclosed in above-described embodiment two.Above-mentioned probability evaluation entity operates in terminal, can pass through software or hardware implementing.
In another embodiment in the above embodiments of the present application one, determination module 40 can comprise: judge module, for judging whether the Lawful access probable value of current accessed user is greater than unauthorized access probable value; First sub-determination module, for when Lawful access probable value is greater than unauthorized access probable value, determines that current accessed user is Lawful access user; Second sub-determination module, for when Lawful access probable value is less than unauthorized access probable value, determines that current accessed user is unauthorized access user.
Particularly, time in sweepstake above-described embodiment being applied to video activity, if P(B1|Ai) >P(B2|Ai), namely the possibility of validated user is greater than the possibility of brush prize user, just judge that this user is as validated user, otherwise judge that this user is as brush prize user.
In another embodiment in the above embodiments of the present application two, the device shown in Fig. 1 can also comprise: preserve module, for the attribute of current accessed user and all behavior characteristic information are saved to sample database; First accumulator module, for when current accessed user is Lawful access user, adds 1 by the total amount of Lawful access user in sample database, and the total amount of each behavior characteristic information of current accessed user adds up 1 separately; Second accumulator module, for when current accessed user is unauthorized access user, the total amount of unauthorized access user in sample database is added 1, and the total amount of each behavior characteristic information of current accessed user adds up 1 separately.
Particularly, judge that current accessed user is as after Lawful access user or unauthorized access user, this is analyzed the result (as Lawful access user or unauthorized access user) judged is updated in sample database, namely, if judge that this user is as validated user, validated user sum is added 1, this user's character pair item respectively adds 1, and re-execute the new probability that step S302 to S306 calculates each behavior characteristic information, to complete the renewal to sample database, next time is when judging that the legitimacy of calling party calls sample database, the legal characteristic probability value used and illegal characteristic probability value are the probable value of latest update, up-to-date probable value is used to calculate, the accuracy calculating Lawful access probable value and unauthorized access probable value can be ensured, thus accurately can judge that user is Lawful access user or unauthorized access user, to reduce misdetection rate and the False Rate of brush being encouraged to user further.
The modules that the above embodiments of the present application one provide is also identical with the method that the scheme that embodiment two provides uses, and the scene of application also can be identical.It is noted, of course, that the such scheme of the present embodiment one can be not limited to content and the scene of above-described embodiment two.
According to above-described embodiment of the application, device can also comprise: the first update module, for the Lawful access probable value of current accessed user and the Lawful access value range preset are compared, if the Lawful access probable value of current accessed user exceeds Lawful access value range, send the first warning message; Second update module, the unauthorized access probable value for current accessed user compares with the unauthorized access value range preset, if the unauthorized access probable value of current accessed user exceeds unauthorized access value range, sends Secondary Report alarming information.
By above-described embodiment, change Analysis on confidence is carried out to the Lawful access probable value of current accessed user and unauthorized access probable value, thus ensure the accuracy of sample database further, ensure to calculate correct, to ensure the accuracy analyzed user validation.
Need to illustrate further, device can also comprise: extraction module, for extracting the legal characteristic probability value P(Ai|B1 of each behavior characteristic information in sample database) and illegal characteristic probability value P(Ai|B2); Cache module, the legal characteristic probability value P(Ai|B1 for by each behavior characteristic information) and illegal characteristic probability value P(Ai|B2) store in the buffer.
By above-described embodiment, the time of user can be saved, promote Consumer's Experience.
The example that above-mentioned first update module, the second update module, extraction module and cache module realize with step corresponding in embodiment two is identical with application scenarios, but is not limited to the content disclosed in above-described embodiment two.Above-mentioned four modules operate in terminal, can pass through software or hardware implementing.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises all or part of step of some instructions in order to make a computer equipment (can be personal computer, server or the network equipment etc.) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.
Embodiment 2
According to the embodiment of the present invention, additionally provide a kind of embodiment of the method for implementing said system embodiment, it should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, in some cases, can be different from the step shown or described by order execution herein.
According to the embodiment of the present invention, additionally provide a kind of method for implementing above-mentioned differentiation calling party identity, as shown in Figure 2, the method can comprise the steps:
Step S202: multiple behavior characteristic information that can be obtained current accessed user by the first acquisition module shown in Fig. 1.
Step S204: the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value can be obtained by the second acquisition module shown in Fig. 1 from sample database.
Step S206: conditional probability calculating can be carried out by the processing module shown in Fig. 1 according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user.
Step S208: Lawful access probable value and the unauthorized access probable value that can be compared current accessed user by the determination module shown in Fig. 1, determines that current accessed user is Lawful access user or unauthorized access user.
In the above embodiments of the present application two, after the multiple behavior characteristic information obtaining current accessed user, the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value is obtained from sample database, and carry out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, to compare Lawful access probable value and the unauthorized access probable value of current accessed user, thus can determine that current accessed user is Lawful access user or unauthorized access user.Pass through the application, carry out conditional probability according to the legal characteristic probability value of current accessed user and illegal probability characteristics value and calculate Lawful access probable value and unauthorized access probable value, then the Lawful access probable value that calculates is compared and unauthorized access probable value determines that active user is Lawful access user or unauthorized access user, said method is adopted to start with from the operating habit of user, behavior characteristic information analysis based on user determines that user is Lawful access user or unauthorized access user, accurately can judge that user is Lawful access user or unauthorized access user, solve in prior art and judge that user is the technical problem of the poor accuracy of validated user or disabled user, achieve and accurately judge the effect of user as validated user or disabled user, thus the misdetection rate reduced disabled user and False Rate.
