CN107222471B - Identification method and identification system for non-manual brushing function interface - Google Patents

Abstract

Embodiments of the present invention provide an identification method and an identification system for a non-manual swipe function interface. The identification method includes: adding or modifying a value of a setting calling parameter of a setting function interface in a server, and replacing the first value with The first numerical value and the second numerical value, so that the server can respond to the call function interface request carrying the value of the set calling parameter as the first numerical value or the second numerical value; in the client, the setting of the request calling function interface is called The first value of the parameter is modified to the second value, so that the user can send a function call interface request carrying the set call parameter value as the second value to the server through the client; analyze the set call parameters in the server log to determine whether the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual brushing function interface behavior, so as to actively identify the non-manual brushing function interface behavior, with high speed and high efficiency.

Description

A kind of identification method and identification system of non-artificial brush function interface

technical field

The invention relates to the technical field of network security protection, in particular to an identification method and an identification system of a non-artificial brush function interface.

Background technique

With the development of network technology, network services are becoming more and more developed, and online evaluation provides users with a certain degree of guidance and reference. However, because hackers use abnormal accounts to swipe the website without artificial, it will seriously affect the authenticity of the network evaluation.

At present, the methods to solve the problem of hackers' non-artificial brushing of websites are generally to identify access behaviors through server control and to identify access behaviors through Web applications.

Among them, the server control identification is divided into two parts: the server control part and the log analysis identification part. The server control mainly implements the packet filtering function through the processing of traffic packets, such as the IPtables of the system or the external IPs/ids device to control the number and frequency of visits to the website function by a single account and a single IP.

There are various specific implementation methods. For example, the account limit is limited to a fixed value for the number of accesses per second per account, and requests that exceed the limit will drop packets directly. The restriction on IP is that a single IP address can allow access to a fixed number of accounts per second, and account access requests exceeding the frequency will cause delayed access. The specific implementation is different. Taking iptables as an example, it can be implemented by the following settings:

Limit the number of visits to a single account:

iptables -A INPUT -p icmp -m limit --limit 3/s-j LOG --log-level INFO--log-prefix "ICMP packet IN:"

iptables -N syn-flood

iptables -A INPUT -p tcp --syn -j syn-flood

iptables -I syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -jRETURN

iptables -A syn-flood -j REJECT

Limit access frequency of a single IP:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 --tcp-flagsFIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 50 --connlimit-mask 32 -jREJECT - -reject-with icmp-port-unreachable

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 --tcp-flagsFIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 50 --connlimit-mask 32 -jREJECT - -reject-with icmp-port-unreachable

According to the processing result of the server control part, analyze the interception log of the control part, and identify and judge by counting the overtime and overfrequency access accounts and IPs. For the access behavior of over frequency and over number of times, according to a certain policy, define this part of the IP and account as non-artificial brush function interface behavior.

However, although the existing server-controlled identification technology can identify and block some non-manual behaviors of brushing interfaces, it cannot meet the requirements for efficient identification of non-manual interface behaviors in terms of implementation cost and effect. The following disadvantages exist:

Disadvantage 1: Frequency limitation for export IPs is actually a one-size-fits-all approach. It will seriously reduce the user's functional experience, and the interception function will directly cause accidental injury to normal users, and the problems of false positives and false negatives cannot be solved.

Disadvantage 2: It is necessary to write a large number of matching rules to intercept, and there is uncertainty in the writing of matching rules. The setting of the threshold requires a lot of practical experience and samples, and the effective recognition rate is low.

Disadvantage 3: The process of intercepting behavior -> analyzing logs is passive perception, and it is easy for hackers to use matching rules to conduct DOS or bypass attacks on functional interfaces.

In the second scheme, Web application identification is to identify the non-artificial interface behavior of the refresh function by analyzing the http request data (including URL, parameters, cookies, headers, request entities, etc.) of the application layer user.

