[go: up one dir, main page]

CN103559210B - The ranking fraud detection method and ranking fraud detection system of application program - Google Patents

The ranking fraud detection method and ranking fraud detection system of application program Download PDF

Info

Publication number
CN103559210B
CN103559210B CN201310470187.7A CN201310470187A CN103559210B CN 103559210 B CN103559210 B CN 103559210B CN 201310470187 A CN201310470187 A CN 201310470187A CN 103559210 B CN103559210 B CN 103559210B
Authority
CN
China
Prior art keywords
ranking
active
period
fraud
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310470187.7A
Other languages
Chinese (zh)
Other versions
CN103559210A (en
Inventor
祝恒书
于魁飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhigu Ruituo Technology Services Co Ltd
Original Assignee
Beijing Zhigu Ruituo Technology Services Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhigu Ruituo Technology Services Co Ltd filed Critical Beijing Zhigu Ruituo Technology Services Co Ltd
Priority to CN201310470187.7A priority Critical patent/CN103559210B/en
Publication of CN103559210A publication Critical patent/CN103559210A/en
Application granted granted Critical
Publication of CN103559210B publication Critical patent/CN103559210B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2127Bluffing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a kind of ranking fraud detection method of application program and ranking fraud detection system.Methods described includes:Active period detecting step, the active period of the application program is detected based on history ranking information;Ranking fraud detection step, is detected based at least one evidence related to ranking to the active period, obtains ranking fraud detection result.The method and system of the present invention can automatically identify the ranking fraud relevant with application program, so that application user obtains real application program ranking information.

Description

应用程序的排名欺诈检测方法和排名欺诈检测系统Ranking fraud detection method and ranking fraud detection system for applications

技术领域technical field

本发明涉及网络领域,尤其涉及一种应用程序的排名欺诈检测方法和排名欺诈检测系统。The invention relates to the network field, in particular to a ranking fraud detection method for application programs and a ranking fraud detection system.

背景技术Background technique

用户应用程序,尤其是安装并运行于移动终端的移动应用程序近年来发展迅速。为了方便用户选择并安装应用程序,很多应用程序网站或应用程序商店会集中地提供应用程序的查询、下载、评价等服务,同时还会定期地,例如每日,发布应用程序排行榜(Application Leaderboard)以体现一些当前受用户欢迎的应用程序。事实上,该排行榜是促销应用程序的最重要手段之一,应用程序在排行榜上很高的排名通常会刺激用户大量下载该应用程序,并为应用程序开发者带来巨大的经济收益。因此,应用程序开发者非常希望其应用程序在排行榜上占据更高的排名。User applications, especially mobile applications installed and run on mobile terminals have developed rapidly in recent years. In order to make it easier for users to select and install applications, many application websites or application stores will provide services such as application query, download, and evaluation in a centralized manner, and will also publish application leaderboards (Application Leaderboard) on a regular basis, for example, every day. ) to reflect some applications that are currently popular with users. In fact, the leaderboard is one of the most important means of promoting an application, and a high ranking of an application on the leaderboard usually stimulates users to download the application in large numbers and brings huge economic benefits to the application developer. Therefore, app developers would very much like their apps to occupy higher positions on the leaderboards.

应用程序的排名欺诈(Ranking Fraud)是指目的在于提高应用程序在应用程序排行榜上的排名而进行的欺骗行为。事实上,不同于依赖传统的市场手段来提高应用程序排名,应用程序开发者通过夸大其产品销量或发布虚假的产品评价来实施排名欺诈的行为已经越来越普遍,例如雇佣“水军(human water armies)”来在短时间内提升应用程序的下载量和评价次数等。Ranking Fraud of an application is a fraudulent behavior aimed at improving the ranking of an application on the application leaderboard. In fact, instead of relying on traditional marketing methods to improve app rankings, it has become more and more common for app developers to commit ranking fraud by exaggerating their product sales or posting false product reviews, such as hiring "human trolls". water armies)” to increase the number of app downloads and reviews in a short period of time.

业界已经意识到防止排名欺诈以使应用程序用户获得真实的应用程序排名信息的重要性。为了防止应用程序的排名欺诈,现有的办法是根据一天内应用程序排名上升的程度来推断排名欺诈行为的存在,并在判断出现排名欺诈的时候直接锁定整个应用程序的排名,这种方式过于简单粗暴,难以准确判断排名欺诈行为而且伤害了正常应用程序的排名上升。可见,本领域对于应用程序的排名欺诈检测问题的理解和研究还非常有限,至今还不存在有效检测应用程序的排名欺诈的相关技术。The industry has realized the importance of preventing ranking fraud so that app users can obtain real app ranking information. In order to prevent application ranking fraud, the existing method is to infer the existence of ranking fraud based on the degree of increase in the ranking of the application within a day, and directly lock the ranking of the entire application when it is judged that ranking fraud occurs. This method is too Simple and rude, it is difficult to accurately judge ranking fraud and hurt the ranking rise of normal applications. It can be seen that the understanding and research on the problem of ranking fraud detection of application programs in this field is still very limited, and there is no relevant technology for effectively detecting ranking fraud of application programs so far.

发明内容Contents of the invention

本发明的目的在于提供一种应用程序的排名欺诈的检测技术,从而自动地有效识别出与应用程序有关的排名欺诈行为,以使应用程序用户获得真实的应用程序排名信息。The purpose of the present invention is to provide a detection technology for application ranking fraud, so as to automatically and effectively identify the ranking fraud related to application programs, so that application program users can obtain real application program ranking information.

为解决上述技术问题,根据本发明的一个方面,提供一种应用程序的排名欺诈检测方法,所述方法包括:In order to solve the above technical problems, according to one aspect of the present invention, a ranking fraud detection method for an application program is provided, the method comprising:

活跃期检测步骤,基于历史排名信息检测所述应用程序的活跃期;The active period detection step is to detect the active period of the application program based on historical ranking information;

排名欺诈检测步骤,基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果。The ranking fraud detection step is to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

根据本发明的另一个方面,还提供一种应用程序的排名欺诈检测系统,所述系统包括:According to another aspect of the present invention, there is also provided a ranking fraud detection system for applications, the system comprising:

活跃期检测单元,用于基于历史排名信息检测所述应用程序的活跃期;An active period detection unit, configured to detect the active period of the application based on historical ranking information;

排名欺诈检测单元,用于基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果。A ranking fraud detection unit, configured to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

根据本发明的另一个方面,还提供一种应用程序的排名欺诈检测方法,所述方法包括:According to another aspect of the present invention, there is also provided a ranking fraud detection method for an application, the method comprising:

基于至少一个与排名相关的证据对应用程序的活跃期进行检测,得到排名欺诈检测结果。The active period of the application program is detected based on at least one ranking-related evidence, and a ranking fraud detection result is obtained.

根据本发明的另一个方面,还提供一种应用程序的排名欺诈检测系统,所述系统包括:According to another aspect of the present invention, there is also provided a ranking fraud detection system for applications, the system comprising:

排名欺诈检测单元,用于基于至少一个与排名相关的证据对应用程序的活跃期进行检测,得到排名欺诈检测结果。The ranking fraud detection unit is configured to detect the active period of the application program based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

本发明的方法及系统能够自动地有效识别出与应用程序有关的排名欺诈行为,从而使应用程序用户获得真实的应用程序排名信息。The method and system of the present invention can automatically and effectively identify ranking fraud related to application programs, so that application program users can obtain real application program ranking information.

附图说明Description of drawings

图1是本发明具体实施方式中应用程序的排名欺诈检测方法的流程图;Fig. 1 is a flow chart of the ranking fraud detection method of the application program in the specific embodiment of the present invention;

图2a是在应用程序排行榜中活跃事件的一个示例;Figure 2a is an example of an active event in an application leaderboard;

图2b是在应用程序排行榜中活跃期的一个示例;Figure 2b is an example of an active period in an application leaderboard;

图3是应用程序的一个活跃事件中不同排名阶段的示意图;Fig. 3 is a schematic diagram of different ranking stages in an active event of the application;

图4a是一个疑似存在排名欺诈的应用程序的排名记录示意图;Figure 4a is a schematic diagram of a ranking record of an application suspected of ranking fraud;

图4b是一个正常应用程序的排名记录示意图;Figure 4b is a schematic diagram of a ranking record of a normal application;

图5是本发明具体实施方式中应用程序的排名欺诈检测系统的系统结构图;Fig. 5 is a system structural diagram of the ranking fraud detection system of the application program in the specific embodiment of the present invention;

图6是本发明另一实施例中应用程序的排名欺诈检测系统的结构示意图。Fig. 6 is a schematic structural diagram of a ranking fraud detection system for an application program in another embodiment of the present invention.

具体实施方式detailed description

下面结合附图和实施例,对本发明的具体实施方式作进一步详细说明。以下实施例用于说明本发明,但不用来限制本发明的范围。The specific implementation manners of the present invention will be described in further detail below in conjunction with the accompanying drawings and examples. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

本发明针对与应用程序排名相关的技术问题进行研究,因此本领域技术人员对本发明中的“应用程序”应做广义理解,其包括可发布于互联网并可供用户下载、评价、执行的各种程序或文件,即包括运行于个人电脑中的传统应用程序、运行于移动终端的移动应用程序,也包括可下载并播放的图片、音频、视频等多媒体文件等。The present invention studies the technical issues related to the ranking of application programs. Therefore, those skilled in the art should have a broad understanding of the "application program" in the present invention, which includes various applications that can be published on the Internet and available for users to download, evaluate, and execute. Programs or files include traditional applications running on personal computers, mobile applications running on mobile terminals, and multimedia files such as pictures, audio, and video that can be downloaded and played.

在检测应用程序的排名欺诈时,有几个需要解决的重要问题。首先,在应用程序的整个生命周期中并不会总出现排名欺诈,因此首先需要检测可能出现排名欺诈的时间;第二,由于应用程序数量巨大,很难手工地为每个出现排名欺诈的应用程序进行标定,因此需要提供一种自动检测排名欺诈的技术;第三,现有技术中并不确定可基于何种依据来检测排名欺诈的存在。There are several important issues that need to be addressed when detecting ranking fraud for apps. First of all, ranking fraud does not always occur in the entire life cycle of the application, so it is first necessary to detect the time when ranking fraud may occur; second, due to the huge number of applications, it is difficult to manually identify each application that has ranking fraud Therefore, it is necessary to provide a technology for automatically detecting ranking fraud; thirdly, in the prior art, it is not sure what basis can be used to detect the existence of ranking fraud.

本发明的一个具体实施方式对应用程序的排名欺诈行为进行了整体性的分析和研究,提供了一种可检测应用程序的排名欺诈的技术,其可通过对应用程序的历史排名信息的分析来检测应用程序的“活跃期”,针对活跃期中应用程序的排名特征,基于与排名相关的证据来进行排名欺诈的检测。A specific embodiment of the present invention conducts overall analysis and research on the ranking fraud of the application program, and provides a technology for detecting the ranking fraud of the application program, which can be detected by analyzing the historical ranking information of the application program. Detect the "active period" of the application, aim at the ranking characteristics of the application in the active period, and detect ranking fraud based on the evidence related to the ranking.

根据发明人的分析发现,存在排名欺诈的应用程序并不会长期在排名榜上占据很高的排名,排名较高的情况仅是作为一些独立事件集中发生在一段相对较短的时期内,这表明排名欺诈行为正是发生在这段时期内。在本发明中,可将应用程序持续排名较高的时期称为应用程序的“活跃事件(Leading Event)”,可将频繁发生活跃事件的时期称为应用程序的“活跃期(Leading Session)”。因此,对于排名欺诈的检测首先需要检测每个应用程序有可能存在排名欺诈的该活跃事件和该活跃期。According to the analysis of the inventors, it is found that applications with ranking fraud do not occupy a high ranking on the ranking list for a long time, and the high ranking is only concentrated in a relatively short period of time as some independent events. Indicating that ranking fraud occurred during this period. In the present invention, the period in which the application continues to rank higher can be called the "Leading Event" of the application, and the period in which active events occur frequently can be called the "Leading Session" of the application . Therefore, the detection of ranking fraud first needs to detect the active event and the active period in which ranking fraud may exist in each application.

应用程序商店运营商处拥有应用程序的历史排名信息,从应用程序商店运营商处直接获取,或通过对应用程序商店运营商在一段较长历史时期内持续发布的应用程序排行榜信息进行分析和处理,也可以获得应用程序的历史排名信息。由于应用程序的该历史排名信息记载了有关应用程序排名的历史信息和相关的用户评价信息,因此在本发明具体实施方式中,可以基于该历史排名信息来进行每个应用程序的活跃事件和活跃期的检测,并进而实现对排名欺诈的检测。通过分析应用程序的排名行为发现,相比于正常的应用程序而言,存在排名欺诈的应用程序在活跃事件和活跃期内会呈现成不同的排名特征。因此,有可能从应用程序的历史排名信息中抽取出一些与排名相关的用于判定排名欺诈的证据,并获取这些证据,从而实现对排名欺诈的检测。The application store operator has the historical ranking information of the application, which is obtained directly from the application store operator, or through the analysis and analysis of the application ranking information continuously released by the application store operator in a long historical period. processing, and historical ranking information for applications can also be obtained. Since the historical ranking information of the application program records the historical information about the ranking of the application program and related user evaluation information, in the specific implementation manner of the present invention, the active events and active events of each application program can be carried out based on the historical ranking information. Periodic detection, and then realize the detection of ranking fraud. By analyzing the ranking behavior of applications, it is found that compared with normal applications, applications with ranking fraud will show different ranking characteristics during active events and active periods. Therefore, it is possible to extract some ranking-related evidence for judging ranking fraud from the historical ranking information of the application program, and obtain these evidences, so as to realize the detection of ranking fraud.