Particularly, in above-described embodiment, legal feature is the feature allowing the access behavior carried out in the access control of Internet resources, is illegally characterized as the feature of the access behavior forbidden in the access control of Internet resources.
The above embodiment of the present invention can be applied in the judgement of the legitimacy of the prize drawing user to video marketing activity.Such as, the prize drawing user in video marketing activity is divided into Lawful access user (being validated user in this application scenarios) and unauthorized access user (being brush prize user in this application scenarios).
Such as, after access behavior current accessed user (as prize drawing user) being detected, characterization analysis is carried out to the access behavior of prize drawing user, obtain multiple behavior characteristic information of current accessed user (prize drawing user), after the multiple behavior characteristic information obtaining prize drawing user, the legal characteristic probability value of above-mentioned each behavior characteristic information and illegal characteristic probability value is obtained from sample database, and carry out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, to compare Lawful access probable value and the unauthorized access probable value of current accessed user, thus can determine that current accessed user (prize drawing user) is for Lawful access user (validated user) or unauthorized access user (brush prize user), to the accurate judgement of the legitimacy of prize drawing user, reduce brush prize user's misdetection rate and False Rate, the participation that improve user is on the whole experienced.
Particularly, the step obtaining multiple behavior characteristic information of current accessed user can realize by the following method: detect that the access line of current accessed user (namely draw a lottery user) is for afterwards at browser, send the request of the legitimacy judging current accessed user, when processor receives judgement request, the access behavioral data (as session information) of the first acquisition module Real-time Obtaining current accessed user shown in Fig. 1, by the identity ID(with current accessed user as qq number) and the getable relevant information of the browser (as: user name of current accessed user, access time etc.) from access behavior extracting data out, to obtain behavior characteristic information (the i.e. correlated characteristic behavior of prize drawing user, as whether the user that draws a lottery has the information of viewing video, whether prize drawing user is blue diamond user etc.).
Wherein, the identity ID in above-described embodiment is identify label number.
In the above embodiment of the present invention, after the multiple behavior characteristic information obtaining current accessed user (namely draw a lottery user), from legal characteristic probability value and the illegal characteristic probability value of each behavior characteristic information sample database, and carry out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, namely current accessed user is obtained respectively under the dimension of each behavioural characteristic for the probability possibility of user encouraged by validated user or brush, particularly, by comparing Lawful access probable value and the unauthorized access probable value of current accessed user, determine that current accessed user is Lawful access user or unauthorized access user.Based on the legitimacy of user behavior feature determination current accessed user, accurate to the validity judgement of user.
In the above embodiments of the present application two, in method as shown in Figure 2, at execution step S204 before the legal characteristic probability value obtaining each behavior characteristic information from sample database and illegal characteristic probability value, method can also comprise the steps:
Create sample database, wherein, sample database comprises: all behavior characteristic information A of Lawful access sample of users B1 and unauthorized access sample of users B2, the property value Ai of each behavior characteristic information and the legal characteristic probability value P(Ai|B1 of each behavior characteristic information) and illegal characteristic probability value P(Ai|B2).
The above embodiment of the present invention can be applied in above-mentioned video marketing activity, particularly, before the legitimacy (for Lawful access user or unauthorized access user) to current accessed user judges, the historical sample data choosing corresponding same video activity carries out cultivating and identifying, to create sample database.
In the above-described embodiments, from the historical sample data of same video activity, choose sample establishment sample database can ensure the follow-up accuracy to user request analysis.
Particularly, the step creating sample database in above-described embodiment specifically can comprise following steps as shown in Figure 3:
Step S302: the Lawful access sample of users B1 and the unauthorized access sample of users B2 that choose predetermined number.
Step S304: inquiry obtains property value Ai corresponding to each behavior characteristic information of Lawful access sample of users and unauthorized access sample of users.
Step S306: use property value Ai corresponding to each behavior characteristic information of Lawful access sample of users B1 and unauthorized access sample of users B2 to carry out conditional probability calculating, obtain the legal characteristic probability value P(Ai|B1 of each behavior characteristic information in Lawful access sample of users), and in unauthorized access sample of users the illegal characteristic probability value P(Ai|B2 of each behavior characteristic information).
In the above-described embodiments, step S302: the Lawful access sample of users B1 and the unauthorized access sample of users B2 that choose predetermined number, particularly, sample of users can be chosen from existing statistics.Such as, in video marketing activity, from the historical data choosing this video marketing activity, choose Lawful access sample of users B1 and the unauthorized access sample of users B2 of tentation data.Lawful access sample of users is wherein the visit data of the user of legal participation video marketing activity in historical data, and this Lawful access sample of users can be validated user; Unauthorized access sample of users is the illegal visit data participating in the user of video marketing activity in historical data, and this unauthorized access sample of users can be brush prize user.
More specifically, the Lawful access sample of users B1 chosen and the quantity of unauthorized access sample of users B2 can be equal.
The above embodiment of the present invention can be applied in the sweepstake of video marketing activity, particularly, step S304: the step that inquiry obtains property value Ai corresponding to each behavior characteristic information of Lawful access sample of users and unauthorized access sample of users specifically can realize by the following method:
A series of common factor and separate feature to be discriminated (behavior characteristic information namely in above-described embodiment) is chosen according to the feature of current active (i.e. video activity), such as whether user has viewing behavior, whether be blue diamond user etc., from historical data, then inquire about the property value Ai that each behavior characteristic information of Lawful access sample of users and unauthorized access sample of users is corresponding.Property value corresponding to the behavior characteristic information of table 1 to legal access-sample user and unauthorized access sample of users has done exemplary illustration.