The web application firewall can verify the requester's header referer and cookie, and can identify some non-artificial behaviors by setting different referers or cookies for different functional interfaces. An example of how a web application uses a referer to identify a non-manual refresh function interface is as follows:

www.example.com->referer: empty

login.example.com->referer:www.example.com

login.example.com/auth.ext->referer:login.example.com

login.example.com/secussed.ext->referer:login.example.com/auth.ext

Because the referer brushed by script or tool basically remains unchanged, and the manual operation is a page interface that is accessed step by step from the top of the page, and the referer carried by it will change according to the difference of the previous page. The web application determines whether it is a normal user operation by verifying whether the referer carried this time is the last visited page. In this way, different referers can be used to identify whether it is a functional interface accessed by manual operation,

In the same way, the web application can identify the behavior of non-manual interface brushing through different cookies, and the next cookie is generated based on the previous cookie. An example is as follows:

www.example.com->cookie1

login.example.com->cookie2

login.example.com/auth.ext->cookie3

login.example.com/secussed.ext->cookie4

By comparing the relationship between the current cookie and the previous cookie, it is determined whether it is a manual operation or a non-manual behavior of refreshing the function interface.

Although the control verification function of Web application is very powerful, there are inevitably some shortcomings that cannot be overcome.

Disadvantage 1: The user experience is greatly reduced, the user can only operate step by step, and the significance of the existence of the functional interface is reduced.

Disadvantage 2: Although the operation process becomes complicated, because it is a passive defense, the script tool can still simulate the operation behavior of normal users by requesting the operation of simulating the manual interface brushing multiple times. Not a small challenge.

Disadvantage 3: It increases the burden on the server. The function that can be realized by calling only one interface now requires multiple request verifications to realize. For high-level sites, it will cause a lot of service resource pressure.

Therefore, there is an urgent need for a method that can quickly and effectively identify a non-manual brushing function interface.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide an identification method and an identification system for a non-manual brushing function interface, which can quickly and effectively identify the non-manual brushing function interface.

On the one hand, an embodiment of the present invention provides a method for identifying a non-manual swipe function interface, and the identifying method includes:

Add or modify the value of the setting call parameter of the setting function interface in the server, and replace the first value with the first value and the second value, so that the server can respond that the value carrying the setting call parameter is the first value. A function interface request for calling a value or a second value;

In the client, the first value of the set call parameter of the request to call the function interface is modified to the second value, so that the user can send the call function interface request carrying the set call parameter value as the second value to the second value through the client Server;

Analyze the value of the setting call parameter in the server log, and determine whether the source of the sending function interface request corresponding to the value of the setting call parameter is a non-manual function interface behavior, wherein the server log stores information with The server responds to the setting invocation parameters and requester information carried in the corresponding sending invocation function interface request.

Optionally, the determining whether the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual brushing function interface behavior specifically includes:

If the value of the setting call parameter in the server log is the first value, then it is determined that the source of the sending function interface request corresponding to the first value is the behavior of non-manually brushing the function interface;

If the value of the setting invocation parameter in the server log is the second value, it is determined that the source of the sending function interface request corresponding to the second value is a manual operation behavior.

Optionally, the identification method further includes:

After it is determined that the source of the sending function interface request corresponding to the value of the set calling parameter is the behavior of non-manually swiping the function interface, tracking is performed according to the information of the requester that sends the corresponding calling function interface request, and the account and number of the non-manually swiping account are determined. / or IP address;

The non-manual brushing function interface behaviors are blocked in batches according to the account and/or IP address of the non-manual brushing.

Optionally, the identification method further includes:

Change the value of the setting function interface and the corresponding setting call parameters from time to time.

Optionally, the setting function interface and the value of the setting calling parameter are modified or added in advance in the background of the server, and the corresponding setting function interface and the value of the setting calling parameter are modified or hidden in advance in the background of the client.

The above technical solution has the following beneficial effects: by adding or modifying the value of the setting calling parameter of the setting function interface in the server, and modifying the numerical value of the setting calling parameter of the request calling function interface in the client, and the The value of the set call parameter carried by the request of the interface has not changed, so the change is active. According to the value of the set call parameter in the server log, it can be accurately, quickly and effectively determined whether the source of the corresponding sending function interface request is Non-artificial brush function interface behavior.

On the other hand, an embodiment of the present invention provides an identification system for a non-manual swipe function interface, and the identification system includes:

The server-side modification unit is used for adding or modifying the value of the setting call parameter of the setting function interface in the server side, and replacing the first value with the first value and the second value, so that the server can respond to the setting call parameter with the setting function interface. The call function interface request that the value of the set call parameter is the first value or the second value;

The client-side modification unit is used to modify the first value of the set invocation parameter of the request to invoke the function interface to the second value in the client, so that the user can send a message carrying the value of the set invocation parameter as the second value through the client Invoke a functional interface request to the server;

An analysis unit, configured to analyze the value of the setting call parameter in the server log, and determine whether the source of the sending function interface request corresponding to the value of the setting call parameter is a non-manual brushing function interface behavior, wherein the server The log stores the set invocation parameters and requester information carried in the request to send the invocation function interface corresponding to the server response.