如图1所示,本发明的一个具体实施方式中提供了一种应用程序的排名欺诈检测方法,所述方法包括:As shown in FIG. 1 , a specific embodiment of the present invention provides a ranking fraud detection method for an application, the method comprising:

活跃期检测步骤S10,基于历史排名信息检测所述应用程序的活跃期;排名欺诈检测步骤S20,基于至少一个与排名相关的证据来对所述活跃期进行检测,得到排名欺诈检测结果。The active period detection step S10 is to detect the active period of the application program based on historical ranking information; the ranking fraud detection step S20 is to detect the active period based on at least one ranking-related evidence to obtain a ranking fraud detection result.

下面,结合附图来说明本发明具体实施方式中上述排名欺诈检测方法的各步骤流程和功能。In the following, the procedures and functions of the steps and functions of the ranking fraud detection method in the specific embodiments of the present invention will be described with reference to the accompanying drawings.

由于历史排名信息是本发明中检测应用程序的排名欺诈的数据基础,因此作为本发明的一个优选实施方式,该排名欺诈检测方法还可包括一历史排名信息获取步骤,获取所述应用程序在应用程序排行榜上的历史排名信息。Since historical ranking information is the data basis for detecting application ranking fraud in the present invention, as a preferred embodiment of the present invention, the ranking fraud detection method may also include a historical ranking information acquisition step, obtaining the application program in the application Historical ranking information on the program leaderboard.

应用程序排行榜通常可显示受欢迎的排名前K位的应用程序,例如前1000位等。而且,应用程序排行榜通常会定期更新,例如每日进行更新。因此,对于每个应用程序a而言都有其历史排名信息,该历史排名信息可以包括表示为一个与离散时间序列对应的排名序列该离散时间序列中的时间点之间的间隔固定,即应用程序排行榜的更新周期。其中,ri a是该应用程序a在时间ti时的排名,ri a∈{1,…,K…,+∞},+∞表示应用程序a不在排行榜排名前K位之列;n表示所有历史排名信息所对应的时间点总数。例如,在排行榜每天更新的情况下,ti就表示该段历史中的第i天,n就是历史排名信息所对应的总天数。可以看出,ri a的值越小,说明应用程序a第i天在排行榜上的排名越高。The application leaderboard can usually display the top K most popular applications, such as the top 1000 and so on. Moreover, application leaderboards are usually updated regularly, for example, daily. Therefore, for each application a, there is its historical ranking information, which can be expressed as a ranking sequence corresponding to the discrete time series The intervals between the time points in the discrete time series are fixed, that is, the update cycle of the application leaderboard. Among them, r i a is the ranking of the application a at time t i , r i a ∈ {1,…,K…,+∞}, +∞ means that the application a is not in the top K ranking list; n represents the total number of time points corresponding to all historical ranking information. For example, when the leaderboard is updated every day, t i represents the i-th day in the history, and n is the total number of days corresponding to the historical ranking information. It can be seen that the smaller the value of r i a , the higher the ranking of application a on the leaderboard on the i-th day.

在一个应用程序被发布后,任何下载用户都可以对其进行评价。实际上,用户评价对于应用程序推广而言是最重要的特征之一。具有越高评价的应用程序就会吸引越多的用户来下载它,并导致该应用程序在排行榜上的更高排名。因而在历史排名信息中,还可以包括历史各时间段中应用程序的用户对该应用程序做出的评价信息。After an application is published, any downloaded user can rate it. In fact, user reviews are one of the most important characteristics for app promotion. An app with a higher rating attracts more users to download it and leads to a higher ranking of the app on the leaderboard. Therefore, the historical ranking information may also include evaluation information made by users of the application program in various historical time periods for the application program.

在该历史排名信息获取步骤中,可以多种方式来获取该历史排名信息。例如,可从应用程序商店运营商处直接获取该历史排名信息,也可以从应用程序商店在一段较长历史时期内持续发布的数据中抽取该历史排名信息等。In the step of obtaining historical ranking information, the historical ranking information can be obtained in various ways. For example, the historical ranking information may be obtained directly from the operator of the application store, or may be extracted from data continuously released by the application store in a long historical period.

S10:活跃期检测步骤,基于历史排名信息检测所述应用程序的活跃期。S10: Active period detection step, detecting the active period of the application program based on historical ranking information.

活跃期表示一应用程序在应用程序排行榜上排名较高,也就是用户关注度比较高的一段时期,因此对应用程序市场会造成较大影响的排名欺诈行为只会出现在这些活跃期内。所以在本发明具体实施方式中,对于排名欺诈的检测首先要从应用程序的历史排名信息中检测出应用程序的活跃期。The active period means that an application ranks high on the application leaderboard, that is, a period of time when users pay more attention. Therefore, ranking fraud that will have a greater impact on the application market will only occur during these active periods. Therefore, in the specific embodiment of the present invention, the detection of ranking fraud must first detect the active period of the application program from the historical ranking information of the application program.

在本发明一个优选实施方式中,在该活跃期检测步骤中可进一步包括一活跃事件检测步骤,基于该历史排名信息检测所述应用程序的活跃事件。In a preferred embodiment of the present invention, the active period detection step may further include an active event detection step of detecting active events of the application program based on the historical ranking information.

由于应用程序开发者均希望其应用程序在排行榜上占据较高的排名,因此应用程序开发者有可能利用排名欺诈的手段使其应用程序跻身排行榜前列。通过分析发现,应用程序并不会总是在排名榜上占据很高的排名,发生持续排名较高的时期即为“活跃事件”,图2a中示出了应用程序的活跃事件的例子,图中横轴表示历史排名信息对应的时间序列(Date Index),纵轴表示应用程序的排名(Ranking),图中的事件1(Event1)和事件2(Event2)表示该应用程序排名历史中所出现的两个活跃事件,其轮廓分别由活跃事件期间的排名点连接而成。Since application developers hope that their applications will occupy a higher ranking on the leaderboard, the application developer may make use of ranking fraud to make their application rank in the top of the leaderboard. Through the analysis, it is found that the application does not always occupy a high ranking on the ranking list, and the period of continuous high ranking is an "active event". Figure 2a shows an example of an application's active event. The horizontal axis represents the time series (Date Index) corresponding to the historical ranking information, and the vertical axis represents the ranking (Ranking) of the application. Event 1 (Event1) and Event 2 (Event2) in the figure represent the occurrences in the ranking history of the application The two active events of , whose contours are respectively connected by the ranking points during the active events.

在本发明具体实施方式中,应用程序在应用程序排行榜上排名较高的标准是该应用程序的排名不大于一排名阈值K*。由于应用程序的排名在排行榜前K*位之列被认为是排名较高,因而应用程序的排名持续在前K*位之列的时间段即可被认为是一个活跃事件,该活跃事件应从该应用程序开始进入排行榜前K*位之列开始,持续到该应用程序跌出排行榜前K*位之列结束。In a specific embodiment of the present invention, the standard for an application to rank higher on the application leaderboard is that the ranking of the application is not greater than a ranking threshold K*. Since the ranking of the application in the top K* ranks of the rankings is considered to be higher, the time period in which the ranking of the application continues to be in the top K* ranks can be considered as an active event, and the active event should start from The app begins when it enters the top K* rankings and continues until the app falls out of the top K* rankings.

优选地,本发明实施方式中的方法还可包括一设置该排名阈值K*的步骤,从而确定应用程序在应用程序排行榜上排名较高的标准。由于排行榜上的应用程序总数量K通常很大,例如为1000等,因此上述排名阈值K*通常小于K值。根据应用程序排行榜中应用程序的总数量K和本领域技术人员的分析需求等因素,该排名阈值K*可在例如1~500之间的整数间取值。本领域技术人员可以理解,K*的取值越小,应用程序被认为排名较高的标准就越高。在图2a中,该K*的取值为300。Preferably, the method in the embodiment of the present invention may further include a step of setting the ranking threshold K*, so as to determine the standard for an application to be ranked higher on the application leaderboard. Since the total number K of applications on the leaderboard is usually very large, for example, 1000, etc., the above ranking threshold K* is usually smaller than the K value. According to factors such as the total number K of applications in the application leaderboard and the analysis requirements of those skilled in the art, the ranking threshold K* may be, for example, an integer between 1 and 500. Those skilled in the art can understand that the smaller the value of K*, the higher the standard for the application program to be considered to be ranked higher. In FIG. 2a, the value of K* is 300.

根据上述对于活跃事件的文字表述,应用程序a的活跃事件e可以如下公式化表述:According to the above textual expression of active events, the active event e of application a can be formulated as follows:

给定一排名阈值K*作为排名较高的标准,其中K*∈[1,K];应用程序a的活跃事件e包括从一开始时间到一结束时间的一时间范围对应的应用程序a的排名满足而且均满足 Given a ranking threshold K* as a higher ranking standard, where K*∈[1,K]; the active event e of application a includes a time range from a start time to an end time The ranking of the corresponding application a satisfies and and Satisfied

根据上述表述可以看出,对于活跃事件的检测重要的在于检测应用程序的排名持续在前K*位之列的一段时间的开始时间和结束时间,并将一对开始时间和结束时间之间的时期确定为活跃事件。因此,在本发明具体实施方式中,该活跃事件检测步骤可进一步包括如下步骤:According to the above statement, it can be seen that the important thing for the detection of active events is to detect the start time and end time of a period of time when the ranking of the application continues to be in the top K* position, and combine a pair of start time and end time period identified as an active event. Therefore, in a specific embodiment of the present invention, the active event detection step may further include the following steps:

开始时间识别步骤S101:在该步骤中,从历史排名信息中识别出活跃事件的开始时间。具体地,在该开始时间识别步骤中,可顺序搜索历史排名信息中每个时间点上的应用程序排名,当当前时间点的排名不大于排名阈值K*且上一时间点的排名大于排名阈值K*时,识别当前时间点为活跃事件的开始时间。本领域技术人员可以理解,由于在应用程序排名历史中可能包括多个活跃事件,因此在该开始时间识别步骤中可能识别出多个开始时间点。Start time identification step S101: In this step, the start time of active events is identified from historical ranking information. Specifically, in the start time identification step, the application ranking at each time point in the historical ranking information can be sequentially searched, when the ranking at the current time point is not greater than the ranking threshold K* and the ranking at the previous time point is greater than the ranking threshold When K*, identify the current time point as the start time of the active event. Those skilled in the art can understand that since the application ranking history may include multiple active events, multiple start time points may be identified in the step of identifying start time.

结束时间识别步骤S102:在该步骤中,从历史排名信息中识别出活跃时间的结束时间。具体地,在该结束时间识别步骤中,可顺序搜索历史排名信息中每个时间点上的应用程序排名,当当前时间点的排名大于排名阈值K*且上一时间点的排名不大于排名阈值K*时,识别上一时间点为活跃事件的结束时间。本领域技术人员可以理解,由于在应用程序排名历史中可能包括多个活跃事件,因此在该结束时间识别步骤中可能识别出多个结束时间点。End time identification step S102: In this step, the end time of the active time is identified from the historical ranking information. Specifically, in the end time identification step, the application ranking at each time point in the historical ranking information can be sequentially searched, when the ranking at the current time point is greater than the ranking threshold K* and the ranking at the previous time point is not greater than the ranking threshold When K*, identify the last time point as the end time of the active event. Those skilled in the art can understand that since the application ranking history may include multiple active events, multiple end time points may be identified in the end time identifying step.

活跃事件识别步骤S103:在该步骤中将每个开始时间与其之后相邻的结束时间之间的时间段识别为活跃事件,这样就检测出了应用程序在排名历史中的所有活跃事件。Active event identification step S103: In this step, the time period between each start time and its adjacent end time is identified as an active event, thus detecting all active events of the application program in the ranking history.

值得说明的是,作为一种特殊情况,如果在所分析和处理的历史时期的第一个时间点上,例如在历史记录中的第一天,应用程序的排名就在排行榜前K*位之列,此时在所述开始时间识别步骤S101中,将该第一个时间点定义为一个开始时间。类似地,如果在所分析和处理的历史时期的最后一个时间点上,例如今天,应用程序的排名仍在排行榜前K*位之列,此时在所述结束时间识别步骤S102中将该最后一个时间点定义为一个结束时间。It is worth noting that, as a special case, if at the first point in time of the analyzed and processed historical period, for example, on the first day in the history, the ranking of the application is in the top K* position of the leaderboard In this case, in the start time identifying step S101, the first time point is defined as a start time. Similarly, if at the last point in time of the analyzed and processed historical period, such as today, the ranking of the application program is still in the top K* position of the leaderboard, at this time, in the end time identification step S102, the The last time point is defined as an end time.