Table 1
In Table 1, " whether watch video " and " user gradation " is according to current active, the i.e. behavior characteristic information determined of the sweepstake of video marketing activity, " having " in table 1, "None" are the property value of corresponding behavior characteristic information, " Lawful access sample of users " correspondence viewing record " having " in Table 1 or the corresponding probability of "None" are legal characteristic probability value, particularly, above-mentioned 64.7%, 35.3%, 20.7% and 79.3% legal characteristic probability value is; And 18.9%, 81.1%, 2.1% and 97.9% is illegal characteristic probability value.
Whether, in the above embodiment of the present invention, the feature of sample data being carried out to characterization analysis can also comprise: whether open microblogging, had website leave a message and whether had purchaser record etc.
After obtaining property value Ai, perform step S306: use property value Ai corresponding to each behavior characteristic information of Lawful access sample of users B1 and unauthorized access sample of users B2 to carry out conditional probability calculating, obtain the legal characteristic probability value P(Ai|B1 of each behavior characteristic information in Lawful access sample of users), and in unauthorized access sample of users the illegal characteristic probability value P(Ai|B2 of each behavior characteristic information).
Particularly, the ratio that each behavior characteristic information calculated is occupied in validated user and in brush prize user respectively, namely in above-described embodiment in Lawful access sample of users the legal characteristic probability value P(Ai|B1 of each behavior characteristic information), and in unauthorized access sample of users the illegal characteristic probability value P(Ai|B2 of each behavior characteristic information), as: the user's accounting having viewing behavior in validated user, user's accounting of viewing behavior was had in brush prize user, using the probable value of above-mentioned user's accounting as each behavior characteristic information in sample database.
In the above-described embodiments, step S206 as shown in Figure 2, conditional probability calculating is carried out according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, the step of the Lawful access probable value and unauthorized access probable value that obtain calling party can comprise: use following Bayesian formula to calculate the Lawful access probable value P(B1|Ai of calling party) and unauthorized access probable value P(B2|Ai): P(B1|Ai)=P(Ai|B1) P(B1)/P(Ai), wherein, P(Ai|B1) be the legal characteristic probability value of each behavior characteristic information in Lawful access sample of users, P(B1) be the predetermined probability value of Lawful access sample of users, P(Ai) for having the probability of behavior characteristic information A in Lawful access sample of users, i is natural number, P(B2|Ai)=P(Ai|B2) P(B2)/P(Ai), wherein, P(Ai|B2) be the illegal characteristic probability value of each behavior characteristic information in unauthorized access sample of users, P(B2) be the predetermined probability value of unauthorized access sample of users, P(Ai) for having the probability of behavior characteristic information A in unauthorized access sample of users, i is natural number.
What needs further illustrated is, Bayesian formula is used to calculate Lawful access probable value and the unauthorized access probable value of calling party in above-described embodiment, start with from analysis real user operating habit, weaken the restriction of ip and cookie, quality preferably user can remove the trouble of input validation code from, the participation that improve user is on the whole experienced, and improves the threshold that disabled user (i.e. brush prize user) forges ip and cookie simultaneously, greatly reduces the misdetection rate to disabled user and False Rate.
According to the above embodiment of the present invention, the difference that validated user encourages user with brush is embodied in: historical behavior is more perfect, operation behavior is more reasonable, use Bayesian computational methods, the historical behavior of user is carried out characterization fractionation, calculate the Credibility probability (the legal characteristic probability value namely in above-described embodiment and illegal characteristic probability value) of each behavior characteristic information, the legal characteristic probability value of each behavior characteristic information of current accessed user and illegal characteristic probability value are carried out Lawful access probable value and the unauthorized access probable value that Bayes calculates current accessed user, and finally show that user is the possibility of validated user and brushes the possibility of encouraging user, two results (and Lawful access probable value in above-described embodiment and unauthorized access probable value) are compared, can judge that user is that the possibility which is classified is higher, also namely accurately can judge that user belongs to Lawful access user or unauthorized access user.
Such as, judge one had viewing behavior current accessed user as Lawful access user or unauthorized access user time, whether behavior characteristic information A was for having viewing behavior, then the property value Ai of corresponding behavior characteristic information A can be "Yes", also can be " having viewing behavior ".
Particularly, this user is the Lawful access probable value (namely belonging to the possibility of validated user) of Lawful access user: P(B1|Ai)=P(Ai|B1) P(B1)/P(Ai), wherein, P(B1|Ai) be P(validated user | have viewing behavior), P(Ai|B1) be the legal characteristic probability value of each behavior characteristic information in Lawful access sample of users, namely P(has viewing behavior | validated user); P(B1) be the predetermined probability value of Lawful access sample of users, i.e. P(validated user); And P(Ai) for having the probable value of behavior characteristic information A in Lawful access sample of users, namely P(has viewing behavior), wherein, i is natural number.Then this user belongs to the possibility of validated user and is: P(validated user | have viewing behavior)=P(have viewing behavior | validated user) P(validated user)/P(has viewing behavior).
This current calling party is the unauthorized access probable value (namely this user belongs to the possibility of brush prize user) of illegal calling party: P(B2|Ai)=P(Ai|B2) P(B2)/P(Ai), wherein, P(Ai|B2) be the illegal characteristic probability value of each behavior characteristic information in unauthorized access sample of users, being P(has viewing behavior | brush prize user); P(B2) be the predetermined probability value of unauthorized access sample of users, i.e. P(brush prize user); P(Ai) for having the probability of behavior characteristic information A in unauthorized access sample of users, namely P(has viewing behavior), i is natural number.Then this user belongs to the possibility of brush prize user and is: P(brush prize user | have viewing behavior)=P(have viewing behavior | brush prize user) P(brush prize user)/P(has viewing behavior).