Optionally, the analysis unit is specifically configured to, if the value of the set calling parameter in the server log is a first value, determine that the source of the sending function interface request corresponding to the first value is a non-manual refresh function interface. behavior; if the value of the setting invocation parameter in the server log is a second value, it is determined that the source of the sending function interface request corresponding to the second value is a manual operation behavior.

Optionally, the identification system further includes:

The tracking unit is connected to the analysis unit, and is configured to, after determining that the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual brushing function interface behavior, send the requester information corresponding to the calling function interface request according to the Track and determine the account and/or IP address of the non-manually swiped account;

A blocking unit, connected with the tracking unit, is configured to block the non-manual brushing function interface behaviors in batches according to the account and/or IP address of the non-manual brushing.

Optionally, the identification system further includes:

The replacement unit is respectively connected with the server-side changing unit and the client-side changing unit, and is used for changing the value of the setting function interface and the corresponding setting calling parameter from time to time.

Optionally, the server-side modification unit pre-covertly modifies or adds the setting function interface and the value of the setting calling parameter in the server-side background, and the client-side modification unit pre-covertly modifies the corresponding setting function interface in the client-side background. and set the value of the recall parameter.

The above technical solution has the following beneficial effects: the present invention sets a server-side changing unit, a client-side changing unit, and an analysis unit, and by adding or modifying the value of the setting calling parameter of the setting function interface in the server, and modifying the request call in the client The value of the set call parameter of the functional interface, but the value of the set call parameter carried by the non-manual request to the function interface has not changed, so the change is active, and the value of the set call parameter in the server log can be accurate. , Quickly and effectively determine whether the source of the corresponding sending function interface request is a non-artificial brushing function interface behavior.

Description of drawings

In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

1 is a flowchart of a method for identifying a non-manual brushing function interface according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of a unit structure of an identification system of a non-manual brush function interface according to an embodiment of the present invention.

Symbol Description:

Server-1, client-2, server log-3, server-side modification unit-4, client-side modification unit-5, analysis unit-6, tracking unit-7, blocking unit-8.

Detailed ways

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

The purpose of the present invention is to provide a method for identifying a non-artificial brushing function interface, by adding or modifying the value of the setting calling parameter of the setting function interface in the server, and modifying the setting calling parameter of the request calling function interface in the client However, since the value of the set call parameter carried by the non-manual request to the functional interface has not changed, the change has become active, and the corresponding value can be accurately, quickly and effectively determined according to the value of the set call parameter in the server log. Whether the source of the sending function interface request is a non-manual brush function interface behavior.

Functional interface: It is an interface provided by the website for users to realize a certain function. Users can realize functions such as viewing, commenting, and operation by calling the functional interface.

Non-artificial function interface behavior or non-manual website brushing behavior: Hackers use a large number of accounts to implement batch operations on a function or activity through technologies such as batch management script tools and network agents, and simulate the manual operation of normal users to achieve one person. Control a large number of accounts to achieve the purpose of brushing the station.

In order to make the above objects, features and advantages of the present invention more clearly understood, the present invention will be described in further detail below with reference to the accompanying drawings and specific embodiments.

As shown in Figure 1, the identification method of the non-artificial brush function interface of the present invention includes:

Step 100: Add or modify the value of the setting call parameter of the setting function interface in the server, and replace the first value with the first value and the second value, so that the server can respond to the parameter carrying the setting call parameter. A request for calling a function interface whose value is the first value or the second value.

Step 200: In the client, modify the first value of the set invocation parameter of the request to invoke the function interface to the second value, so that the user can send the function interface request carrying the set invocation parameter value as the second value through the client to the server.

Step 300: Analyze the value of the setting call parameter in the server log, and determine whether the source of the sending function interface request corresponding to the value of the setting call parameter is a non-manual function interface behavior. The set invocation parameters and requester information carried by the sending invocation function interface request corresponding to the server response are stored.