上面介绍了检测应用程序中活跃事件的方式,在此基础上,在本发明一个优选实施方式中,可在该活跃期检测步骤中合并相邻近的活跃事件以构成所述活跃期。The method for detecting active events in the application program is introduced above. On this basis, in a preferred embodiment of the present invention, adjacent active events may be combined in the active period detection step to form the active period.

通过进一步研究发现,一些应用程序会在一段时期内连续出现多次彼此相邻近的活跃事件,这段时期就是本发明中应用程序的“活跃期”。可见,将相邻近的活跃事件合并起来就构成了活跃期。具体地,可将相邻两个活跃事件的时间间隔小于一间隔阈值φ作为将两个活跃事件合并在同一活跃期内的标准,而相邻两个活跃事件的时间间隔则是指相邻两个活跃事件中前一活跃事件的结束时间和后一活跃事件的开始时间之间的间隔。Through further research, it is found that some application programs will have multiple active events adjacent to each other in a period of time, and this period is the "active period" of the application program in the present invention. It can be seen that the combination of adjacent active events constitutes an active period. Specifically, the time interval between two adjacent active events is less than an interval threshold φ as the criterion for merging two active events into the same active period, while the time interval between two adjacent active events refers to the The interval between the end time of the previous active event and the start time of the next active event in an active event.

优选地,本发明实施方式中的方法还可包括一设置该间隔阈值φ的步骤,从而确定将两个活跃事件合并在同一活跃期内的标准。根据本领域技术人员的分析需求等因素,该间隔阈值φ的取值可以是应用程序排行榜的更新周期的2~10倍中的整数值。本领域技术人员可以理解,间隔阈值φ的取值越小,将两个活跃事件合并在同一活跃期内的标准就越高。Preferably, the method in the embodiment of the present invention may further include a step of setting the interval threshold φ, so as to determine the criteria for combining two active events into the same active period. According to factors such as analysis requirements of those skilled in the art, the value of the interval threshold φ may be an integer value of 2 to 10 times the update period of the application leaderboard. Those skilled in the art can understand that the smaller the value of the interval threshold φ, the higher the standard for merging two active events into the same active period.

图2b中示出了应用程序的活跃期的例子,图中横轴表示历史排名信息对应的时间序列(Date Index),纵轴表示应用程序的排名(Ranking),图中的期间1(Session1)和期间2(Session2)代表该应用程序排名历史中所出现的两个活跃期,每个活跃期由多个活跃事件构成。Figure 2b shows an example of the active period of the application program. The horizontal axis in the figure represents the time series (Date Index) corresponding to the historical ranking information, and the vertical axis represents the ranking (Ranking) of the application program. Period 1 (Session1) in the figure and Session 2 (Session2) represent two active sessions that appear in the ranking history of the application, and each active session consists of multiple active events.

根据上述对于活跃期的文字表述,应用程序a的活跃期s可以如下公式化表述:According to the above textual expression of the active period, the active period s of application a can be formulated as follows:

应用程序a的活跃期s包括一时间范围和n个相邻的活跃事件{e1,…,en},其满足且不存在其它活跃期s*使得此外,都有其中φ是预设的活跃事件间隔阈值,是用于判断活跃事件之间相邻程度以将它们纳入同一活跃期的判断标准。The active period s of application a includes a time range and n adjacent active events {e 1 ,…,e n }, which satisfy and there is no other active period s* such that also, have Among them, φ is the preset active event interval threshold, which is used to judge the degree of adjacency between active events so as to include them in the same active period.

根据上述表述可以看出,对于活跃期的检测重要的在于基于间隔阈值φ将应用程序排名历史中相邻近的活跃事件合并以形成活跃期。具体地,在本发明具体实施方式的活跃期检测步骤中,从历史排名信息中的初始时间点开始顺序搜索每个检测出的活跃事件,当当前活跃事件与上一活跃事件的时间间隔小于该间隔阈值φ时,将这两个活跃事件合并在同一活跃期内,直至搜索完所有检测出的活跃事件以检测出该应用程序在排名历史中的所有活跃期。According to the above expression, it can be seen that the most important thing for the detection of active periods is to combine adjacent active events in the application ranking history based on the interval threshold φ to form active periods. Specifically, in the active period detection step of the specific embodiment of the present invention, each detected active event is sequentially searched from the initial time point in the historical ranking information, when the time interval between the current active event and the previous active event is less than the When the interval threshold φ, the two active events are merged into the same active period until all detected active events are searched to detect all active periods of the application in the ranking history.

值得说明的是,作为一种特殊情况,如果一个活跃事件并不与任何其他活跃事件相邻近,该活跃事件自身也可被认为构成一活跃期。在这种情况下,在该活跃期检测步骤中,当一活跃事件与上一活跃事件的时间间隔不小于所述间隔阈值φ,且该活跃事件与下一活跃事件的时间间隔不小于所述间隔阈值φ时,检测该活跃事件自身为一活跃期。It is worth noting that, as a special case, if an active event is not adjacent to any other active event, the active event itself can also be considered to constitute an active period. In this case, in the active period detection step, when the time interval between an active event and the previous active event is not less than the interval threshold φ, and the time interval between the active event and the next active event is not less than the When the interval threshold φ, the active event itself is detected as an active period.

正如前文所述,所检测出的上述活跃期表示一应用程序在应用程序排行榜上排名较高,也就是受到用户欢迎的一段时期,所检测出的该活跃期可作为包括检测排名欺诈在内的各种应用程序服务的数据基础。因此,在检测出应用程序的活跃期之后,作为本发明一个优选实施方式,还可以将所检测出的应用程序的活跃期信息发送给应用程序开发者、应用程序商店运营商或应用程序的终端用户。As mentioned above, the above-mentioned active period detected indicates that an application ranks high on the application ranking list, that is, a period of time when it is popular with users. The data foundation for various application services. Therefore, after detecting the active period of the application program, as a preferred embodiment of the present invention, the detected active period information of the application program can also be sent to the application program developer, the application program store operator or the terminal of the application program user.

对于应用程序开发者而言,其可以根据该活跃期信息分析相关技术领域的发展趋势或应用程序用户的需求,从而指导应用程序的开发和运营;对于应用程序商店运营商而言,其可以根据该活跃期信息进一步分析出利用欺诈手段获取排行榜上虚假高排名的排名欺诈行为等,从而改进应用程序商店的运营;而对于应用程序终端用户而言,他们可以根据该活跃期信息来自行判断应用程序存在排名欺诈的可能性或者选择符合自身需求的应用程序等。For application program developers, they can analyze the development trend of relevant technical fields or the needs of application program users according to the active period information, so as to guide the development and operation of application programs; The active period information further analyzes ranking frauds that use fraudulent means to obtain false high rankings on the leaderboard, so as to improve the operation of the application store; and for end users of the application, they can judge by themselves based on the active period information The application has the possibility of ranking fraud or chooses an application that meets one's own needs.

此外,作为检测应用程序的活跃事件和活跃期的一种具体实现方式,如下的算法1示出了在给定应用程序a的历史排名信息中检测活跃期的一个程序代码的实例。In addition, as a specific implementation of detecting active events and active periods of an application, the following Algorithm 1 shows an example of a program code for detecting active periods in the historical ranking information of a given application a.

在上述算法1中,将每个活跃事件e定义为将活跃期s定义为其中Es是在活跃期s内活跃事件的集合。特别地,首先从历史排名信息的开始时间起抽取应用程序a的各个活跃事件e(算法1中的步骤2-5)。对于每个抽取出的活跃事件e,检测e与前一个活跃事件e*之间的时间间隔以判断它们是否属于同一个活跃期。具体地,如果活跃事件e则被认为属于一个新的活跃期(算法1中的步骤7-13)。这样,上述算法1可以通过对应用程序a的历史排名信息的一次扫描来识别活跃事件和活跃期。In Algorithm 1 above, each active event e is defined as Define the active period s as where E s is the set of active events in the active period s. In particular, firstly, each active event e of application a is extracted from the start time of the historical ranking information (steps 2-5 in Algorithm 1). For each active event e extracted, the time interval between e and the previous active event e* is detected to determine whether they belong to the same active period. Specifically, if Active event e is considered to belong to a new active period (steps 7-13 in Algorithm 1). In this way, the above Algorithm 1 can identify active events and active periods by scanning the historical ranking information of application a.

排名欺诈检测步骤S20,基于至少一个与排名相关的证据来对所述活跃期进行检测,得到排名欺诈检测结果。The ranking fraud detection step S20 is to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

正如上文中对历史排名信息的介绍,其包括表示为一个与离散时间序列对应的排名序列,该排名序列中的每个元素对应于时间序列中的一个离散时间点,表示该应用程序在该离散时间点时的排名。同时,活跃期是应用程序有可能发生排名欺诈的时期。因此,可对应用程序活跃期中历史排名信息的排名特征进行分析,抽取出一些与排名相关的信息作为用于检测排名欺诈的证据。Just as the introduction of historical ranking information above, it includes a ranking sequence corresponding to a discrete time series, each element in the ranking sequence corresponds to a discrete time point in the time series, indicating that the application is in the discrete time series Ranking at a point in time. At the same time, the active period is a period in which ranking fraud may occur in the application. Therefore, the ranking characteristics of the historical ranking information in the active period of the application program can be analyzed, and some ranking-related information can be extracted as evidence for detecting ranking fraud.

作为本发明的一个优选实施方式,该排名欺诈检测步骤可进一步包括一证据验证步骤,基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数。这样,在抽取出与排名有关的证据之后,可计算与该证据对应的欺诈参数,该欺诈参数本身可作为本实施方式中的排名欺诈检测方法的排名欺诈检测结果。由于影响应用程序的排名特征的因素较为复杂,仅依靠一个或多个与排名相关的证据可能无法准确判断一个应用程序是否存在排名欺诈而是仅得到一个供参考的检测值(欺诈参数),但是本领域技术人员可以根据该欺诈参数来判断应用程序存在排名欺诈的可能性。As a preferred embodiment of the present invention, the ranking fraud detection step may further include an evidence verification step, which verifies the active period based on at least one ranking-related evidence and obtains a fraud parameter. In this way, after the evidence related to the ranking is extracted, the fraud parameter corresponding to the evidence can be calculated, and the fraud parameter itself can be used as the ranking fraud detection result of the ranking fraud detection method in this embodiment. Due to the complex factors affecting the ranking characteristics of an application, relying on one or more ranking-related evidence may not be able to accurately determine whether an application has ranking fraud, but only a reference detection value (fraud parameter), but Those skilled in the art can judge the possibility of ranking fraud in the application program according to the fraud parameter.

由于一个活跃期可能包括一个或多个活跃事件,因此为了抽取活跃期内用于检测排名欺诈的证据,作为本发明的一个优选实施方式,该排名欺诈检测步骤可进一步包括一活跃事件分析步骤,来分析活跃期内各活跃事件的一些基本排名特征,例如识别活跃事件的上升阶段、保持阶段和下降阶段。Since an active period may include one or more active events, in order to extract evidence for detecting ranking fraud during the active period, as a preferred embodiment of the present invention, the ranking fraud detection step may further include an active event analysis step, To analyze some basic ranking characteristics of each active event in the active period, such as identifying the rising phase, maintaining phase and declining phase of active events.

具体地,通过分析应用程序的历史排名信息可知,应用程序在活跃事件中的排名行为通常满足特定的排名特征,即均包括三个不同的排名阶段:上升阶段、保持阶段和下降阶段。在每个活跃事件中,应用程序的排名首先上升到排行榜的一峰值范围内(即上升阶段,Raising Phase),然后在该峰值范围内保持一段时期(即保持阶段,MaintainingPhase),最后排名下降直至活跃事件的结束(即下降阶段,Recession Phase)。图3示出了一个活跃事件中不同排名阶段的例子,图中横轴表示历史排名信息对应的时间序列(DateIndex),纵轴表示应用程序的排名(Ranking)。Specifically, by analyzing the historical ranking information of applications, it can be seen that the ranking behavior of applications in active events usually satisfies specific ranking characteristics, that is, each includes three different ranking stages: rising stage, maintaining stage and falling stage. In each active event, the application's ranking first rises to a peak range of the leaderboard (that is, the rising phase, Raising Phase), and then remains within the peak range for a period of time (that is, the maintaining phase, Maintaining Phase), and finally the ranking drops Until the end of the active event (that is, the decline phase, Recession Phase). Fig. 3 shows an example of different ranking stages in an active event, the horizontal axis in the figure represents the time series (DateIndex) corresponding to the historical ranking information, and the vertical axis represents the ranking (Ranking) of the application program.