Wherein, the number choosing Lawful access sample of users B1 and unauthorized access sample of users B2 in the process of above-mentioned establishment sample database can be equal, then P(validated user) be configured to 50%, P(brush prize user) be configured to 50%, because user has viewing, so P(has viewing behavior) be that 100%, P(has viewing behavior | validated user) and P(have viewing behavior | brush user) be respectively the legal characteristic probability value and illegal probability characteristics value calculated in above-described embodiment.
In another embodiment in the above embodiments of the present application two, step S208 in Fig. 2 compares Lawful access probable value and the unauthorized access probable value of current accessed user, determines that current accessed user is that the step of Lawful access user or unauthorized access user can realize by the following method: judge whether the Lawful access probable value of current accessed user is greater than unauthorized access probable value; When Lawful access probable value is greater than unauthorized access probable value, determine that current accessed user is Lawful access user; When Lawful access probable value is less than unauthorized access probable value, determine that current accessed user is unauthorized access user.
Particularly, time in sweepstake above-described embodiment being applied to video marketing activity, if P(B1|Ai) >P(B2|Ai), namely the possibility of validated user is greater than the possibility of brush prize user, just judge that this user is as validated user, otherwise judge that this user is as brush prize user.
In another embodiment in the above embodiments of the present application two, at execution step S208, determine that current accessed user is for after Lawful access user or unauthorized access user, method can also comprise the steps: the attribute of current accessed user and all behavior characteristic information to be saved to sample database; Wherein, when current accessed user is Lawful access user, the total amount of Lawful access user in sample database is added 1, and the total amount of each behavior characteristic information of current accessed user adds up 1 separately; When current accessed user is unauthorized access user, the total amount of unauthorized access user in sample database is added 1, and the total amount of each behavior characteristic information of current accessed user adds up 1 separately.
Particularly, judge that current accessed user is as after Lawful access user or unauthorized access user, this is analyzed the result (as Lawful access user or unauthorized access user) judged is updated in sample database, namely, if judge that this user is as validated user, validated user sum is added 1, this user's character pair item respectively adds 1, and re-execute the new probability that step S302 to S306 calculates each behavior characteristic information, to complete the renewal to sample database, next time is when judging that the legitimacy of calling party calls sample database, the legal characteristic probability value used and illegal characteristic probability value are the probable value of latest update, up-to-date probable value is used to calculate, the accuracy calculating Lawful access probable value and unauthorized access probable value can be ensured, thus accurately can judge that user is Lawful access user or unauthorized access user, to reduce misdetection rate and the False Rate of brush being encouraged to user further.
According to above-described embodiment of the application, after determining that current accessed user is for Lawful access user or unauthorized access user, method can also comprise: the Lawful access probable value of current accessed user and the Lawful access value range preset are compared, if the Lawful access probable value of current accessed user exceeds Lawful access value range, send the first warning message; The unauthorized access probable value of current accessed user compares with the unauthorized access value range preset simultaneously, if the unauthorized access probable value of current accessed user exceeds unauthorized access value range, sends Secondary Report alarming information.
Use bayesian algorithm to calculate Lawful access probable value and unauthorized access probable value, and the judged result of the current accessed user using above-mentioned probable value to obtain upgrades sample database, the situation of cultivating may be occurred, result mistake in computation may be caused.Pass through above-described embodiment, can according to the feature of current application scene, as the feature of the sweepstake of video marketing activity, preset each behavior characteristic information encourages the probability in user zone of reasonableness at validated user and brush, if the Lawful access probable value of current accessed user or unauthorized access probable value exceed the zone of reasonableness of default probability, will trigger alerts, and by the behavior feature probable value reset.
In addition, in this embodiment, manual intervention strategy can be introduced simultaneously, with when expecting discrepant, can human configuration be passed through when estimating sample results on line, intervening sample probability result.
By above-described embodiment, change Analysis on confidence is carried out to the Lawful access probable value of current accessed user and unauthorized access probable value, thus ensure the accuracy of sample database further, ensure to calculate correct, to ensure the accuracy analyzed user validation.
In another embodiment in the above embodiments of the present application two, after execution creates sample database, method can also comprise: the legal characteristic probability value P(Ai|B1 extracting each behavior characteristic information in sample database) and illegal characteristic probability value P(Ai|B2); Legal characteristic probability value P(Ai|B1 by each behavior characteristic information) and illegal characteristic probability value P(Ai|B2) store in the buffer.
What needs further illustrated is, when behavior characteristic information quantity is larger, computing time can be long, so can initiate when user's login page to judge request, carry out reacting and calculating when user clicks prize drawing button (namely initiating access behavior) time like this, then result of calculation is stored in cache(and buffer memory) inner, although reaction and calculating need the longer time, but the judged result (user is the result of Lawful access user or unauthorized access user) that just can directly read when user draws a lottery in cache, alignment processing and display are carried out to this judged result in foreground.
By above-described embodiment, the time of user can be saved, promote Consumer's Experience.
In another embodiment of the present invention as shown in Figure 4, first image data, namely gathers the visit data (these data comprise the behavior characteristic information of current accessed user) of current accessed user, the data of Lawful access sample of users and the data of unauthorized access sample of users.Particularly, time in the sweepstake this embodiment being applied to video activity, Lawful access sample of users and the unauthorized access sample of users of predetermined number can be chosen, then inquiry from sample database is obtained the property value Ai that each behavior characteristic information of Lawful access sample of users and unauthorized access sample of users is corresponding, and use property value Ai corresponding to each behavior characteristic information of Bayesian formula to legal access-sample user B1 and unauthorized access sample of users B2 to carry out conditional probability calculating, obtain legal characteristic probability value P(Ai|B1) and illegal characteristic probability value P(Ai|B2).Then the legal characteristic probability value of each behavior characteristic information of current accessed user and illegal characteristic probability value are carried out conditional probability calculating, obtain the Lawful access probable value P(B1|Ai of current accessed user) and unauthorized access probable value P(B2|Ai).