Step 400: After determining that the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual swiping function interface behavior, trace the requester information that sends the corresponding calling function interface request, and determine the non-manual swiping function interface request. account and/or IP address.

Step 500 : Block the non-manually brushing function interface behaviors in batches according to the account and/or IP address of the non-manual brushing.

Since only real-name mobile phone numbers can be used to register site accounts, and a large number of repeated registrations are not allowed, if the tracked hacker accounts and/or IP addresses are blocked in batches, this can fundamentally reduce network security threats, especially for network fraud. The act of standing inflicted a fatal blow.

Further, the setting function interface and the value of the setting calling parameter are modified or added in advance in the background of the server, and the corresponding setting function interface and the value of the setting calling parameter are modified or hidden in advance in the background of the client.

In step 300, determining whether the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual brushing function interface behavior, specifically including:

If the value of the setting call parameter in the server log is the first value, then it is determined that the source of the sending function interface request corresponding to the first value is the behavior of non-manually brushing the function interface;

If the value of the setting invocation parameter in the server log is the second value, it is determined that the source of the sending function interface request corresponding to the second value is a manual operation behavior.

Since the logic of the script tool is fixed, and the requested interface is also fixed, the hacker will first encapsulate the target interface of the brush into the script tool, and then sell it to downstream users through the black production chain. At this time, the station takes the initiative to modify the value of the call parameter set in the setting function interface, and change the first value to the second value, but at the same time ensure that the original value and the first value can be accessed normally. In this case, the logic in the script tool and parameter values easily do not change. Only when there is a problem with the use of the script tool will the station's active modification of parameter values be found. In this way, the parameters passed in the batch de-brush function interface are still the previously set values, and the results achieved are the same as expected. The normal user's operation will pass the parameter value of the modified functional interface. According to the steps 100 to 500, the manual and non-manual swipe function interface behaviors can be accurately identified, and the security of the network is improved.

Since the interface parameters are modified in the background of the server or the client, normal users do not need to make any changes. The interface with the modified parameters is automatically loaded on the client side, and the interface returns normal results, and normal users are unaware of the use. For example, for microblog like behavior, users do not need to know the specific parameters of the "like" interface. If the server-side parameters change, the user does not need to make changes. All changes happen in the background. However, the functional interface in the hacker script tool is written in advance and will not automatically change the requested interface parameters.

Although the manual and non-manual return results are the same, the passed parameter values are not the same. The different parameter values carried when analyzing the request in the server log part can identify the interface behavior of the non-manual brush function (that is, the script brushing behavior) , and further track the requester's information to know the account and/or IP address of the non-manual brush.

In terms of implementation, it is necessary to keep continuously adjusting the parameters of the function interface, so as to achieve a better effect. The identification method of the non-manual brush function interface of the present invention also includes changing the setting function interface and the corresponding setting calling parameters from time to time. value, repeat steps 100 to 500.

The difference between the identification method of the non-artificial swipe function interface of the present invention and the traditional identification method lies in the conversion of both offensive and defensive ends. The traditional anti-brush solution is to use various technologies and strategies to passively prevent brushing. The advantage of this method is that it is deployed once and is effective for a long time. In view of this, hackers will continue to improve their scripting level and try to bypass the limitations of strategies and technologies. There is always a way to overcome a set of dead defense solutions. There are still various false positives and loopholes in the results of traditional scheme identification, which greatly reduces the effect. The present invention is an active attack. Without the knowledge of the hacker, it can be successfully identified through the script tool to simulate the normal user operation in batches. The batch account ID mastered by the hacker and the network proxy IP used by the hacker have been completely exposed. Given to the station, the station is no longer a dead plan for hackers to analyze and attack, but constantly changes its own strategy and actively recognizes and defends the non-artificial brushing interface behavior of hackers.

The following is an example of identifying whether a Weibo like is a normal user operation or a script tool:

Step 1: Find the likes interface on the server:

http://weibo.com/aj/v6/like/add? ajwvr=6&loc=profile&location=page_100505_home&mid=4067200547501908&qid=heart&version=mini (this is the interface of post-type transmission parameters, the backend will verify the referer and cookie, the present invention is written in the form of get transmission for convenience) This is a like interface for post transmission , there is a setting call parameter of ajwvr=6 in the parameter. Modify the value of the setting call parameter to ajwvr=7 in the server background, then the interface becomes http://weibo.com/aj/v6/like/add ? ajwvr=7&loc=profile&location=page_100505_home&mid=4067200547501908&qid=heart&version=mini and the request with the original parameter ajwvr=6 also returns the content normally.