基于上述文字表述,下面对活跃事件的上述三个阶段进行公式化的描述:Based on the above textual expression, the following is a formulaic description of the above three stages of active events:

对于给定的应用程序a,在其活跃事件e的时间范围中,应用程序a的最高排名位置是其属于ΔR范围内。活跃事件e的上升阶段是指时间范围其中满足活跃事件e的保持阶段是指时间范围其中满足活跃事件的下降阶段是指事件范围其中 For a given application a, in the time range of its active event e In , the highest ranking position for application a is It falls within the ΔR range. The rising phase of the active event e refers to the time frame in and Satisfy The hold phase of an active event e refers to the time frame in and Satisfy The falling phase of an active event refers to the event range in

值得注意的是,在上述描述中,ΔR是确定保持阶段的开始时间和结束时间的排名范围,分别是应用程序a的排名在排名范围ΔR内的第一个时间和最后一个时间。本领域技术人员可以根据分析需求设置ΔR的范围从而对活跃事件进行阶段划分,例如在图3中ΔR的范围是应用程序排名在排行榜前70位。在本发明一个优选实施方式中,在该活跃事件分析步骤中识别上述三阶段的方式为:确定活跃事件中应用程序的排名在峰值范围ΔR内的第一个时间和最后一个时间,将该第一个时间和该最后一个时间之间的时间段识别为保持阶段,将活跃事件中在保持阶段之前的时间段识别为上升阶段,将活跃事件中在保持阶段之后的时间段识别为下降阶段。It is worth noting that in the above description, ΔR is the ranking range that determines the start time and end time of the hold phase, with are the first time and the last time when the ranking of application a is within the ranking range ΔR, respectively. Those skilled in the art can set the range of ΔR according to the analysis requirements so as to divide the active events into stages. For example, the range of ΔR in FIG. 3 is that the application ranks in the top 70 of the leaderboard. In a preferred embodiment of the present invention, the way to identify the above three stages in the active event analysis step is: determine the first time and the last time when the ranking of the application program in the active event is within the peak range ΔR, and the first time The time period between one time and this last time is identified as the hold phase, the time period in the active event before the hold phase is identified as the rising phase, and the time period in the active event after the hold phase is identified as the falling phase.

对于一个应用程序,即使存在排名欺诈也不可能总是保持在一个相同的峰值位置,例如总是在排行榜上排名第一,而是保持在一个峰值范围内,例如在排行榜前25名等。如果应用程序a的一个活跃期s存在排名欺诈,其活跃事件的这三个阶段中的排名行为会和那些正常的应用程序的活跃期不同。实际上,每个存在排名欺诈的应用程序总具有一个期望的排名目标,例如在排行榜前25名之内保持一周等,同时也会根据该排名目标来给所雇用来实施排名欺诈行为的人付钱(例如保持在前25名的时间内每天1000美元等)。因此,无论对于应用程序开发者还是对于被雇佣的人,越快达到该排名目标他们就可以越快获利。此外,在达到并保持该排名目标一段所需时间后,排名欺诈行为会停止,该应用程序的排名将会出现骤降。由此可见,存在排名欺诈的活跃事件将会呈现出非常短的上升阶段和非常短的下降阶段。同时,由于通过排名欺诈使应用程序占据排行榜高位的费用是非常高的,因此存在排名欺诈的应用程序通常在每个活跃事件中仅有一个较短的保持阶段使得该应用程序处于排行榜高位。For an application, even if there is ranking fraud, it is impossible to always maintain the same peak position, such as always ranking first on the leaderboard, but within a peak range, such as top 25 on the leaderboard, etc. . If there is ranking fraud in an active period s of application a, the ranking behavior in these three stages of its active event will be different from those of normal application active periods. In fact, every application with ranking fraud always has a desired ranking goal, such as maintaining the top 25 in the leaderboard for a week, etc., and will also give the person hired to carry out the ranking fraud according to the ranking goal. Pay money (e.g. $1000 per day for staying in the top 25, etc.). So, the sooner they reach that ranking goal, the faster they can make money, both for the app developer and for the person being hired. Also, after reaching and maintaining that ranking goal for a desired period of time, the ranking cheating stops and the app's ranking plummets. It can be seen that active events with ranking fraud will show a very short rising phase and a very short falling phase. At the same time, since ranking fraudulently earning an app a high leaderboard position is very expensive, a rank fraudulent app typically only has a short hold period per active event for the app to be at the top of the leaderboard .

图4a示出了一个疑似存在排名欺诈的应用程序的排名记录。在图中,可以看出该应用程序存在多个脉冲式的活跃事件。相反,对于正常的应用程序而言,其活跃事件中的排名行为是截然不同的。例如,图4b示出了一个非常受用户欢迎的正常应用程序的排名记录,其包括一个具有很长时间范围的活跃事件(长于1年),尤其在下降阶段。实际上,一旦一个正常应用程序攀升到排行榜较高的排名,它通常具有一大群忠实粉丝并可能吸引越来越多的用户去下载,因此这个应用程序将会长时间地在排行榜上占据较高的排名。基于上述分析,本发明可在应用程序的活跃期内抽取一些与排名有关的识别标志来构建证据(与排名相关的证据),并利用这些证据来检测排名欺诈的存在。Fig. 4a shows a ranking record of an application suspected of ranking fraud. In the figure, it can be seen that there are multiple pulsed active events for the application. On the contrary, for normal applications, the ranking behavior in its active events is quite different. For example, Figure 4b shows a ranking record of a normal application that is very popular with users, which includes an active event with a long time range (longer than 1 year), especially in the decline phase. In fact, once a normal app climbs to a higher ranking in the chart, it usually has a large group of loyal fans and may attract more and more users to download, so this app will occupy the chart for a long time higher ranking. Based on the above analysis, the present invention can extract some ranking-related identification marks to construct evidence (ranking-related evidence) during the active period of the application program, and use these evidences to detect the existence of ranking fraud.

根据上述对活跃事件三个阶段的分析可知,存在排名欺诈的活跃事件将会呈现出非常短的上升阶段和非常短的下降阶段,因此在一个优选实施方式中,与排名相关的证据可基于活跃期内的活跃事件中的上升阶段和/或下降阶段所体现出的一些排名特征来构成,并基于所构成的该证据计算出一证据值作为用于判断排名欺诈的欺诈参数。According to the above-mentioned analysis of the three phases of active events, active events with ranking fraud will show a very short rising phase and a very short falling phase. Therefore, in a preferred implementation, the evidence related to the ranking can be based on the active Based on some ranking characteristics reflected in the rising stage and/or falling stage of the active events within the period, an evidence value is calculated based on the constituted evidence as a fraud parameter for judging ranking fraud.

例如,由于在活跃事件分析步骤中已经识别出活跃期内各活跃事件的上升阶段和下降阶段,因此可计算活跃期内所有活跃事件的上升阶段的时间范围的平均值(如活跃期内包括3个活跃事件,该平均值即为3个活跃事件的3个上升阶段的时间范围和再除以3),或所有活跃事件的下降阶段的时间范围的平均值,或所有活跃事件的上升阶段的时间范围和下降阶段的时间范围的和的平均值,作为该欺诈参数。For example, since the rising stage and falling stage of each active event in the active period have been identified in the active event analysis step, the average value of the time range of the rising stage of all active events in the active period can be calculated (for example, the active period includes 3 active events, the average is the sum of the time ranges of the 3 rising phases of the 3 active events and divided by 3), or the average of the time ranges of the falling phases of all active events, or the time range of the rising phases of all active events The mean of the sum of the time range and the time range of the decline phase is used as this fraud parameter.

再例如,还可以计算活跃期内所有活跃事件的上升阶段的曲线与时间轴相交所形成的锐角的角度的平均值,或所有活跃事件的下降阶段的曲线与时间轴相交所形成的锐角的角度的平均值,或所有活跃事件的上升阶段的曲线和下降阶段的曲线与时间轴相交所形成的锐角的角度和的平均值,作为该欺诈参数。如图3所示,两个锐角参数θ1和θ2分别示出了应用程序a的一个活跃事件e中上升阶段曲线(上升阶段中各相邻排名数值点相连构成的曲线)和下降阶段曲线(下降阶段中各相邻排名数值点相连构成的曲线)与时间轴相交所形成的锐角。根据之前活跃事件分析步骤中对于活跃事件中三个阶段的公式化描述,本领域技术人员可以可通过如下公式来计算上述参数θ1和θ2For another example, it is also possible to calculate the average of the acute angles formed by the curves of the rising phase of all active events in the active period and the time axis, or the angle of the acute angles formed by the curves of the falling phase of all active events intersecting the time axis , or the average of the sum of the acute angles formed by the intersection of the rising phase curve and the falling phase curve of all active events with the time axis, as the fraud parameter. As shown in Figure 3, the two acute angle parameters θ 1 and θ 2 respectively show the rising phase curve (the curve formed by connecting adjacent ranking value points in the rising phase) and the declining phase curve in an active event e of application a (the curve formed by connecting adjacent ranking value points in the descending stage) and the acute angle formed by the intersection of the time axis. According to the formulaic description of the three stages in the active event in the previous active event analysis step, those skilled in the art can calculate the above parameters θ 1 and θ 2 through the following formulas:

其中K*是代表较高排名的排名阈值。where K* is the rank threshold representing a higher rank.

可以看出,θ1值较大,就代表应用程序a在较短时间内排名骤升到较高排名;θ2值较大,则代表应用程序a在很短时间内从较高排名骤降到排名底部。因此,对于一个活跃期,如果其包含越多具有较大θ1值或较大θ2值的活跃事件,就表明其存在排名欺诈的可能性越大。例如,当将活跃期内所有活跃事件的上升阶段的曲线和下降阶段的曲线与时间轴相交所形成的锐角的角度和的平均值作为该欺诈参数时,这里可以进一步描述该欺诈参数如下:It can be seen that a larger value of θ 1 means that the ranking of application a has risen to a higher ranking in a short period of time; a larger value of θ 2 indicates that application a has dropped from a higher ranking in a short period of time to the bottom of the ranking. Therefore, for an active period, if it contains more active events with larger θ 1 value or larger θ 2 value, it indicates that there is a greater possibility of ranking fraud. For example, when the average value of the acute angle sum formed by the intersection of the curves of the rising phase and the curves of the falling phase of all active events in the active period with the time axis is used as the fraud parameter, the fraud parameter can be further described here as follows:

其中|Es|是在活跃期s内所包含的活跃事件的总数目。可见,相比于排行榜上其他应用程序的活跃期,如果一个应用程序的活跃期s包含明显较大的值,该应用程序就有很大可能性存在排名欺诈。where |Es| is the total number of active events contained in the active period s . It can be seen that, compared with the active periods of other applications on the leaderboard, if the active period s of an application contains significantly larger value, there is a high probability that the application has ranking fraud.

根据上述对活跃事件三个阶段的分析可知,存在排名欺诈的应用程序通常在每个活跃事件中仅有一个较短的保持阶段使得该应用程序处于排行榜高位,因此在本发明一个优选实施方式中,与排名相关的证据可基于活跃期内的活跃事件中的保持阶段所体现出的一些排名特征来构成,并基于所构成的该证据计算出一证据值作为用于判断排名欺诈的欺诈参数。According to the above-mentioned analysis of the three phases of the active event, it can be seen that the application program with ranking fraud usually only has a short maintenance period in each active event so that the application program is at the top of the leaderboard, so in a preferred embodiment of the present invention In , the evidence related to the ranking can be constructed based on some ranking characteristics reflected in the maintenance stage of the active event in the active period, and based on the constituted evidence, an evidence value is calculated as a fraud parameter for judging ranking fraud .

例如,由于在活跃事件分析步骤中已经识别出活跃期内各活跃事件的保持阶段,因此可计算活跃期内所有活跃事件的保持阶段的时间范围的平均值作为该欺诈参数。For example, since the holding phase of each active event in the active period has been identified in the active event analysis step, the average value of the time range of the holding phase of all active events in the active period can be calculated as the fraud parameter.

再例如,可基于活跃期内所有活跃事件的保持阶段中该应用程序的平均排名和所述活跃事件的时间范围来计算该欺诈参数。具体地,如上面讨论过的,存在排名欺诈的应用程序通常在活跃事件中具有较短的保持阶段。因此,如果用来表示活跃事件e的保持阶段的时间范围,并将该保持阶段中应用程序a的平均排名表示为可以例如定义一个活跃期的欺诈参数Χs如下:For another example, the fraud parameter may be calculated based on the average rank of the application program in the maintenance phase of all active events in the active period and the time range of the active events. Specifically, as discussed above, applications that exhibit ranking fraud typically have shorter hold periods in active events. Therefore, if you use to denote the time frame of the hold phase of an active event e, and denote the average rank of application a in this hold phase as The fraud parameter X s of an active period can be defined, for example, as follows:

其中K*是代表较高排名的排名阈值。可见,相比于排行榜上其他应用程序的活跃期,如果一个应用程序的活跃期s包含明显较大的Χs值,该应用程序就有很大可能性存在排名欺诈。where K* is the rank threshold representing a higher rank. It can be seen that, compared with the active periods of other applications on the ranking list, if the active period s of an application contains a significantly larger Χ s value, there is a high possibility of ranking fraud in the application.

此外,本领域技术人员可以理解,在应用程序的活跃期s内所包含的活跃事件的数目|Es|也是存在排名欺诈的重要标志。对于正常的应用程序而言,下降阶段表明欢迎度的降低,因此在活跃事件的结束之后不太可能在短期内再次出现另一个活跃事件,除非该应用程序推出了更新的版本或者采取了其他商业促销手段。因此,相比于排行榜上其他应用程序的活跃期,如果应用程序的一个活跃期包含了比排行榜上其他应用程序的活跃期多的多的活跃事件,该应用程序就有很大可能性存在排名欺诈。In addition, those skilled in the art can understand that the number |E s | of active events included in the active period s of the application program is also an important indicator of ranking fraud. For a normal application, the decline phase indicates a decrease in popularity, so the end of the active event is unlikely to have another active event in the short term, unless the application launches a newer version or takes other commercial measures. Promotional tools. Therefore, if an active session of an app contains significantly more active events than active sessions of other apps on the leaderboard, the app has a high probability There is ranking fraud.