Obtaining Lawful access probable value P(B1|Ai) and unauthorized access probable value P(B2|Ai) after, Analysis on confidence is carried out to it, namely Lawful access probable value P(B1|Ai is judged in above-described embodiment) whether meet default Lawful access value range, and judge unauthorized access probable value P(B2|Ai) whether meet default unauthorized access value range, obtain Analysis on confidence result, use this Analysis on confidence result upgrade interim sample set and upgrade sample database.Wherein, the visit data that interim sample set is the current accessed user collected is calculating the state before being included into sample database, and generally, user's individuality that current accessed is come is 1.
Particularly, in embodiment shown in Figure 4, introduce the method for manual intervention to monitoring interim sample set and intervening, then judge next time current accessed user be Lawful access user or unauthorized access user time, the interim sample set of manual intervention is added sample database, jointly as the basis judged.
Interim sample data is wherein the visit data of current accessed user, and temporary sample radix is the quantity of user's (individuality) that current accessed is come, and generally this temporary sample radix is 1.
It should be noted that, for aforesaid each embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.
As can be seen from the above description, present invention achieves following technique effect:
In the above embodiments of the present application, after the first acquisition module obtains multiple behavior characteristic information of current accessed user, second acquisition module obtains the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value from sample database, processing module carries out conditional probability calculating according to the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of current accessed user, Lawful access probable value and the unauthorized access probable value of current accessed user is compared by determination module, thus can determine that current accessed user is Lawful access user or unauthorized access user.Pass through the application, carry out conditional probability according to the legal characteristic probability value of current accessed user and illegal probability characteristics value and calculate Lawful access probable value and unauthorized access probable value, then the Lawful access probable value that calculates is compared and unauthorized access probable value determines that active user is Lawful access user or unauthorized access user, said method is adopted to start with from the operating habit of user, behavior characteristic information analysis based on user determines that user is Lawful access user or unauthorized access user, accurately can judge that user is Lawful access user or unauthorized access user, solve in prior art and judge that user is the technical problem of the poor accuracy of validated user or disabled user, achieve and accurately judge the effect of user as validated user or disabled user, thus the misdetection rate reduced disabled user and False Rate.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that can add required general hardware platform by software according to the method for above-described embodiment and realize, hardware can certainly be passed through, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, CD), comprising some instructions in order to make a station terminal equipment (can be mobile phone, computer, server, or the network equipment etc.) perform method described in each embodiment of the present invention.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
In the above embodiment of the present invention, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (14)
1. distinguish a method for calling party identity, it is characterized in that, comprising:
Obtain multiple behavior characteristic information of current accessed user;
The legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value is obtained from sample database;
Carry out conditional probability calculating according to the legal characteristic probability value of described each behavior characteristic information and illegal characteristic probability value, obtain Lawful access probable value and the unauthorized access probable value of described current accessed user;
The described Lawful access probable value of more described current accessed user and described unauthorized access probable value, determine that described current accessed user is Lawful access user or unauthorized access user.
2. method according to claim 1, is characterized in that, before the legal characteristic probability value obtaining each behavior characteristic information from sample database and illegal characteristic probability value, described method also comprises:
Create described sample database, wherein, described sample database comprises: all behavior characteristic information A of Lawful access sample of users B1 and unauthorized access sample of users B2, the property value Ai of each behavior characteristic information and the legal characteristic probability value P(Ai|B1 of each behavior characteristic information) and illegal characteristic probability value P(Ai|B2);
The step of the described sample database of described establishment comprises:
Choose the described Lawful access sample of users B1 of predetermined number and described unauthorized access sample of users B2;
Inquiry obtains property value Ai corresponding to each behavior characteristic information of described Lawful access sample of users and described unauthorized access sample of users;
Property value Ai corresponding to each behavior characteristic information of described Lawful access sample of users B1 and described unauthorized access sample of users B2 is used to carry out conditional probability calculating, obtain the described legal characteristic probability value P(Ai|B1 of each behavior characteristic information in described Lawful access sample of users), and in described unauthorized access sample of users the described illegal characteristic probability value P(Ai|B2 of each behavior characteristic information).
3. method according to claim 2, it is characterized in that, carry out conditional probability calculating according to the legal characteristic probability value of described each behavior characteristic information and illegal characteristic probability value, the step of the Lawful access probable value and unauthorized access probable value that obtain described calling party comprises:
Following Bayesian formula is used to calculate the described Lawful access probable value P(B1|Ai of described calling party) and described unauthorized access probable value P(B2|Ai):
P(B1|Ai)=P(Ai|B1) P(B1)/P(Ai), wherein, described P(Ai|B1) be the described legal characteristic probability value of each behavior characteristic information in described Lawful access sample of users, described P(B1) be the predetermined probability value of described Lawful access sample of users, described P(Ai) for having the probability of described behavior characteristic information A in described Lawful access sample of users, i is natural number;
P(B2|Ai)=P(Ai|B2) P(B2)/P(Ai), wherein, described P(Ai|B2) be the described illegal characteristic probability value of each behavior characteristic information in described unauthorized access sample of users, described P(B2) be the predetermined probability value of described unauthorized access sample of users, described P(Ai) for having the probability of described behavior characteristic information A in described unauthorized access sample of users, i is natural number.