The operation of the second step: Change the value of the setting call parameter of post transmission of the interface for requesting likes in the client to ajwvr=7, then the request interface when a normal user likes on a webpage becomes:

http://weibo.com/aj/v6/like/add? ajwvr=7&loc=profile&location=page_100505_home&mid=4067200547501908&qid=heart&version=mini.

At this time, the value of the calling parameter ajwvr carried by the like request interface of the script tool is still ajwvr=6 (because the like request interface of the script is encapsulated before, so the ajwvr value is still ajwvr=6), not The request interface when manually liking a webpage becomes: http://weibo.com/aj/v6/like/add? ajwvr=6&loc=profile&location=page_100505_home&mid=4067200547501908&qid=heart&version=mini.

The third step of operation: The hacker uses the script to carry the 10,000 accounts in his hands with his own cookies and fixed referers. By setting different IP addresses and time, he likes the target simulating normal users 10,000 times. The returned result is the same as The expectations are the same, and the likes are successful. And normal users can also click likes through the page to call the interface. There is no difference between scripting likes and ordinary users’ likes, and hackers like them successfully.

The operation of the fourth step: analyze the server analysis log, determine that the like corresponding to the parameter of ajwvr=6 is swiped by the script, and then track according to the information of the requester who sent the corresponding like request, and determine the account and number of the non-manually swiped. / or IP address.

The operation of the fifth step: according to the account and/or IP address of the non-manual brushing, batch blocking the non-manual brushing function interface behavior.

Operation of the sixth step: Change the value of the setting function interface and the corresponding setting calling parameter from time to time, and repeat the above steps. Because this method is repeatedly used many times, it may be discovered that hackers only need to update the interface parameter values in their own scripts to crack. At this time, you need to repeat the operations of the above steps again, and change the setting function interface and the corresponding setting call parameter values from time to time. The replaced interface and parameter values are hidden and set in advance by the background.

The present invention identifies whether the function interface is called by manual operation or swiping behavior by dynamically and secretly setting some special signs, so that the behavior of the non-artificial function interface can be correctly identified. Due to the use of active, concealed and dynamic technical means to set special identifiers in advance, the hacker's script tool operation behavior can be accurately exposed in the log analysis, so it can accurately identify the behavior of the non-manual brush function interface, which is accurate for the site. Taking the next action provides a strong basis, and has a beneficial effect on the safety of the station, especially the anti-brush of the functional interface.

In addition, the present invention also provides an identification system for a non-artificial brushing function interface, which can quickly and effectively identify the non-manual brushing function interface. As shown in FIG. 2 , the identification system of the non-manual swipe function interface of the present invention includes a server-side changing unit 4 , a client-side changing unit 5 , an analysis unit 6 , a tracking unit 7 and a blocking unit 8 .

Wherein, the server changing unit 4 is connected to the server 1, and is used to add or modify the value of the setting calling parameter of the setting function interface in the server 1, and replace the first value with the first value and the second value , so that the server 1 can respond to the call function interface request carrying the value of the set call parameter as the first value or the second value.

The client changing unit 5 is connected to the client 2, and is used to modify the first numerical value of the set calling parameter of the request calling function interface in the client 2 to the second numerical value, so that the user can send the Set the calling parameter value as the second value to request the calling function interface to the server 1 .

The analysis unit 6 and the server log 3 are used to analyze the value of the setting call parameter in the server log 3, and determine whether the source of the sending function interface request corresponding to the value of the setting call parameter is a non-manual brushing function Interface behavior, wherein, the server log 3 stores the set invocation parameters and requester information carried in the request to send the invocation function interface corresponding to the response of the server 1 .

Wherein, the analyzing unit 6 is specifically configured to, if the value of the setting calling parameter in the server log 3 is the first value, determine that the source of the sending function interface request corresponding to the first value is a non-manual brushing function interface Behavior; if the value of the setting call parameter in the server log 3 is the second value, it is determined that the source of the sending function interface request corresponding to the second value is a manual operation behavior.