根据上述对活跃期中活跃事件数目的分析,在一个优选实施方式中,与排名相关的证据可基于活跃期内的活跃事件的数量构成,并基于所构成的该证据确定出活跃期内的活跃事件的数量|Es|,作为用于判断排名欺诈的欺诈参数。According to the above analysis of the number of active events in the active period, in a preferred embodiment, the evidence related to the ranking can be formed based on the number of active events in the active period, and the active events in the active period can be determined based on the constituted evidence The number of |E s |, as a fraud parameter for judging ranking fraud.

上面介绍了多种与排名相关的证据,除了在上述各优选实施方式中单独使用它们中的一个来进行排名欺诈检测之外,在证据验证步骤的一个优选实施方式中,还可以综合考虑上述与排名相关的证据中的多个,将基于这些证据验证得到的对应欺诈参数进行加权计算,从而得到一个最终欺诈参数。考虑到上述多种证据有可能具有不同量纲,本领域技术人员可以根据实际分析需求中对于各证据的重视程度,基于现有技术中公知的归一化方法和权重确定方法来确定各欺诈参数的权重值,在此不再赘述。A variety of ranking-related evidences have been introduced above. In addition to using one of them alone for ranking fraud detection in each of the above-mentioned preferred embodiments, in a preferred implementation of the evidence verification step, the above-mentioned and A plurality of ranking-related evidences will be weighted and calculated based on the corresponding fraud parameters verified by these evidences, so as to obtain a final fraud parameter. Considering that the above multiple evidences may have different dimensions, those skilled in the art can determine each fraud parameter based on the known normalization method and weight determination method in the prior art according to the degree of emphasis on each evidence in the actual analysis requirements The weight value of , will not be repeated here.

以上介绍了在排名欺诈检测步骤中的证据验证步骤,其可基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数,该欺诈参数本身就可以作为排名欺诈检测方法的排名欺诈检测结果。但是为了使本领域技术人员更加方便地进行排名欺诈检测,在一个优选实施方式中,排名欺诈检测步骤还可以进一步包括一欺诈参数判断步骤,将根据证据所计算得到的欺诈参数与一阈值进行比较,从而直观地判断出判断应用程序是否存在排名欺诈。The evidence verification step in the ranking fraud detection step is described above, which can verify the active period based on at least one ranking-related evidence and obtain a fraud parameter, which itself can be used as the ranking of the ranking fraud detection method. Fraud detection results. However, in order to make ranking fraud detection more convenient for those skilled in the art, in a preferred embodiment, the ranking fraud detection step may further include a fraud parameter judgment step, which compares the fraud parameters calculated according to the evidence with a threshold , so as to intuitively judge whether there is ranking fraud in the application program.

本领域技术人员可以理解,基于上文中所介绍的多种与排名相关的证据,本领域技术人员可以根据证据的不同性质和检测需求分别设置相应的阈值,根据所设置的阈值来进行应用程序是否存在排名欺诈的判断,并将判断的最终结果作为本发明具体实施方式中排名欺诈检测方法的排名欺诈检测结果。例如,对于上文中所介绍的多种与排名相关的证据而言,如果欺诈参数是活跃事件的上升阶段和/或下降阶段的时间范围的平均值,或是保持阶段的时间范围的平均值,当计算出的欺诈参数小于所设置的阈值时,判断出该应用程序存在排名欺诈现象;而如果欺诈参数是其他所介绍的情况,当计算出的欺诈参数超过所设置的阈值时,判断出该应用程序存在排名欺诈现象。Those skilled in the art can understand that based on the various ranking-related evidences described above, those skilled in the art can set corresponding thresholds according to the different properties of the evidence and detection requirements, and determine whether the application program is based on the set thresholds. It is judged that there is ranking fraud, and the final result of the judgment is used as the ranking fraud detection result of the ranking fraud detection method in the specific embodiment of the present invention. For example, for the various ranking-related evidences described above, if the fraud parameter is the average of the time ranges of the rising and/or falling phases of active events, or the average of the time ranges of the holding phases, When the calculated fraud parameter is less than the set threshold, it is judged that the application has ranking fraud; and if the fraud parameter is other situations introduced, when the calculated fraud parameter exceeds the set threshold, it is judged that the application has ranking fraud. The app suffers from ranking fraud.

在排名欺诈检测步骤中得到排名欺诈检测结果后,在本发明一个优选实施方式中,还可以将所得到的排名欺诈检测结果发送给应用程序商店运营商或应用程序的终端用户。对于应用程序商店运营商而言,其可以根据该排名欺诈检测结果改进应用程序商店的运营;而对于应用程序终端用户而言,他们可以根据该排名欺诈检测结果来选择符合自身需求的应用程序等。After the ranking fraud detection result is obtained in the ranking fraud detection step, in a preferred embodiment of the present invention, the obtained ranking fraud detection result can also be sent to the application program store operator or the terminal user of the application program. For application store operators, they can improve the operation of the application store based on the ranking fraud detection results; and for application end users, they can choose applications that meet their own needs based on the ranking fraud detection results, etc. .

如图5所示,本发明一个具体实施方式中还提供了一种应用程序的排名欺诈检测系统100,所述系统100包括:As shown in FIG. 5 , a specific embodiment of the present invention also provides a ranking fraud detection system 100 for applications, and the system 100 includes:

活跃期检测单元110,用于基于历史排名信息检测所述应用程序的活跃期;排名欺诈检测单元120,用于基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果。The active period detection unit 110 is configured to detect the active period of the application program based on historical ranking information; the ranking fraud detection unit 120 is configured to detect the active period based on at least one ranking-related evidence to obtain a ranking fraud detection result .

下面,结合附图来说明上述检测系统的各单元功能。Next, the functions of each unit of the above-mentioned detection system will be described in conjunction with the accompanying drawings.

由于历史排名信息是本发明中检测应用程序的排名欺诈的数据基础,因此作为本发明的一个优选实施方式,该排名欺诈检测系统100还可包括一历史排名信息获取单元,用于获取所述应用程序在应用程序排行榜上的历史排名信息。Since historical ranking information is the data basis for detecting ranking fraud of application programs in the present invention, as a preferred embodiment of the present invention, the ranking fraud detection system 100 may also include a historical ranking information acquisition unit for obtaining the application Historical ranking information of the program on the application leaderboard.

该历史排名信息获取单元可以多种方式来获取该历史排名信息。例如,可从应用程序商店运营商处直接获取该历史排名信息,也可以从应用程序商店在一段较长历史时期内持续发布的数据中抽取该历史排名信息等。The historical ranking information obtaining unit may obtain the historical ranking information in various ways. For example, the historical ranking information may be obtained directly from the operator of the application store, or may be extracted from data continuously released by the application store in a long historical period.

活跃期检测单元110,用于基于历史排名信息检测所述应用程序的活跃期。The active period detection unit 110 is configured to detect the active period of the application program based on historical ranking information.

在本发明一个优选实施方式中,该活跃期检测单元110可进一步包括一活跃事件检测模块,用于基于该历史排名信息检测所述应用程序的活跃事件。In a preferred embodiment of the present invention, the active period detection unit 110 may further include an active event detection module, configured to detect active events of the application program based on the historical ranking information.

优选地,本发明实施方式中的系统还可包括一排名阈值设置单元,用于设置排名阈值K*的值,从而确定应用程序在应用程序排行榜上排名较高的标准。该排名阈值K*的取值可以是1~500之间的整数。Preferably, the system in the embodiment of the present invention may further include a ranking threshold setting unit, configured to set the value of the ranking threshold K*, so as to determine the standard for an application to rank higher on the application leaderboard. The value of the ranking threshold K* may be an integer between 1 and 500.

在本发明具体实施方式中,该活跃事件检测模块进一步包括:In a specific embodiment of the present invention, the active event detection module further includes:

开始时间识别模块,用于从历史排名信息中识别出活跃事件的开始时间。具体地,该开始时间识别模块可顺序搜索历史排名信息中每个时间点上的应用程序排名,当当前时间点的排名不大于排名阈值K*且上一时间点的排名大于排名阈值K*时,识别当前时间点为活跃事件的开始时间。The start time identification module is configured to identify the start time of an active event from historical ranking information. Specifically, the start time identification module may sequentially search for the ranking of the application program at each time point in the historical ranking information, when the ranking at the current time point is not greater than the ranking threshold K* and the ranking at the previous time point is greater than the ranking threshold K* , identifying the current time point as the start time of the active event.

结束时间识别模块,用于从历史排名信息中识别出活跃时间的结束时间。具体地,该结束时间识别模块可顺序搜索历史排名信息中每个时间点上的应用程序排名,当当前时间点的排名大于排名阈值K*且上一时间点的排名不大于排名阈值K*时,识别上一时间点为活跃事件的结束时间。The end time identification module is used to identify the end time of the active time from the historical ranking information. Specifically, the end time identification module may sequentially search for the ranking of the application program at each time point in the historical ranking information, when the ranking at the current time point is greater than the ranking threshold K* and the ranking at the previous time point is not greater than the ranking threshold K* , identifying the last time point as the end time of the active event.

活跃事件识别模块,用于将每个开始时间与其之后相邻的结束时间之间的时间段识别为活跃事件,这样就检测出了应用程序在排名历史中的所有活跃事件。The active event identification module is configured to identify the time period between each start time and its adjacent end time as an active event, thus detecting all active events of the application in the ranking history.

值得说明的是,作为一种特殊情况,如果在所分析和处理的历史时期的第一个时间点上,例如在历史记录中的第一天,应用程序的排名就在排行榜前K*位之列,此时该开始时间识别模块将该第一个时间点定义为一个开始时间。类似地,如果在所分析和处理的历史时期的最后一个时间点上,例如今天,应用程序的排名仍在排行榜前K*位之列,此时该结束时间识别模块将该最后一个时间点定义为一个结束时间。It is worth noting that, as a special case, if at the first point in time of the analyzed and processed historical period, for example, on the first day in the history, the ranking of the application is in the top K* position of the leaderboard In this case, the start time identification module defines the first time point as a start time. Similarly, if at the last time point of the analyzed and processed historical period, such as today, the ranking of the application program is still among the top K* positions in the leaderboard, the end time recognition module will use the last time point Defined as an end time.

在本发明一个优选实施方式中,该活跃期检测单元110用于合并相邻近的活跃事件以构成所述应用程序的所述活跃期。In a preferred embodiment of the present invention, the active period detection unit 110 is configured to combine adjacent active events to form the active period of the application program.

优选地,本发明实施方式中的排名欺诈检测系统100还可包括一间隔阈值设置单元,用于设置该间隔阈值φ的值,从而确定将两个活跃事件合并在同一活跃期内的标准。该间隔阈值φ的取值可以是应用程序排行榜的更新周期的2~10倍中的一整数值。Preferably, the ranking fraud detection system 100 in the embodiment of the present invention may further include an interval threshold setting unit, configured to set the value of the interval threshold φ, so as to determine the criteria for merging two active events into the same active period. The value of the interval threshold φ may be an integer value of 2-10 times the update period of the application leaderboard.

在本发明具体实施方式中,活跃期检测单元110从历史排名信息中的初始时间点开始顺序搜索每个检测出的活跃事件,当当前活跃事件与上一活跃事件的时间间隔小于该间隔阈值φ时,将这两个活跃事件合并在同一活跃期内,直至搜索完所有检测出的活跃事件以检测出该应用程序在排名历史中的所有活跃期。In a specific embodiment of the present invention, the active period detection unit 110 sequentially searches each detected active event from the initial time point in the historical ranking information, when the time interval between the current active event and the previous active event is less than the interval threshold φ When , these two active events are combined into the same active period until all detected active events are searched to detect all active periods of the application in the ranking history.

值得说明的是,作为一种特殊情况,如果一个活跃事件并不与任何其他活跃事件相邻近,该活跃事件自身也可被认为构成一活跃期。在这种情况下,该活跃期检测单元110用于当一活跃事件与上一活跃事件的时间间隔不小于所述间隔阈值φ,且该活跃事件与下一活跃事件的时间间隔不小于所述间隔阈值φ时,检测该活跃事件自身为一活跃期。It is worth noting that, as a special case, if an active event is not adjacent to any other active event, the active event itself can also be considered to constitute an active period. In this case, the active period detection unit 110 is used when the time interval between an active event and the previous active event is not less than the interval threshold φ, and the time interval between the active event and the next active event is not less than the When the interval threshold φ, the active event itself is detected as an active period.

作为本发明一个优选实施方式,排名欺诈检测系统100还可以包括一活跃期发送单元,将所检测出的应用程序的活跃期信息发送给应用程序开发者、应用程序商店运营商或应用程序用户。As a preferred embodiment of the present invention, the ranking fraud detection system 100 may also include an active period sending unit, which sends the detected active period information of the application to the application developer, application store operator or application user.