4. method according to claim 3, is characterized in that, the described Lawful access probable value of more described current accessed user and described unauthorized access probable value, determines that described current accessed user is that the step of Lawful access user or unauthorized access user comprises:
Judge whether the described Lawful access probable value of described current accessed user is greater than described unauthorized access probable value;
When described Lawful access probable value is greater than described unauthorized access probable value, determine that described current accessed user is Lawful access user;
When described Lawful access probable value is less than described unauthorized access probable value, determine that described current accessed user is unauthorized access user.
5. method according to claim 4, is characterized in that, after determining that described current accessed user is for Lawful access user or unauthorized access user, described method also comprises:
The attribute of described current accessed user and all behavior characteristic information are saved to described sample database;
Wherein, when described current accessed user is described Lawful access user, the total amount of Lawful access user in described sample database is added 1, and the total amount of each behavior characteristic information of described current accessed user adds up 1 separately;
When described current accessed user is described unauthorized access user, the total amount of unauthorized access user in described sample database is added 1, and the total amount of each behavior characteristic information of described current accessed user adds up 1 separately.
6. the method according to claim 4 or 5, is characterized in that, after determining that described current accessed user is for Lawful access user or unauthorized access user, described method also comprises:
The described Lawful access probable value of described current accessed user and the Lawful access value range preset are compared, if the described Lawful access probable value of described current accessed user exceeds described Lawful access value range, sends the first warning message;
The described unauthorized access probable value of described current accessed user compares with the unauthorized access value range preset simultaneously, if the described unauthorized access probable value of described current accessed user exceeds described unauthorized access value range, sends Secondary Report alarming information.
7. method according to claim 6, is characterized in that, after the described sample database of establishment, described method also comprises:
Extract the legal characteristic probability value P(Ai|B1 of each behavior characteristic information described in described sample database) and illegal characteristic probability value P(Ai|B2);
Legal characteristic probability value P(Ai|B1 by described each behavior characteristic information) and illegal characteristic probability value P(Ai|B2) store in the buffer.
8. distinguish a device for calling party identity, it is characterized in that, comprising:
First acquisition module, for obtaining multiple behavior characteristic information of current accessed user;
Second acquisition module, for obtaining the legal characteristic probability value of each behavior characteristic information and illegal characteristic probability value from sample database;
Processing module, for carrying out conditional probability calculating according to the legal characteristic probability value of described each behavior characteristic information and illegal characteristic probability value, obtains Lawful access probable value and the unauthorized access probable value of described calling party;
Determination module, for described Lawful access probable value and the described unauthorized access probable value of more described current accessed user, determines that described current accessed user is Lawful access user or unauthorized access user.
9. device according to claim 8, is characterized in that, described device also comprises:
Creation module, for creating described sample database, wherein, described sample database comprises: all behavior characteristic information A of Lawful access sample of users B1 and unauthorized access sample of users B2, the property value Ai of each behavior characteristic information and the legal characteristic probability value P(Ai|B1 of each behavior characteristic information) and illegal characteristic probability value P(Ai|B2);
Described creation module comprises: select module, enquiry module and computing module, wherein,
Described selection module is for choosing the described Lawful access sample of users B1 of predetermined number and described unauthorized access sample of users B2;
Described enquiry module is for inquiring about property value Ai corresponding to each behavior characteristic information of obtaining described Lawful access sample of users and described unauthorized access sample of users;
Described computing module carries out conditional probability calculating for using property value Ai corresponding to each behavior characteristic information of described Lawful access sample of users B1 and described unauthorized access sample of users B2, obtain the described legal characteristic probability value P(Ai|B1 of each behavior characteristic information in described Lawful access sample of users), and in described unauthorized access sample of users the described illegal characteristic probability value P(Ai|B2 of each behavior characteristic information).
10. device according to claim 9, is characterized in that, described processing module comprises:
Probability evaluation entity, the described Lawful access probable value P(B1|Ai for using following Bayesian formula to calculate described calling party) and described unauthorized access probable value P(B2|Ai):
P(B1|Ai)=P(Ai|B1) P(B1)/P(Ai), wherein, described P(Ai|B1) be the described legal characteristic probability value of each behavior characteristic information in described Lawful access sample of users, described P(B1) be the predetermined probability value of described Lawful access sample of users, described P(Ai) for having the probability of described behavior characteristic information A in described Lawful access sample of users, i is natural number;
P(B2|Ai)=P(Ai|B2) P(B2)/P(Ai), wherein, described P(Ai|B2) be the described illegal characteristic probability value of each behavior characteristic information in described unauthorized access sample of users, described P(B2) be the predetermined probability value of described unauthorized access sample of users, described P(Ai) for having the probability of described behavior characteristic information A in described unauthorized access sample of users, i is natural number.
11. devices according to claim 10, is characterized in that, described determination module comprises:
Judge module, for judging whether the described Lawful access probable value of described current accessed user is greater than described unauthorized access probable value;
First sub-determination module, for when described Lawful access probable value is greater than described unauthorized access probable value, determines that described current accessed user is Lawful access user;
Second sub-determination module, for when described Lawful access probable value is less than described unauthorized access probable value, determines that described current accessed user is unauthorized access user.
12. devices according to claim 11, is characterized in that, described device also comprises:
Preserve module, for the attribute of described current accessed user and all behavior characteristic information are saved to described sample database;
First accumulator module, for when described current accessed user is described Lawful access user, adds 1 by the total amount of Lawful access user in described sample database, and the total amount of each behavior characteristic information of described current accessed user adds up 1 separately;
Second accumulator module, for when described current accessed user is described unauthorized access user, adds 1 by the total amount of unauthorized access user in described sample database, and the total amount of each behavior characteristic information of described current accessed user adds up 1 separately.