The tracking unit 7 is connected with the analysis unit 6, and is used for, after determining that the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual brushing function interface behavior, according to sending the corresponding calling function interface request. The requester information is tracked to determine the account and/or IP address of the non-manually swiped.

The blocking unit 8 is connected to the tracking unit 7, and is configured to block the non-manually brushing function interface behaviors in batches according to the account and/or IP address of the non-manual brushing.

In addition, the identification system of the non-manual brushing function interface of the present invention further includes a replacement unit, and the replacement unit is respectively connected with the server-side changing unit and the client-side changing unit 5, and is used for changing the setting function interface and the corresponding Set the value of the recall parameter.

Further, the server-side modification unit 4 conceals and modifies or adds the setting function interface and the value of the setting call parameter in advance in the server-side background, and the client-side modification unit 5 conceals and modifies the corresponding setting function in the client-side background in advance. Interface and set the number of call parameters.

Compared with the prior art, the identification system of the non-manual swipe function interface of the present invention has the same beneficial effects as the above-mentioned identification method of the non-artificial swipe function interface, which will not be repeated here.

It is understood that the specific order or hierarchy of steps in the disclosed processes is an example of a sample approach. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not meant to be limited to the specific order or hierarchy presented.

In the foregoing Detailed Description, various features are grouped together in a single embodiment for the purpose of simplifying the disclosure. This method of disclosure should not be interpreted as reflecting an intention that embodiments of the claimed subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, present invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the Detailed Description, with each claim standing on its own as a separate preferred embodiment of this invention.

The disclosed embodiments are described above to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit and scope of this disclosure. Thus, the present disclosure is not intended to be limited to the embodiments set forth herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

The above description includes examples of one or more embodiments. Of course, it is not possible to describe all possible combinations of components or methods in order to describe the above embodiments, but one of ordinary skill in the art will recognize that further combinations and permutations of the various embodiments are possible. Accordingly, the embodiments described herein are intended to cover all such changes, modifications and variations that fall within the scope of the appended claims. Furthermore, with respect to the term "comprising," as used in the specification or claims, the word is encompassed in a manner similar to the term "comprising," as if "comprising," were construed as a conjunction in the claims. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or."

Those skilled in the art may also understand that various illustrative logical blocks (illustrative logical blocks), units, and steps listed in the embodiments of the present invention may be implemented by electronic hardware, computer software, or a combination of the two. To clearly demonstrate the interchangeability of hardware and software, the various illustrative components, units and steps described above have generally described their functions. Whether such functionality is implemented in hardware or software depends on the specific application and overall system design requirements. Those skilled in the art may use various methods to implement the described functions for each specific application, but such implementation should not be construed as exceeding the protection scope of the embodiments of the present invention.

The various illustrative logic blocks, or units described in the embodiments of the present invention can be implemented by general-purpose processors, digital signal processors, application specific integrated circuits (ASICs), field programmable gate arrays or other programmable logic devices, discrete Gate or transistor logic, discrete hardware components, or any combination of the above are designed to implement or operate the functions described. A general-purpose processor may be a microprocessor, or alternatively, the general-purpose processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented by a combination of computing devices, such as a digital signal processor and a microprocessor, multiple microprocessors, one or more microprocessors in combination with a digital signal processor core, or any other similar configuration. accomplish.

The steps of the method or algorithm described in the embodiments of the present invention may be directly embedded in hardware, a software module executed by a processor, or a combination of the two. Software modules may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM, or any other form of storage medium known in the art. Illustratively, a storage medium may be coupled to the processor such that the processor may read information from, and store information in, the storage medium. Optionally, the storage medium can also be integrated into the processor. The processor and storage medium may be provided in the ASIC, and the ASIC may be provided in the user terminal. Alternatively, the processor and the storage medium may also be provided in different components in the user terminal.

In one or more exemplary designs, the above functions described in the embodiments of the present invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on, or transmitted over, a computer-readable medium in the form of one or more instructions or code. Computer-readable media includes computer storage media and communication media that facilitate the transfer of a computer program from one place to another. Storage media can be any available media that a general-purpose or special-purpose computer can access. For example, such computer-readable media may include, but are not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other device that can be used to carry or store instructions or data structures and Other media in the form of program code that can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Furthermore, any connection is properly defined as a computer-readable medium, for example, if software is transmitted from a web site, server or other remote source over a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL) Or transmitted by wireless means such as infrared, wireless, and microwave are also included in the definition of computer-readable media. The disks and disks include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks. Disks usually reproduce data magnetically, while discs generally reproduce data optically with lasers. Combinations of the above can also be included in computer readable media.