排名欺诈检测单元120,用于基于至少一个与排名相关的证据来对所述活跃期进行检测,得到排名欺诈检测结果。The ranking fraud detection unit 120 is configured to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

作为本发明的一个优选实施方式,该排名欺诈检测单元120可进一步包括一证据验证模块,用于基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数。As a preferred embodiment of the present invention, the ranking fraud detection unit 120 may further include an evidence verification module, configured to verify the active period based on at least one ranking-related evidence and obtain a fraud parameter.

由于一个活跃期可能包括一个或多个活跃事件,因此为了抽取活跃期内用于检测排名欺诈的证据,作为本发明的一个优选实施方式,该排名欺诈检测单元120可进一步包括一活跃事件分析模块,用于分析活跃期内各活跃事件的一些基本排名特征,例如识别活跃事件的上升阶段、保持阶段和下降阶段。在本发明一个优选实施方式中,在该活跃事件分析模块识别上述三阶段的方式为:确定活跃事件中应用程序的排名在峰值范围ΔR内的第一个时间和最后一个时间,将该第一个时间和该最后一个时间之间的时间段识别为保持阶段,将活跃事件中在保持阶段之前的时间段识别为上升阶段,将活跃事件中在保持阶段之后的时间段识别为下降阶段。Since an active period may include one or more active events, in order to extract evidence for detecting ranking fraud during the active period, as a preferred embodiment of the present invention, the ranking fraud detection unit 120 may further include an active event analysis module , which is used to analyze some basic ranking characteristics of each active event during the active period, such as identifying the rising phase, maintaining phase and declining phase of active events. In a preferred embodiment of the present invention, the method for identifying the above three stages in the active event analysis module is: determine the first time and the last time when the ranking of the application in the active event is within the peak range ΔR, and the first time The time period between the last time and the last time is identified as the hold phase, the time period in the active event before the hold phase is identified as the rising phase, and the time period in the active event after the hold phase is identified as the falling phase.

在一个优选实施方式中,与排名相关的证据可基于活跃期内的活跃事件中的上升阶段和/或下降阶段所体现出的一些排名特征来构成,并基于所构成的该证据计算出一证据值作为用于判断排名欺诈的欺诈参数。在另一个优选实施方式中,与排名相关的证据可基于活跃期内的活跃事件中的保持阶段所体现出的一些排名特征来构成,并基于所构成的该证据计算出一证据值作为用于判断排名欺诈的欺诈参数。在另一个优选实施方式中,与排名相关的证据可基于活跃期内的活跃事件的数量构成,并基于所构成的该证据确定出活跃期内的活跃事件的数量|Es|,作为用于判断排名欺诈的欺诈参数。In a preferred embodiment, the evidence related to the ranking can be formed based on some ranking characteristics reflected in the rising stage and/or falling stage of the active events in the active period, and an evidence is calculated based on the constituted evidence The value is used as a fraud parameter for judging ranking fraud. In another preferred embodiment, the evidence related to the ranking can be formed based on some ranking characteristics reflected in the maintenance stage of the active event in the active period, and an evidence value is calculated based on the constituted evidence as the Fraud parameters for judging ranking fraud. In another preferred embodiment, the evidence related to the ranking can be formed based on the number of active events in the active period, and based on the constituted evidence, the number |E s | of active events in the active period can be determined as the Fraud parameters for judging ranking fraud.

除了在上述各优选实施方式中单独使用它们中的一个来进行排名欺诈检测之外,证据验证模块还可以综合考虑上述与排名相关的证据中的多个,将基于这些证据验证得到的对应欺诈参数进行加权计算,从而得到一个最终欺诈参数。In addition to using one of them alone for ranking fraud detection in each of the above-mentioned preferred embodiments, the evidence verification module can also comprehensively consider multiple of the above-mentioned ranking-related evidences, and verify the corresponding fraud parameters obtained based on these evidences Weighted calculations are performed to obtain a final fraud parameter.

为了使本领域技术人员更加方便地进行排名欺诈检测,在一个优选实施方式中,排名欺诈检测单元120还可以进一步包括一欺诈参数判断模块,将根据证据所计算得到的欺诈参数与一阈值进行比较,从而直观地判断出判断应用程序是否存在排名欺诈。In order to make ranking fraud detection more convenient for those skilled in the art, in a preferred embodiment, the ranking fraud detection unit 120 may further include a fraud parameter judging module, which compares the fraud parameter calculated according to the evidence with a threshold , so as to intuitively judge whether there is ranking fraud in the application program.

在排名欺诈检测步骤中得到排名欺诈检测结果后,在本发明一个优选实施方式中,排名欺诈检测系统100还包括一排名欺诈检测结果发送单元,将所得到的排名欺诈检测结果发送给应用程序商店运营商或应用程序的终端用户。After the ranking fraud detection result is obtained in the ranking fraud detection step, in a preferred embodiment of the present invention, the ranking fraud detection system 100 further includes a ranking fraud detection result sending unit, which sends the obtained ranking fraud detection result to the application store The operator or the end user of the application.

本领域技术人员可以理解,当应用程序的活跃事件和活跃期信息已知的情况下,本领域技术人员可以直接根据上述活跃事件和活跃期信息来实施上述排名欺诈检测步骤,从而实现应用程序排名欺诈的检测。因此,在本发明的另一个具体实施方式中还提供了一种应用程序的排名欺诈检测方法,所述方法包括:基于至少一个与排名相关的证据来对所述活跃期进行检测,得到排名欺诈检测结果。在该具体实施方式的应用程序排名欺诈检测方法中,所实施的技术内容与之前具体实施方式中排名欺诈检测步骤相同,此处不再赘述。Those skilled in the art can understand that when the active event and active period information of the application program is known, those skilled in the art can directly implement the above steps of ranking fraud detection based on the above active event and active period information, so as to achieve application ranking Fraud detection. Therefore, another specific embodiment of the present invention also provides a ranking fraud detection method for an application, the method comprising: detecting the active period based on at least one ranking-related evidence, and obtaining a ranking fraud Test results. In the application ranking fraud detection method in this specific embodiment, the implemented technical content is the same as the ranking fraud detection steps in the previous specific embodiment, and will not be repeated here.

同时对应地,本发明另一个具体实施方式中还提供了一种应用程序的排名欺诈检测系统,所述系统包括:排名欺诈检测单元,用于基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果。在该具体实施方式的应用程序排名欺诈检测系统中,所实施的技术内容与之前具体实施方式中排名欺诈检测单元相同,此处不再赘述。Correspondingly, another specific embodiment of the present invention also provides a ranking fraud detection system for applications, the system comprising: a ranking fraud detection unit, configured to detect the active period based on at least one ranking-related evidence Perform detection to obtain ranking fraud detection results. In the application program ranking fraud detection system in this specific embodiment, the implemented technical content is the same as that of the ranking fraud detection unit in the previous specific embodiment, and will not be repeated here.

图6为本发明实施例提供的一种应用程序的排名欺诈检测系统600的结构示意图,本发明具体实施例并不对排名欺诈检测系统600的具体实现做限定。如图6所示,该排名欺诈检测系统600可以包括:FIG. 6 is a schematic structural diagram of a ranking fraud detection system 600 for an application provided by an embodiment of the present invention. The specific embodiment of the present invention does not limit the specific implementation of the ranking fraud detection system 600 . As shown in Figure 6, the ranking fraud detection system 600 may include:

处理器(processor)610、通信接口(Communications Interface)620、存储器(memory)630、以及通信总线640。其中:A processor (processor) 610 , a communication interface (Communications Interface) 620 , a memory (memory) 630 , and a communication bus 640 . in:

处理器610、通信接口620、以及存储器630通过通信总线640完成相互间的通信。The processor 610 , the communication interface 620 , and the memory 630 communicate with each other through the communication bus 640 .

通信接口620,用于与比如客户端等的网元通信。The communication interface 620 is used for communicating with network elements such as clients.

处理器610,用于执行程序632,具体可以实现上述图5所述实施例中排名欺诈检测系统的相关功能。The processor 610 is configured to execute the program 632, and may specifically implement related functions of the ranking fraud detection system in the above-mentioned embodiment shown in FIG. 5 .

具体地,程序632可以包括程序代码,所述程序代码包括计算机操作指令。Specifically, the program 632 may include program codes including computer operation instructions.

处理器610可能是一个中央处理器CPU,或者是特定集成电路ASIC(ApplicationSpecific Integrated Circuit),或者是被配置成实施本发明实施例的一个或多个集成电路。The processor 610 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present invention.

存储器630,用于存放程序632。存储器630可能包含高速RAM存储器,也可能还包括非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。程序632具体可以包括:The memory 630 is used to store the program 632 . The memory 630 may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory. Program 632 may specifically include:

活跃期检测单元,用于基于历史排名信息检测所述应用程序的活跃期;An active period detection unit, configured to detect the active period of the application based on historical ranking information;

排名欺诈检测单元,用于基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果。A ranking fraud detection unit, configured to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

程序632具体也可以包括:Program 632 may specifically include:

排名欺诈检测单元,用于基于至少一个与排名相关的证据对活跃期进行检测,得到排名欺诈检测结果。The ranking fraud detection unit is configured to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result.

程序632中各单元的具体实现可以参见上文各实施例中的相应单元,在此不赘述。For the specific implementation of each unit in the program 632, reference may be made to the corresponding units in the above embodiments, which will not be repeated here.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的设备和模块的具体工作过程,可以参考前述装置实施例中的对应描述,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of description, the specific working process of the devices and modules described above can refer to the corresponding descriptions in the foregoing device embodiments, and details are not repeated here.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及方法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those skilled in the art can appreciate that the units and method steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对原有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

以上实施方式仅用于说明本发明,而并非对本发明的限制,有关技术领域的普通技术人员,在不脱离本发明的精神和范围的情况下,还可以做出各种变化和变型,因此所有等同的技术方案也属于本发明的范畴,本发明的专利保护范围应由权利要求限定。The above embodiments are only used to illustrate the present invention, but not to limit the present invention. Those of ordinary skill in the relevant technical field can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, all Equivalent technical solutions also belong to the category of the present invention, and the scope of patent protection of the present invention should be defined by the claims.

Claims (57)