13. devices according to claim 11 or 12, it is characterized in that, described device also comprises:
First update module, for the described Lawful access probable value of described current accessed user and the Lawful access value range preset are compared, if the described Lawful access probable value of described current accessed user exceeds described Lawful access value range, send the first warning message;
Second update module, described unauthorized access probable value for described current accessed user compares with the unauthorized access value range preset, if the described unauthorized access probable value of described current accessed user exceeds described unauthorized access value range, send Secondary Report alarming information.
14. devices according to claim 13, is characterized in that, described device also comprises:
Extraction module, for extracting the legal characteristic probability value P(Ai|B1 of each behavior characteristic information described in described sample database) and illegal characteristic probability value P(Ai|B2);
Cache module, the legal characteristic probability value P(Ai|B1 for by described each behavior characteristic information) and illegal characteristic probability value P(Ai|B2) store in the buffer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410060028.4A CN104836781B (en) | 2014-02-20 | 2014-02-20 | Distinguish the method and device for accessing user identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410060028.4A CN104836781B (en) | 2014-02-20 | 2014-02-20 | Distinguish the method and device for accessing user identity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104836781A true CN104836781A (en) | 2015-08-12 |
| CN104836781B CN104836781B (en) | 2018-11-09 |
Family
ID=53814420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410060028.4A Active CN104836781B (en) | 2014-02-20 | 2014-02-20 | Distinguish the method and device for accessing user identity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104836781B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105208009A (en) * | 2015-08-27 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Safety detection method and apparatus of account number |
| CN105871702A (en) * | 2016-05-31 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Information identification method and server |
| CN105897676A (en) * | 2015-12-01 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | User resource access behavior processing method and device |
| CN106330864A (en) * | 2016-08-11 | 2017-01-11 | 北京小米移动软件有限公司 | Processing method, device and system for verifying information |
| CN106470204A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | User identification method based on request behavior characteristicss, device, equipment and system |
| CN106559394A (en) * | 2015-09-29 | 2017-04-05 | 腾讯科技(深圳)有限公司 | Network operation control method and device |
| CN106685674A (en) * | 2015-11-05 | 2017-05-17 | 华为技术有限公司 | Network event prediction and method and apparatus for establishing network event prediction model |
| CN106709298A (en) * | 2017-01-04 | 2017-05-24 | 广东欧珀移动通信有限公司 | Information processing method and device and intelligent terminal |
| CN106778389A (en) * | 2016-11-25 | 2017-05-31 | 维沃移动通信有限公司 | The loss detection method and mobile terminal of a kind of mobile terminal |
| CN106897880A (en) * | 2015-12-18 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of account methods of risk assessment and equipment |
| CN106998336A (en) * | 2016-01-22 | 2017-08-01 | 腾讯科技(深圳)有限公司 | User's detection method and device in channel |
| CN107819743A (en) * | 2017-10-24 | 2018-03-20 | 中国平安财产保险股份有限公司 | Resource access control method and terminal device |
| CN107872491A (en) * | 2016-09-28 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A data processing method and device |
| CN108243142A (en) * | 2016-12-23 | 2018-07-03 | 阿里巴巴集团控股有限公司 | Recognition methods and device and anti-spam content system |
| CN109150886A (en) * | 2018-08-31 | 2019-01-04 | 腾讯科技(深圳)有限公司 | Detecting structured query language injection attack and relevant device |
| CN110120115A (en) * | 2019-05-21 | 2019-08-13 | 秒针信息技术有限公司 | A kind of method, apparatus of prize drawing, equipment and medium |
| CN111090885A (en) * | 2019-12-20 | 2020-05-01 | 北京天融信网络安全技术有限公司 | User behavior auditing method and device, electronic equipment and storage medium |
| CN111125671A (en) * | 2019-12-19 | 2020-05-08 | 字节跳动有限公司 | Verification code processing method and device, storage medium |
| CN111209552A (en) * | 2020-04-20 | 2020-05-29 | 国网电子商务有限公司 | Identity authentication method and device based on user behaviors |
| CN113807862A (en) * | 2021-01-29 | 2021-12-17 | 北京沃东天骏信息技术有限公司 | Access security control method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394316A (en) * | 2008-11-11 | 2009-03-25 | 南京大学 | Bayesian Network Intrusion Classification Method Based on Completely Undirected Graph |
| CN102811343A (en) * | 2011-06-03 | 2012-12-05 | 南京理工大学 | An Intelligent Video Surveillance System Based on Behavior Recognition |
| WO2014023121A1 (en) * | 2012-08-10 | 2014-02-13 | 华为技术有限公司 | Method and device for launching individual content |
-
2014
- 2014-02-20 CN CN201410060028.4A patent/CN104836781B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394316A (en) * | 2008-11-11 | 2009-03-25 | 南京大学 | Bayesian Network Intrusion Classification Method Based on Completely Undirected Graph |
| CN102811343A (en) * | 2011-06-03 | 2012-12-05 | 南京理工大学 | An Intelligent Video Surveillance System Based on Behavior Recognition |
| WO2014023121A1 (en) * | 2012-08-10 | 2014-02-13 | 华为技术有限公司 | Method and device for launching individual content |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106470204A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | User identification method based on request behavior characteristicss, device, equipment and system |
| CN105208009B (en) * | 2015-08-27 | 2020-09-15 | 腾讯科技(深圳)有限公司 | Account security detection method and device |
| CN105208009A (en) * | 2015-08-27 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Safety detection method and apparatus of account number |