The specific embodiments described above further describe the objectives, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (8)

1. A method for identifying a non-manual brushing function interface is characterized by comprising the following steps:

adding or modifying the value of the set calling parameter of the set function interface in the server, and replacing the first value with a first value and a second value, so that the server can respond to a calling function interface request carrying the value of the set calling parameter as the first value or the second value;

modifying a first value of a set calling parameter requesting to call a functional interface into a second value in a client, so that a user can send a calling functional interface request carrying the set calling parameter value as the second value to the server through the client;

analyzing the value of the set calling parameter in the log of the server, and determining whether the source of the function interface request corresponding to the value of the set calling parameter is a non-manual function interface refreshing behavior, specifically comprising: if the value of the set calling parameter in the server log is a first value, determining that the source of the function interface request corresponding to the first value is a non-manual function interface refreshing behavior; if the value of the set calling parameter in the server log is a second value, determining that the source of the function interface sending request corresponding to the second value is a manual operation behavior;

and the server log stores set calling parameters and requester information carried by a function interface sending and calling request corresponding to the server response.

2. The method of claim 1, further comprising:

after determining that the source of the function interface sending request corresponding to the value of the set calling parameter is a non-manual function interface refreshing behavior, tracking according to requester information of the function interface sending request, and determining an account number and/or an IP address of the non-manual function interface refreshing;

and sealing and killing the non-manual brushing function interface behaviors in batches according to the account number and/or the IP address of the non-manual brushing.

3. The method of claim 1, further comprising:

and the setting function interface and the corresponding value of the setting calling parameter are changed at irregular time.

4. The method for identifying a non-manual swiping function interface according to any one of claims 1 to 3, wherein the values of the set function interface and the set calling parameter are pre-concealed and modified or added in the background of the server, and the values of the corresponding set function interface and the set calling parameter are pre-concealed and modified in the background of the client.

5. A recognition system for a non-manual swipe function interface, the recognition system comprising:

the server side changing unit is used for adding or modifying the value of the set calling parameter of the set function interface in the server side, and changing the first value into a first value and a second value, so that the server side can respond to a calling function interface request carrying the value of the set calling parameter as the first value or the second value;

the client changing unit is used for modifying a first numerical value of a set calling parameter for requesting to call the functional interface into a second numerical value in the client, so that a user can send a calling functional interface request carrying the set calling parameter numerical value as the second numerical value to the server through the client;

an analysis unit, configured to analyze a value of a set call parameter in a server log, and determine whether a source of a function interface request sent corresponding to the value of the set call parameter is a non-manual function interface refreshing behavior, where the analysis unit is specifically configured to: if the value of the set calling parameter in the server log is a first value, determining that the source of the function interface request corresponding to the first value is a non-manual function interface refreshing behavior; if the value of the set calling parameter in the server log is a second value, determining that the source of the function interface sending request corresponding to the second value is a manual operation behavior;

and the server log stores set calling parameters and requester information carried by a function interface sending and calling request corresponding to the server response.

6. The system of claim 5, further comprising:

the tracking unit is connected with the analysis unit and used for tracking according to requester information which sends a corresponding calling function interface request after determining that the source of the sending function interface request corresponding to the value of the set calling parameter is a non-manual function interface brushing behavior, and determining an account number and/or an IP address of the non-manual function interface brushing;

and the sealing and killing unit is connected with the tracking unit and is used for sealing and killing the non-manual brushing function interface behaviors in batches according to the account number and/or the IP address of the non-manual brushing.

7. The system of claim 5, further comprising:

and the replacing unit is respectively connected with the server changing unit and the client changing unit and is used for replacing the setting function interface and the corresponding value of the setting calling parameter at irregular time.

8. The system for identifying a non-manual-swiping function interface according to any one of claims 5-7, wherein the server modifying unit conceals and modifies or adds the setting function interface and the setting calling parameter value in the server background in advance, and the client modifying unit conceals and modifies the corresponding setting function interface and the setting calling parameter value in the client background in advance.