1.一种应用程序的排名欺诈检测方法,其特征在于,所述方法包括:1. A ranking fraud detection method for an application, characterized in that the method comprises: 活跃期检测步骤,基于历史排名信息检测所述应用程序的活跃期;The active period detection step is to detect the active period of the application program based on historical ranking information; 排名欺诈检测步骤,基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果;The ranking fraud detection step is to detect the active period based on at least one ranking-related evidence, and obtain the ranking fraud detection result; 所述排名欺诈检测步骤进一步包括:The ranking fraud detection step further includes: 活跃事件分析步骤,识别所述活跃期中至少一个活跃事件的上升阶段、保持阶段和下降阶段;an active event analysis step, identifying a rise phase, a hold phase, and a decline phase of at least one active event in said active period; 所述活跃事件为应用程序持续排名不大于排名阈值的时期;The active event is a period during which the continuous ranking of the application program is not greater than the ranking threshold; 所述活跃期为将时间间隔小于间隔阈值φ的活跃事件合并起来的时期,或与其他活跃事件时间间隔不小于间隔阈值φ的活跃事件。The active period is a period in which active events with a time interval smaller than the interval threshold φ are combined, or an active event whose time interval with other active events is not less than the interval threshold φ. 2.根据权利要求1所述的方法,其特征在于,所述排名欺诈检测步骤进一步包括:2. The method according to claim 1, wherein the ranking fraud detection step further comprises: 证据验证步骤,基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数。The evidence verification step is to verify the active period based on at least one ranking-related evidence and obtain a fraud parameter. 3.根据权利要求2所述的方法,其特征在于,在所述活跃事件分析步骤中,确定所述活跃事件中所述应用程序的排名在一峰值范围ΔR内的第一个时间和最后一个时间,将所述第一个时间和所述最后一个时间之间的时间段识别为所述保持阶段,将所述活跃事件中在保持阶段之前的时间段识别为所述上升阶段,将所述活跃事件中在保持阶段之后的时间段识别为所述下降阶段。3. The method according to claim 2, characterized in that, in the active event analysis step, determine the first time and the last time when the ranking of the application program in the active event is within a peak range ΔR time, identifying the time period between the first time and the last time as the hold phase, identifying the time period in the active event before the hold phase as the ramp-up phase, identifying the The period of time following the hold phase in an active event is identified as the decline phase. 4.根据权利要求2所述的方法,其特征在于,所述与排名相关的证据基于所述活跃期内的活跃事件中的上升阶段和/或下降阶段构成。4. The method according to claim 2, wherein the evidence related to the ranking is formed based on an ascending phase and/or a descending phase in active events within the active period. 5.根据权利要求4所述的方法,其特征在于,5. The method of claim 4, wherein, 所述欺诈参数是所述活跃期内所有活跃事件的所述上升阶段的时间范围的平均值,或所述活跃期内所有活跃事件的所述下降阶段的时间范围的平均值,或所述活跃期内所有活跃事件的所述上升阶段的时间范围和下降阶段的时间范围的和的平均值。The fraud parameter is the average value of the time range of the rising phase of all active events in the active period, or the average value of the time range of the falling phase of all active events in the active period, or the active The average of the sum of the time ranges for the described up phase and down phase for all active events in the period. 6.根据权利要求4所述的方法,其特征在于,6. The method of claim 4, wherein, 所述欺诈参数是所述活跃期内所有活跃事件的所述上升阶段的曲线与时间轴相交所形成的锐角的角度的平均值,或所有活跃事件的所述下降阶段的曲线与时间轴相交所形成的锐角的角度的平均值,或所有活跃事件的所述上升阶段的曲线和所述下降阶段的曲线与时间轴相交所形成的锐角的角度和的平均值。The fraud parameter is the average value of the acute angle formed by the intersection of the curves of the rising phase of all active events with the time axis in the active period, or the intersection of the curves of the falling phase of all active events and the time axis. The average value of the angles of the acute angles formed, or the average value of the sum of the angles of the acute angles formed by the intersection of the curves of the rising phase and the curves of the falling phase of all active events with the time axis. 7.根据权利要求2所述的方法,其特征在于,7. The method of claim 2, wherein, 所述与排名相关的证据基于所述活跃期内的活跃事件中的保持阶段构成。The ranking-related evidence is constituted based on a hold phase in active events within the active period. 8.根据权利要求7所述的方法,其特征在于,8. The method of claim 7, wherein, 所述欺诈参数是所述活跃期内所有活跃事件的所述保持阶段的时间范围的平均值。The fraud parameter is an average of the time range of the hold phase of all active events in the active period. 9.根据权利要求7所述的方法,其特征在于,基于所有活跃事件的所述保持阶段中所述应用程序的平均排名和所述保持阶段的时间范围来计算所述欺诈参数。9. The method of claim 7, wherein the fraud parameter is calculated based on an average rank of the application in the hold phase of all active events and a time frame of the hold phase. 10.根据权利要求2所述的方法,其特征在于,10. The method of claim 2, wherein, 所述与排名相关的证据基于所述活跃期内活跃事件的数量构成。The ranking-related evidence is based on the number of active events within the active period. 11.根据权利要求10所述的方法,其特征在于,11. The method of claim 10, wherein, 所述欺诈参数是所述活跃期内活跃事件的数量。The fraud parameter is the number of active events within the active period. 12.根据权利要求2所述的方法,其特征在于,在所述证据验证步骤中,综合考虑上述与排名相关的证据中的多个,将基于所述与排名相关的证据中的多个,验证得到的对应欺诈参数进行加权计算,从而得到一个最终欺诈参数。12. The method according to claim 2, characterized in that, in the evidence verification step, comprehensively considering a plurality of the above-mentioned evidences related to the ranking, based on a plurality of the evidences related to the ranking, The corresponding fraud parameters obtained through verification are weighted and calculated to obtain a final fraud parameter. 13.根据权利要求2-11中任一项所述的方法,其特征在于,所述排名欺诈检测步骤进一步包括:13. The method according to any one of claims 2-11, wherein the ranking fraud detection step further comprises: 欺诈参数判断步骤,将所述欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。The fraud parameter judging step is to compare the fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application program. 14.根据权利要求12所述的方法,其特征在于,所述排名欺诈检测步骤进一步包括:14. The method according to claim 12, wherein said ranking fraud detection step further comprises: 欺诈参数判断步骤,将所述最终欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。The fraud parameter judging step is to compare the final fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application program. 15.根据权利要求1所述的方法,其特征在于,所述方法还包括:15. The method of claim 1, further comprising: 历史排名信息获取步骤,获取所述应用程序在应用程序排行榜上的所述历史排名信息。The historical ranking information obtaining step is to obtain the historical ranking information of the application on the application leaderboard. 16.根据权利要求15所述的方法,其特征在于,在所述历史排名信息获取步骤中,从应用程序商店运营商获取所述历史排名信息,或从应用程序商店发布的数据中抽取所述历史排名信息。16. The method according to claim 15, characterized in that, in the step of obtaining historical ranking information, the historical ranking information is obtained from an application store operator, or the historical ranking information is extracted from data released by an application store. Historical ranking information. 17.根据权利要求1所述的方法,其特征在于,所述历史排名信息包括表示为一个与离散时间序列对应的排名序列,所述排名序列中的每个元素对应于所述时间序列中的一个离散时间点,表示所述应用程序在所述离散时间点时的排名。17. The method according to claim 1, wherein the historical ranking information includes a ranking sequence corresponding to a discrete time series, and each element in the ranking sequence corresponds to an element in the time series A discrete point in time representing the ranking of the application at the discrete point in time. 18.根据权利要求1所述的方法,其特征在于,所述方法还包括:将所检测出的所述应用程序的所述活跃期发送给应用程序开发者、应用程序商店运营商、应用程序用户中的至少一个。18. The method according to claim 1, further comprising: sending the detected active period of the application program to application program developers, application program store operators, application program at least one of the users. 19.根据权利要求1所述的方法,其特征在于,所述方法还包括:将所检测出的所述排名欺诈检测结果发送给应用程序商店运营商、应用程序用户中的至少一个。19. The method according to claim 1, further comprising: sending the detected ranking fraud detection result to at least one of an application program store operator and an application program user. 20.一种应用程序的排名欺诈检测系统,其特征在于,所述系统包括:20. A ranking fraud detection system for applications, characterized in that the system comprises: 活跃期检测单元,用于基于历史排名信息检测所述应用程序的活跃期;An active period detection unit, configured to detect the active period of the application based on historical ranking information; 排名欺诈检测单元,用于基于至少一个与排名相关的证据对所述活跃期进行检测,得到排名欺诈检测结果;A ranking fraud detection unit, configured to detect the active period based on at least one ranking-related evidence, and obtain a ranking fraud detection result; 所述排名欺诈检测单元进一步包括:The ranking fraud detection unit further includes: 活跃事件分析模块,用于识别所述活跃期中至少一个活跃事件的上升阶段、保持阶段和下降阶段;An active event analysis module, configured to identify a rise phase, a maintenance phase and a decline phase of at least one active event in the active period; 所述活跃事件为应用程序持续排名不大于排名阈值的时期;The active event is a period during which the continuous ranking of the application program is not greater than the ranking threshold; 所述活跃期为将时间间隔小于间隔阈值φ的活跃事件合并起来的时期,或与其他活跃事件时间间隔不小于间隔阈值φ的活跃事件。The active period is a period in which active events with a time interval smaller than the interval threshold φ are combined, or an active event whose time interval with other active events is not less than the interval threshold φ. 21.根据权利要求20所述的系统,其特征在于,所述排名欺诈检测单元进一步包括:21. The system according to claim 20, wherein the ranking fraud detection unit further comprises: 证据验证模块,用于基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数。The evidence verification module is used to verify the active period based on at least one ranking-related evidence and obtain a fraud parameter. 22.根据权利要求21所述的系统,其特征在于,所述活跃事件分析模块,用于确定所述活跃事件中所述应用程序的排名在一峰值范围ΔR内的第一个时间和最后一个时间,将所述第一个时间和所述最后一个时间之间的时间段识别为所述保持阶段,将所述活跃事件中在保持阶段之前的时间段识别为所述上升阶段,将所述活跃事件中在保持阶段之后的时间段识别为所述下降阶段。22. The system according to claim 21, wherein the active event analysis module is configured to determine the first time and the last time when the ranking of the application program in the active event is within a peak range ΔR time, identifying the time period between the first time and the last time as the hold phase, identifying the time period in the active event before the hold phase as the ramp-up phase, identifying the The period of time following the hold phase in an active event is identified as the decline phase. 23.根据权利要求21所述的系统,其特征在于,所述与排名相关的证据基于所述活跃期内的活跃事件中的上升阶段和/或下降阶段构成。23. The system according to claim 21, wherein the ranking-related evidence is formed based on rising phases and/or falling phases in active events within the active period. 24.根据权利要求21所述的系统,其特征在于,所述与排名相关的证据基于所述活跃期内的活跃事件中的保持阶段构成。24. The system of claim 21, wherein the ranking-related evidence is constituted based on a hold phase in active events within the active period. 25.根据权利要求21所述的系统,其特征在于,25. The system of claim 21, wherein: 所述与排名相关的证据基于所述活跃期内活跃事件的数量构成。The ranking-related evidence is based on the number of active events within the active period. 26.根据权利要求21所述的系统,其特征在于,所述证据验证模块,用于综合考虑上述与排名相关的证据中的多个,将基于所述与排名相关的证据中的多个,验证得到的对应欺诈参数进行加权计算,从而得到一个最终欺诈参数。26. The system according to claim 21, wherein the evidence verification module is configured to comprehensively consider a plurality of the above-mentioned ranking-related evidences, based on a plurality of the ranking-related evidences, The corresponding fraud parameters obtained through verification are weighted and calculated to obtain a final fraud parameter. 27.根据权利要求21-25中任一项所述的系统,其特征在于,所述排名欺诈检测单元进一步包括:27. The system according to any one of claims 21-25, wherein the ranking fraud detection unit further comprises: 欺诈参数判断模块,用于将所述欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。The fraud parameter judging module is used to compare the fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application program. 28.根据权利要求26所述的系统,其特征在于,所述排名欺诈检测单元进一步包括:28. The system according to claim 26, wherein the ranking fraud detection unit further comprises: 欺诈参数判断模块,用于将所述最终欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。A fraud parameter judging module, configured to compare the final fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application. 29.根据权利要求20所述的系统,其特征在于,所述系统还包括:29. The system of claim 20, further comprising: 历史排名信息获取单元,用于获取所述应用程序在应用程序排行榜上的所述历史排名信息。A historical ranking information acquiring unit, configured to acquire the historical ranking information of the application on the application leaderboard. 30.根据权利要求29所述的系统,其特征在于,所述历史排名信息获取单元,用于从应用程序商店运营商获取所述历史排名信息,或从应用程序商店发布的数据中抽取所述历史排名信息。30. The system according to claim 29, wherein the historical ranking information obtaining unit is configured to obtain the historical ranking information from an application store operator, or extract the historical ranking information from data released by the application store. Historical ranking information. 31.根据权利要求20所述的系统,其特征在于,所述系统还包括一活跃期发送单元,用于将所检测出的所述应用程序的所述活跃期发送给应用程序开发者、应用程序商店运营商、应用程序用户中的至少一个。31. The system according to claim 20, further comprising an active period sending unit, configured to send the detected active period of the application program to the application developer, application At least one of the program store operator and the application user. 32.根据权利要求20所述的系统,其特征在于,所述系统还包括一排名欺诈检测结果发送单元,用于将所检测出的所述排名欺诈检测结果发送给应用程序商店运营商、应用程序用户中的至少一个。32. The system according to claim 20, further comprising a ranking fraud detection result sending unit, configured to send the detected ranking fraud detection result to application store operators, application At least one of the program users. 33.一种应用程序的排名欺诈检测方法,其特征在于,所述方法包括:33. An application ranking fraud detection method, characterized in that the method comprises: 基于至少一个与排名相关的证据对应用程序的活跃期进行检测,得到排名欺诈检测结果;Based on at least one ranking-related evidence, the active period of the application is detected to obtain a ranking fraud detection result; 所述方法进一步包括:The method further comprises: 活跃事件分析步骤,识别所述活跃期中至少一个活跃事件的上升阶段、保持阶段和下降阶段;an active event analysis step, identifying a rise phase, a hold phase, and a decline phase of at least one active event in said active period; 所述活跃事件为应用程序持续排名不大于排名阈值的时期;The active event is a period during which the continuous ranking of the application program is not greater than the ranking threshold; 所述活跃期为将时间间隔小于间隔阈值φ的活跃事件合并起来的时期,或与其他活跃事件时间间隔不小于间隔阈值φ的活跃事件。The active period is a period in which active events with a time interval smaller than the interval threshold φ are combined, or an active event whose time interval with other active events is not less than the interval threshold φ. 34.根据权利要求33所述的方法,其特征在于,所述方法进一步包括:34. The method of claim 33, further comprising: 证据验证步骤,基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数。The evidence verification step is to verify the active period based on at least one ranking-related evidence and obtain a fraud parameter. 35.根据权利要求34所述的方法,其特征在于,在所述活跃事件分析步骤中,确定所述活跃事件中所述应用程序的排名在一峰值范围ΔR内的第一个时间和最后一个时间,将所述第一个时间和所述最后一个时间之间的时间段识别为所述保持阶段,将所述活跃事件中在保持阶段之前的时间段识别为所述上升阶段,将所述活跃事件中在保持阶段之后的时间段识别为所述下降阶段。35. The method according to claim 34, characterized in that, in the active event analysis step, determine the first time and the last time when the ranking of the application program in the active event is within a peak range ΔR time, identifying the time period between the first time and the last time as the hold phase, identifying the time period in the active event before the hold phase as the ramp-up phase, identifying the The period of time following the hold phase in an active event is identified as the decline phase. 36.根据权利要求34所述的方法,其特征在于,所述与排名相关的证据基于所述活跃期内的活跃事件中的上升阶段和/或下降阶段构成。36. The method according to claim 34, wherein the ranking-related evidence is formed based on rising phases and/or falling phases in active events within the active period. 37.根据权利要求36所述的方法,其特征在于,37. The method of claim 36, wherein, 所述欺诈参数是所述活跃期内所有活跃事件的所述上升阶段的时间范围的平均值,或所述活跃期内所有活跃事件的所述下降阶段的时间范围的平均值,或所述活跃期内所有活跃事件的所述上升阶段的时间范围和下降阶段的时间范围的和的平均值。The fraud parameter is the average value of the time range of the rising phase of all active events in the active period, or the average value of the time range of the falling phase of all active events in the active period, or the active The average of the sum of the time ranges for the described up phase and down phase for all active events in the period. 38.根据权利要求36所述的方法,其特征在于,38. The method of claim 36, wherein, 所述欺诈参数是所述活跃期内所有活跃事件的所述上升阶段的曲线与时间轴相交所形成的锐角的角度的平均值,或所有活跃事件的所述下降阶段的曲线与时间轴相交所形成的锐角的角度的平均值,或所有活跃事件的所述上升阶段的曲线和所述下降阶段的曲线与时间轴相交所形成的锐角的角度和的平均值。The fraud parameter is the average value of the acute angle formed by the intersection of the curves of the rising phase of all active events with the time axis in the active period, or the intersection of the curves of the falling phase of all active events and the time axis. The average value of the angles of the acute angles formed, or the average value of the sum of the angles of the acute angles formed by the intersection of the curves of the rising phase and the curves of the falling phase of all active events with the time axis. 39.根据权利要求34所述的方法,其特征在于,39. The method of claim 34, wherein, 所述与排名相关的证据基于所述活跃期内的活跃事件中的保持阶段构成。The ranking-related evidence is constituted based on a hold phase in active events within the active period. 40.根据权利要求39所述的方法,其特征在于,40. The method of claim 39, wherein, 所述欺诈参数是所述活跃期内所有活跃事件的所述保持阶段的时间范围的平均值。The fraud parameter is an average of the time range of the hold phase of all active events in the active period. 41.根据权利要求39所述的方法,其特征在于,基于所有活跃事件的所述保持阶段中所述应用程序的平均排名和所述保持阶段的时间范围来计算所述欺诈参数。41. The method of claim 39, wherein the fraud parameter is calculated based on an average rank of the application in the hold phase of all active events and a time frame of the hold phase. 42.根据权利要求34所述的方法,其特征在于,42. The method of claim 34, wherein, 所述与排名相关的证据基于所述活跃期内活跃事件的数量构成。The ranking-related evidence is based on the number of active events within the active period. 43.根据权利要求42所述的方法,其特征在于,43. The method of claim 42, wherein, 所述欺诈参数是所述活跃期内活跃事件的数量。The fraud parameter is the number of active events within the active period. 44.根据权利要求42所述的方法,其特征在于,在所述证据验证步骤中,综合考虑上述与排名相关的证据中的多个,将基于所述与排名相关的证据中的多个,验证得到的对应欺诈参数进行加权计算,从而得到一个最终欺诈参数。44. The method according to claim 42, characterized in that, in the step of verifying evidence, comprehensively considering a plurality of the above-mentioned ranking-related evidences, based on a plurality of the ranking-related evidences, The corresponding fraud parameters obtained through verification are weighted and calculated to obtain a final fraud parameter. 45.根据权利要求34-43中任一项所述的方法,其特征在于,所述方法进一步包括:45. The method according to any one of claims 34-43, further comprising: 欺诈参数判断步骤,将所述欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。The fraud parameter judging step is to compare the fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application program. 46.根据权利要求44所述的方法,其特征在于,所述方法进一步包括:46. The method of claim 44, further comprising: 欺诈参数判断步骤,将所述最终欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。The fraud parameter judging step is to compare the final fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application program. 47.根据权利要求33所述的方法,其特征在于,所述方法还包括:将所检测出的所述排名欺诈检测结果发送给应用程序商店运营商、应用程序用户中的至少一个。47. The method according to claim 33, further comprising: sending the detected ranking fraud detection result to at least one of an application program store operator and an application program user. 48.一种应用程序的排名欺诈检测系统,其特征在于,所述系统包括:48. An application ranking fraud detection system, characterized in that the system comprises: 排名欺诈检测单元,用于基于至少一个与排名相关的证据对应用程序的活跃期进行检测,得到排名欺诈检测结果;A ranking fraud detection unit, configured to detect the active period of the application program based on at least one ranking-related evidence, and obtain a ranking fraud detection result; 所述排名欺诈检测单元进一步包括:The ranking fraud detection unit further includes: 活跃事件分析模块,用于识别所述活跃期中至少一个活跃事件的上升阶段、保持阶段和下降阶段;An active event analysis module, configured to identify a rise phase, a maintenance phase and a decline phase of at least one active event in the active period; 所述活跃事件为应用程序持续排名不大于排名阈值的时期;The active event is a period during which the continuous ranking of the application program is not greater than the ranking threshold; 所述活跃期为将时间间隔小于间隔阈值φ的活跃事件合并起来的时期,或与其他活跃事件时间间隔不小于间隔阈值φ的活跃事件。The active period is a period in which active events with a time interval smaller than the interval threshold φ are combined, or an active event whose time interval with other active events is not less than the interval threshold φ. 49.根据权利要求48所述的系统,其特征在于,所述排名欺诈检测单元进一步包括:49. The system according to claim 48, wherein the ranking fraud detection unit further comprises: 证据验证模块,用于基于至少一个与排名相关的证据对所述活跃期进行验证并得到一欺诈参数。The evidence verification module is used to verify the active period based on at least one ranking-related evidence and obtain a fraud parameter. 50.根据权利要求49所述的系统,其特征在于,所述活跃事件分析模块,用于确定所述活跃事件中所述应用程序的排名在一峰值范围ΔR内的第一个时间和最后一个时间,将所述第一个时间和所述最后一个时间之间的时间段识别为所述保持阶段,将所述活跃事件中在保持阶段之前的时间段识别为所述上升阶段,将所述活跃事件中在保持阶段之后的时间段识别为所述下降阶段。50. The system according to claim 49, wherein the active event analysis module is configured to determine the first time and the last time when the ranking of the application program in the active event is within a peak range ΔR time, identifying the time period between the first time and the last time as the hold phase, identifying the time period in the active event before the hold phase as the ramp-up phase, identifying the The period of time following the hold phase in an active event is identified as the decline phase. 51.根据权利要求49所述的系统,其特征在于,所述与排名相关的证据基于所述活跃期内的活跃事件中的上升阶段和/或下降阶段构成。51. The system of claim 49, wherein the ranking-related evidence is formed based on rising phases and/or declining phases in active events within the active period. 52.根据权利要求49所述的系统,其特征在于,所述与排名相关的证据基于所述活跃期内的活跃事件中的保持阶段构成。52. The system of claim 49, wherein the ranking-related evidence is constituted based on a hold phase in active events within the active period. 53.根据权利要求49所述的系统,其特征在于,53. The system of claim 49, wherein: 所述与排名相关的证据基于所述活跃期内活跃事件的数量构成。The ranking-related evidence is based on the number of active events within the active period. 54.根据权利要求49所述的系统,其特征在于,所述证据验证模块,用于综合考虑上述与排名相关的证据中的多个,将基于所述与排名相关的证据中的多个,验证得到的对应欺诈参数进行加权计算,从而得到一个最终欺诈参数。54. The system according to claim 49, wherein the evidence verification module is configured to comprehensively consider a plurality of the above-mentioned ranking-related evidences, based on a plurality of the ranking-related evidences, The corresponding fraud parameters obtained through verification are weighted and calculated to obtain a final fraud parameter. 55.根据权利要求49-53中任一项所述的系统,其特征在于,所述排名欺诈检测单元进一步包括:55. The system according to any one of claims 49-53, wherein the ranking fraud detection unit further comprises: 欺诈参数判断模块,用于将所述欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。The fraud parameter judging module is used to compare the fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application program. 56.根据权利要求54所述的系统,其特征在于,所述排名欺诈检测单元进一步包括:56. The system according to claim 54, wherein the ranking fraud detection unit further comprises: 欺诈参数判断模块,用于将所述最终欺诈参数与一阈值进行比较,从而判断所述应用程序是否存在排名欺诈。A fraud parameter judging module, configured to compare the final fraud parameter with a threshold, so as to judge whether there is ranking fraud in the application. 57.根据权利要求48所述的系统,其特征在于,所述系统还包括一排名欺诈检测结果发送单元,用于将所检测出的所述排名欺诈检测结果发送给应用程序商店运营商、应用程序用户中的至少一个。57. The system according to claim 48, further comprising a ranking fraud detection result sending unit, configured to send the detected ranking fraud detection result to application store operators, application At least one of the program users.
CN201310470187.7A 2013-10-10 2013-10-10 The ranking fraud detection method and ranking fraud detection system of application program Expired - Fee Related CN103559210B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310470187.7A CN103559210B (en) 2013-10-10 2013-10-10 The ranking fraud detection method and ranking fraud detection system of application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310470187.7A CN103559210B (en) 2013-10-10 2013-10-10 The ranking fraud detection method and ranking fraud detection system of application program

Publications (2)

Publication Number Publication Date
CN103559210A CN103559210A (en) 2014-02-05
CN103559210B true CN103559210B (en) 2017-08-15

Family

ID=50013457

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310470187.7A Expired - Fee Related CN103559210B (en) 2013-10-10 2013-10-10 The ranking fraud detection method and ranking fraud detection system of application program

Country Status (1)

Country Link
CN (1) CN103559210B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103530796B (en) 2013-10-10 2016-06-01 北京智谷睿拓技术服务有限公司 The active period detection method of application program and active period detection system
CN103559208B (en) * 2013-10-10 2017-03-01 北京智谷睿拓技术服务有限公司 The ranking fraud detection method of application program and ranking fraud detection system
CN107391548B (en) * 2017-04-06 2020-08-04 华东师范大学 Mobile application market examination user group detection method and system
CN108960304B (en) * 2018-06-20 2022-07-15 东华大学 A deep learning detection method for online transaction fraud

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279786A (en) * 2011-08-25 2011-12-14 百度在线网络技术(北京)有限公司 Method and device for monitoring effective access amount of application program
CN102663101A (en) * 2012-04-13 2012-09-12 北京交通大学 Sina microblog-based user grade sequencing algorithm
CN103164505A (en) * 2012-09-20 2013-06-19 深圳市金立通信设备有限公司 System and method for conducting ranking on internet applications based on actual use frequency

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058597B1 (en) * 1998-12-04 2006-06-06 Digital River, Inc. Apparatus and method for adaptive fraud screening for electronic commerce transactions
US7657497B2 (en) * 2006-11-07 2010-02-02 Ebay Inc. Online fraud prevention using genetic algorithm solution
CN102946331B (en) * 2012-10-10 2016-01-20 北京交通大学 A kind of social networks zombie user detection method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279786A (en) * 2011-08-25 2011-12-14 百度在线网络技术(北京)有限公司 Method and device for monitoring effective access amount of application program
CN102663101A (en) * 2012-04-13 2012-09-12 北京交通大学 Sina microblog-based user grade sequencing algorithm
CN103164505A (en) * 2012-09-20 2013-06-19 深圳市金立通信设备有限公司 System and method for conducting ranking on internet applications based on actual use frequency

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刷榜那些事儿;TMT青年沙龙笔记 虎嗅网;《http://www.huxiu.com/article/5382/1.html》;20121101;网页正文第1、3、5页 *

Also Published As

Publication number Publication date
CN103559210A (en) 2014-02-05

Similar Documents

Publication Publication Date Title
CN103559208B (en) The ranking fraud detection method of application program and ranking fraud detection system
CN109842858B (en) A kind of abnormal business order detection method and device
US10491697B2 (en) System and method for bot detection
US20230115406A1 (en) Method and System for Providing a User Agent String Database
US10025807B2 (en) Dynamic data acquisition method and system
Zhu et al. Ranking fraud detection for mobile apps: A holistic view
CN107256257A (en) Abnormal user generation content identification method and system based on business datum
CN112529575B (en) Risk early warning method, equipment, storage medium and device
CN105843909A (en) Financial information pushing method and apparatus
CN108304426B (en) Identification obtaining method and device
WO2019071906A1 (en) Financial product recommendation device and method, and computer-readable storage medium
TW201710993A (en) Method, apparatus and system for detecting fraudulent software promotion
CN103559210B (en) The ranking fraud detection method and ranking fraud detection system of application program
US10606845B2 (en) Detecting leading session of application
CN111754241A (en) A user behavior perception method, device, device and medium
CN113673870A (en) An enterprise data analysis method and related components
CN113412607A (en) Content pushing method and device, mobile terminal and storage medium
CN117714722A (en) Data analysis method and system for live shopping of electronic commerce
CN103577543B (en) The ranking fraud detection method and ranking fraud detection system of application program
CN103577542B (en) The ranking fraud detection method and ranking fraud detection system of application program
CN103761668A (en) Method and system for detecting bad users in network transaction
CN113361956B (en) Resource quality evaluation methods, devices, equipment and storage media for resource producers
CN108269118B (en) A method and device for data analysis
CN120807007A (en) Software value evaluation method and device, electronic equipment and storage medium
CN112633766A (en) Channel brushing amount judgment method, device, equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170815