| WO2017054482A1 (en) * | 2015-09-29 | 2017-04-06 | 腾讯科技(深圳)有限公司 | Method and apparatus for controlling network operation |
| CN106559394B (en) * | 2015-09-29 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Network operation control method and device |
| CN106559394A (en) * | 2015-09-29 | 2017-04-05 | 腾讯科技(深圳)有限公司 | Network operation control method and device |
| US11196638B2 (en) | 2015-11-05 | 2021-12-07 | Huawei Technologies Co., Ltd. | Network event prediction method and apparatus and method and apparatus for establishing network-event prediction model |
| CN106685674A (en) * | 2015-11-05 | 2017-05-17 | 华为技术有限公司 | Network event prediction and method and apparatus for establishing network event prediction model |
| CN106685674B (en) * | 2015-11-05 | 2020-01-10 | 华为技术有限公司 | Method and device for predicting network event and establishing network event prediction model |
| CN105897676A (en) * | 2015-12-01 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | User resource access behavior processing method and device |
| CN106897880A (en) * | 2015-12-18 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of account methods of risk assessment and equipment |
| CN106897880B (en) * | 2015-12-18 | 2020-12-18 | 创新先进技术有限公司 | An account risk assessment method and device |
| CN106998336B (en) * | 2016-01-22 | 2020-07-31 | 腾讯科技(深圳)有限公司 | Method and device for detecting user in channel |
| CN106998336A (en) * | 2016-01-22 | 2017-08-01 | 腾讯科技(深圳)有限公司 | User's detection method and device in channel |
| CN105871702A (en) * | 2016-05-31 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Information identification method and server |
| CN106330864A (en) * | 2016-08-11 | 2017-01-11 | 北京小米移动软件有限公司 | Processing method, device and system for verifying information |
| CN106330864B (en) * | 2016-08-11 | 2019-11-29 | 北京小米支付技术有限公司 | The processing method of verification information, apparatus and system |
| CN107872491A (en) * | 2016-09-28 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A data processing method and device |
| CN106778389A (en) * | 2016-11-25 | 2017-05-31 | 维沃移动通信有限公司 | The loss detection method and mobile terminal of a kind of mobile terminal |
| CN108243142A (en) * | 2016-12-23 | 2018-07-03 | 阿里巴巴集团控股有限公司 | Recognition methods and device and anti-spam content system |
| CN106709298B (en) * | 2017-01-04 | 2020-04-17 | Oppo广东移动通信有限公司 | Information processing method and device and intelligent terminal |
| CN106709298A (en) * | 2017-01-04 | 2017-05-24 | 广东欧珀移动通信有限公司 | Information processing method and device and intelligent terminal |
| CN107819743A (en) * | 2017-10-24 | 2018-03-20 | 中国平安财产保险股份有限公司 | Resource access control method and terminal device |
| CN109150886A (en) * | 2018-08-31 | 2019-01-04 | 腾讯科技(深圳)有限公司 | Detecting structured query language injection attack and relevant device |
| CN110120115A (en) * | 2019-05-21 | 2019-08-13 | 秒针信息技术有限公司 | A kind of method, apparatus of prize drawing, equipment and medium |
| CN111125671A (en) * | 2019-12-19 | 2020-05-08 | 字节跳动有限公司 | Verification code processing method and device, storage medium |
| CN111125671B (en) * | 2019-12-19 | 2023-08-01 | 字节跳动有限公司 | Verification code processing method, device, and storage medium |
| CN111090885A (en) * | 2019-12-20 | 2020-05-01 | 北京天融信网络安全技术有限公司 | User behavior auditing method and device, electronic equipment and storage medium |
| CN111209552A (en) * | 2020-04-20 | 2020-05-29 | 国网电子商务有限公司 | Identity authentication method and device based on user behaviors |
| CN113807862A (en) * | 2021-01-29 | 2021-12-17 | 北京沃东天骏信息技术有限公司 | Access security control method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104836781B (en) | 2018-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104836781A (en) | Method distinguishing identities of access users, and device | |
| EP2691848B1 (en) | Determining machine behavior | |
| CN102413013B (en) | Method and device for detecting abnormal network behavior | |
| CN105100032B (en) | A kind of method and device for preventing resource from stealing | |
| CN104539514B (en) | Information filtering method and device | |
| CN107305611B (en) | Method and device for establishing model corresponding to malicious account and method and device for identifying malicious account | |
| CN112347457A (en) | Abnormal account detection method and device, computer equipment and storage medium | |
| CN112437034B (en) | False terminal detection method and device, storage medium and electronic device | |
| CN109857484A (en) | For the processing method and system of interface call request | |
| CN110457601A (en) | Identification method and device for social account, storage medium and electronic device | |
| CN110675252A (en) | Risk assessment method and device, electronic equipment and storage medium | |
| CN111104685B (en) | Dynamic updating method and device for two-dimension code | |
| CN113412607A (en) | Content pushing method and device, mobile terminal and storage medium | |
| CN117633783A (en) | Attack defense method and device of database, storage medium and electronic equipment | |
| CN106789837A (en) | Network anomalous behaviors detection method and detection means | |
| CN110572302B (en) | Diskless local area network scene identification method and device and terminal | |
| CN111447082B (en) | Determination method and device of associated account and determination method of associated data object | |
| CN110460593B (en) | Network address identification method, device and medium for mobile traffic gateway | |
| CN119603029A (en) | A network attack behavior detection method based on fingerprint, and computer equipment | |
| CN116232622B (en) | Data processing method, device and computer equipment | |
| CN110399399A (en) | Method, apparatus, electronic equipment and the storage medium of customer analysis | |
| CN111930995B (en) | Data processing method and device | |
| CN112434894A (en) | Real-time risk control method, computer equipment and readable storage medium | |
| CN119963177A (en) | A business processing method, related device, equipment and storage medium | |
| CN107465744A (en) | Data download control method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |