[go: up one dir, main page]

CN112016078B - A method, device, server and storage medium for detecting a blocking of a login device - Google Patents

A method, device, server and storage medium for detecting a blocking of a login device Download PDF

Info

Publication number
CN112016078B
CN112016078B CN202010872545.7A CN202010872545A CN112016078B CN 112016078 B CN112016078 B CN 112016078B CN 202010872545 A CN202010872545 A CN 202010872545A CN 112016078 B CN112016078 B CN 112016078B
Authority
CN
China
Prior art keywords
login
equipment
blocked
factor
banned
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010872545.7A
Other languages
Chinese (zh)
Other versions
CN112016078A (en
Inventor
杨景添
苏航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bigo Technology Pte Ltd
Original Assignee
Guangzhou Baiguoyuan Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Baiguoyuan Information Technology Co Ltd filed Critical Guangzhou Baiguoyuan Information Technology Co Ltd
Priority to CN202010872545.7A priority Critical patent/CN112016078B/en
Publication of CN112016078A publication Critical patent/CN112016078A/en
Priority to PCT/CN2021/109010 priority patent/WO2022042194A1/en
Application granted granted Critical
Publication of CN112016078B publication Critical patent/CN112016078B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention discloses a method, a device, a server and a storage medium for detecting the blocking of login equipment. Wherein the method comprises the following steps: screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the blocked equipment library under each equipment factor; and calculating the blocked score of the login device based on the similarity of login parameters of the login device and each blocked device in the blocked device library under the reference device factors. According to the technical scheme provided by the embodiment of the invention, the reliability of the login equipment facing the sealing detection is ensured, each login equipment using the multi-open software is not required to be sealed or clustered, and the hysteresis of the sealing detection is avoided on the basis of ensuring any normal operation of the login equipment, so that the accuracy and the sealing timeliness of the login equipment facing the sealing detection are improved.

Description

一种登录设备的封禁检测方法、装置、服务器和存储介质A method, device, server and storage medium for detecting a blocking of a login device

技术领域Technical Field

本发明实施例涉及互联网技术领域,尤其涉及一种登录设备的封禁检测方法、装置、服务器和存储介质。Embodiments of the present invention relate to the field of Internet technology, and in particular to a method, device, server and storage medium for detecting a blocking of a login device.

背景技术Background technique

随着互联网技术的快速发展,各种应用程序(Application,APP)平台或者网络社区内基本都会存在一些网络黑色产业链(即网络黑产)和恶意用户等,来传播一些违规信息;因此,为了限制网络黑产和恶意用户的违规行为,通常会预先设置相应的风控处罚逻辑,在网络黑产和恶意用户所使用的违规账号达到一定的封禁级别时,会该违规账号和该违规账号所处的登录设备同时进行封禁。此时,用户在某一设备上请求登录对应的账号时,该风控处罚逻辑主要采用该设备的标识信息来判断该设备是否为已封禁设备,但是网络黑产和恶意用户可以使用各类多开软件来更改本次登录设备的标识信息,以绕过已封禁设备的违规检测,继续执行对应的违规行为,无法保障正常用户的信息浏览安全。With the rapid development of Internet technology, there are basically some network black industry chains (i.e., network black industries) and malicious users in various application (Application, APP) platforms or online communities to spread some illegal information; therefore, in order to limit the illegal behaviors of network black industries and malicious users, the corresponding risk control and punishment logic is usually pre-set. When the illegal accounts used by network black industries and malicious users reach a certain ban level, the illegal accounts and the login devices where the illegal accounts are located will be banned at the same time. At this time, when the user requests to log in to the corresponding account on a certain device, the risk control and punishment logic mainly uses the identification information of the device to determine whether the device is a banned device, but network black industries and malicious users can use various types of multi-opening software to change the identification information of the login device this time, so as to bypass the violation detection of the banned device and continue to perform the corresponding illegal behaviors, which cannot guarantee the information browsing security of normal users.

目前,通常采用如下两种方式来解决上述问题:1)通过分析登录设备的上报信息,判断是否使用多开软件,进而禁止用户在使用多开软件的登录设备上进行登录;但是,在很多APP网络场景下,支持正常用户使用多开软件对登录设备的标识信息进行更改,此时禁止每一使用多开软件的登录设备上的用户登录,直接影响到正常用户的常规操作而造成大量用户流失。2)采用聚类算法对大量登录设备进行分类,然后存在已封禁设备的类别下的每一登录设备均进行封禁,此时聚类算法仅能初步圈定封禁设备的范围,无法保证封禁设备的准确性,而且由聚类算法初步圈定的封禁设备范围存在一定滞后性,无法保证对存在违规行为的登录设备进行及时封禁。At present, the following two methods are usually used to solve the above problems: 1) By analyzing the reported information of the login device, determine whether multiple software is used, and then prohibit users from logging in on the login device using multiple software; however, in many APP network scenarios, normal users are supported to use multiple software to change the identification information of the login device. At this time, the user login on each login device using multiple software is prohibited, which directly affects the normal operation of normal users and causes a large number of users to lose. 2) Use a clustering algorithm to classify a large number of login devices, and then ban each login device under the category of banned devices. At this time, the clustering algorithm can only preliminarily define the scope of the banned devices, and cannot guarantee the accuracy of the banned devices. Moreover, the banned device range preliminarily defined by the clustering algorithm has a certain lag, and cannot guarantee that the login devices with violations will be banned in a timely manner.

发明内容Summary of the invention

本发明实施例提供了一种登录设备的封禁检测方法、装置、服务器和存储介质,在保证登录设备正常操作的基础上,提高登录设备面向封禁检测的准确性和封禁及时性。The embodiments of the present invention provide a ban detection method, device, server and storage medium for a login device, which improve the accuracy of ban detection and ban timeliness of the login device on the basis of ensuring the normal operation of the login device.

第一方面,本发明实施例提供了一种登录设备的封禁检测方法,该方法包括:In a first aspect, an embodiment of the present invention provides a method for detecting a blocking of a login device, the method comprising:

基于已封禁设备库在每一设备因子下的登录浮动度,从各所述设备因子中筛选出对应的参考设备因子;Based on the registration fluctuation of the banned device library under each device factor, a corresponding reference device factor is selected from each of the device factors;

基于登录设备和所述已封禁设备库中每一已封禁设备在各所述参考设备因子下的登录参数相似度,计算所述登录设备的被封禁评分。Based on the similarity of the login parameters between the login device and each banned device in the banned device library under each of the reference device factors, a banned score of the login device is calculated.

第二方面,本发明实施例提供了一种登录设备的封禁检测装置,该装置包括:In a second aspect, an embodiment of the present invention provides a blocking detection device for a login device, the device comprising:

参考因子筛选模块,用于基于已封禁设备库在每一设备因子下的登录浮动度,从各所述设备因子中筛选出对应的参考设备因子;A reference factor screening module, for screening corresponding reference device factors from each of the device factors based on the registration floating degree of the banned device library under each device factor;

封禁检测模块,用于基于登录设备和所述已封禁设备库中每一已封禁设备在各所述参考设备因子下的登录参数相似度,计算所述登录设备的被封禁评分。The ban detection module is used to calculate the ban score of the login device based on the similarity of the login parameters between the login device and each banned device in the banned device library under each reference device factor.

第三方面,本发明实施例提供了一种服务器,该服务器包括:In a third aspect, an embodiment of the present invention provides a server, the server comprising:

一个或多个处理器;one or more processors;

存储装置,用于存储一个或多个程序;A storage device for storing one or more programs;

当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现本发明任意实施例所述的登录设备的封禁检测方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the ban detection method for the login device described in any embodiment of the present invention.

第四方面,本发明实施例提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现本发明任意实施例所述的登录设备的封禁检测方法。In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the method for detecting a login device ban as described in any embodiment of the present invention.

本发明实施例提供的一种登录设备的封禁检测方法、装置、服务器和存储介质,由于已封禁设备库在每一设备因子下的登录浮动越大,说明该设备因子被篡改的可能性越大,也就是该设备因子对登录设备进行封禁检测的参考价值越低,因此基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出对应的参考设备因子,进而通过分析登录设备和该已封禁设备库中每一已封禁设备在各个参考设备因子下的登录参数相似度,来计算该登录设备的被封禁评分,从而准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,从而提高了登录设备面向封禁检测的准确性和封禁及时性。The embodiments of the present invention provide a method, apparatus, server and storage medium for detecting a login device being banned. Since the larger the login fluctuation of a banned device library under each device factor, the greater the possibility that the device factor has been tampered with, that is, the lower the reference value of the device factor for banning the login device, based on the login fluctuation of the banned device library under each device factor, the corresponding reference device factor can be screened out from all device factors, and then the ban score of the login device is calculated by analyzing the similarity of the login parameters between the login device and each banned device in the banned device library under each reference device factor, so as to accurately judge the possibility of whether the login device needs to be banned, ensure the reliability of the login device for ban detection, and do not need to ban each login device that uses multiple software, or cluster the login devices. On the basis of ensuring that the login device performs any normal operation, the lag of ban detection is avoided, thereby improving the accuracy of the login device for ban detection and the timeliness of the ban.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本发明的其它特征、目的和优点将会变得更明显:Other features, objects and advantages of the present invention will become more apparent from the detailed description of non-limiting embodiments made with reference to the following drawings:

图1A为本发明实施例一提供的一种登录设备的封禁检测方法的流程图;FIG1A is a flow chart of a method for detecting a blocking of a login device provided in Embodiment 1 of the present invention;

图1B为本发明实施例一提供的登录设备的封禁检测过程的原理示意图;FIG1B is a schematic diagram showing the principle of a blocking detection process of a login device provided in Embodiment 1 of the present invention;

图2A为本发明实施例二提供的一种登录设备的封禁检测方法的流程图;FIG2A is a flow chart of a method for detecting a blocking of a login device provided in a second embodiment of the present invention;

图2B为本发明实施例二提供的登录设备的封禁检测过程的原理示意图;FIG2B is a schematic diagram showing the principle of a blocking detection process of a login device provided in Embodiment 2 of the present invention;

图3A为本发明实施例三提供的一种登录设备的封禁检测方法的流程图;FIG3A is a flow chart of a method for detecting a blocking of a login device provided in Embodiment 3 of the present invention;

图3B为本发明实施例三提供的方法中每一设备因子下的登录浮动度和判断是否封禁时参考的预设封禁阈值的动态更新过程的原理示意图;3B is a schematic diagram showing the principle of the dynamic update process of the login floating degree under each device factor and the preset blocking threshold referenced when determining whether to block in the method provided in the third embodiment of the present invention;

图4为本发明实施例四提供的一种登录设备的封禁检测装置的结构示意图;FIG4 is a schematic diagram of the structure of a blocking detection device for a login device provided in a fourth embodiment of the present invention;

图5为本发明实施例五提供的一种服务器的结构示意图。FIG5 is a schematic diagram of the structure of a server provided in Embodiment 5 of the present invention.

具体实施方式Detailed ways

下面结合附图和实施例对本发明作进一步的详细说明。可以理解的是,此处所描述的具体实施例仅仅用于解释本发明,而非对本发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与本发明相关的部分而非全部结构。此外,在不冲突的情况下,本发明中的实施例及实施例中的特征可以相互组合。The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It is to be understood that the specific embodiments described herein are only used to explain the present invention, rather than to limit the present invention. It should also be noted that, for ease of description, only parts related to the present invention, rather than all structures, are shown in the accompanying drawings. In addition, the embodiments of the present invention and the features in the embodiments may be combined with each other without conflict.

实施例一Embodiment 1

图1A为本发明实施例一提供的一种登录设备的封禁检测方法的流程图,本实施例可适用于在任一种登录场景下检测本次的登录设备是否需要被封禁的情况中。本实施例提供的登录设备的封禁检测方法可以由本发明实施例提供的登录设备的封禁检测装置来执行,该装置可以通过软件和/或硬件的方式来实现,并集成在执行本方法的服务器中,该服务器可以是配置有用户账号注册和登录需求的各类应用程序的后台服务器。FIG1A is a flow chart of a method for detecting a ban on a login device provided in Embodiment 1 of the present invention. This embodiment can be applied to the case of detecting whether the current login device needs to be banned in any login scenario. The method for detecting a ban on a login device provided in this embodiment can be executed by a device for detecting a ban on a login device provided in an embodiment of the present invention. The device can be implemented in software and/or hardware and integrated in a server that executes this method. The server can be a background server of various applications configured with user account registration and login requirements.

具体的,参考图1A,该方法可以包括如下步骤:Specifically, referring to FIG. 1A , the method may include the following steps:

S110,基于已封禁设备库在每一设备因子下的登录浮动度,从各设备因子中筛选出对应的参考设备因子。S110, based on the registration floating degree of the banned device library under each device factor, a corresponding reference device factor is selected from each device factor.

具体的,为了限制网络黑产和恶意用户的违规行为,而避免在互联网领域内发布的各类违规内容的传播,用户在某一设备上注册或者登录某一应用程序的相应账号时,首先需要判断当前注册登录所采用的该设备是否属于已经被检测出来的已封禁设备,此时通常会将使用多开软件以对当前登录设备的标识信息进行更改的任一登录设备作为封禁设备,来禁止用户在该登录设备上执行任何账号相关操作,但是多开软件除了被网络黑产和恶意用户使用,来更改设备标识信息以绕过封禁检测之外,还会支持正常用户的使用,此时对所有使用多开软件的登录设备进行封禁的方式直接影响到正常用户的常规操作,无法保证登录设备的封禁准确性;或者,通过分析当前登录设备聚类后所属的类别是否为封禁设备类别,来判断当前登录设备是否封禁设备,但是聚类算法属于粗粒度的分类,无法确保登录设备的封禁准确性,而且采用聚类算法后的封禁设备分类存在一定的滞后性,无法保证登录设备封禁检测的及时性。因此,为了避免上述问题,本实施例提供了一种新的封禁检测方式,以在用户使用某个设备注册或登录相应账号时,不用限制用户在登录设备上使用多开软件时的操作,而保证用户在登录设备上执行各类正常操作的同时,还能够准确及时地检测出需要封禁的登录设备,而限制用户在该登录设备上执行任何账号相关操作。Specifically, in order to limit the illegal behaviors of network black industries and malicious users and avoid the spread of various illegal contents published in the Internet field, when a user registers or logs in to the corresponding account of a certain application on a certain device, it is first necessary to determine whether the device currently used for registration and login is a banned device that has been detected. At this time, any login device that uses multi-opening software to change the identification information of the current login device is usually regarded as a banned device to prohibit the user from performing any account-related operations on the login device. However, in addition to being used by network black industries and malicious users to change device identification information to bypass ban detection, multi-opening software also supports the use of normal users. At this time, the method of banning all login devices using multi-opening software directly affects the routine operations of normal users, and the accuracy of the ban on login devices cannot be guaranteed; or, by analyzing whether the category to which the current login device belongs after clustering is a banned device category, it is determined whether the current login device is a banned device, but the clustering algorithm belongs to a coarse-grained classification, and the accuracy of the ban on login devices cannot be ensured. Moreover, there is a certain lag in the classification of banned devices after the clustering algorithm is used, and the timeliness of the ban detection of login devices cannot be guaranteed. Therefore, in order to avoid the above problems, this embodiment provides a new ban detection method, so that when a user uses a device to register or log in to a corresponding account, there is no need to restrict the user's operations when using multiple software on the login device. While ensuring that the user performs various normal operations on the login device, it can also accurately and timely detect the login device that needs to be banned, and restrict the user from performing any account-related operations on the login device.

此时,由于网络黑产和恶意用户通常会使用多开软件更改登录设备的标识信息来绕过已经检测出的各个封禁设备的违规检测,而在某一设备的各类应用程序上登录相应的用户账号时,该用户账号会处于相应的设备环境里,也就是不同登录设备上的用户账号注册或登录,均会存在对应的设备自适应标识、互联网协议(Internet Protocol,IP)地址、介质访问控制(Media Access Control,MAC)地址、无线网络、客户端版本、操作系统、设备型号和屏幕分辨率等各类设备因子,此时可以理解的是,网络黑产和恶意用户在对某一登录设备上的不同设备因子下的登录参数进行更改时,由于不同设备因子的开发设计难度不同而导致不同设备因子下登录参数的篡改成本也不同,那么各个设备因子被篡改的难度也不同,也就是说设备的全部设备因子中总是会存在登录参数不容易被篡改的设备因子,因此本实施例可以将登录参数不容易被篡改的设备因子作为对登录设备进行封禁检测的参考设备因子,此时登录设备在参考设备因子下所采用的登录参数不容易被恶意篡改,也就更能够代表真实的设备信息,进而通过分别比对登录设备和各个已经检测出的封禁设备在每一参考设备因子下的登录参数之间的相似度,可以准确判断该登录设备是否需要被封禁的可能性,从而确保登录设备面向封禁检测的可靠性。At this time, since cybercriminals and malicious users usually use multiple software to change the identification information of the login device to bypass the violation detection of each banned device that has been detected, when logging in to the corresponding user account on various applications of a certain device, the user account will be in the corresponding device environment, that is, when registering or logging in to a user account on different login devices, there will be corresponding device adaptive identification, Internet Protocol (IP) address, Media Access Control (MAC) address, etc. Control, MAC) address, wireless network, client version, operating system, device model and screen resolution and other device factors. It can be understood that when network black industries and malicious users change the login parameters under different device factors on a login device, the tampering costs of login parameters under different device factors are different due to the different development and design difficulties of different device factors. Then the difficulty of tampering with each device factor is also different. That is to say, there will always be device factors whose login parameters are not easy to be tampered with among all the device factors of the device. Therefore, in this embodiment, the device factor whose login parameters are not easy to be tampered with can be used as a reference device factor for banning detection of the login device. At this time, the login parameters used by the login device under the reference device factor are not easy to be maliciously tampered with, and can better represent the real device information. Then, by comparing the similarity between the login parameters of the login device and each detected banned device under each reference device factor, it is possible to accurately determine whether the login device needs to be banned, thereby ensuring the reliability of the login device for ban detection.

需要说明的是,如果登录设备在某一设备因子下历史登录各种用户账号时所采用的登录参数发生不断变化,说明该设备因子下登录参数的被篡改难度较低,也就是该设备因子下的登录参数容易被篡改,因而不能作为登录设备封禁检测的参考设备因子。It should be noted that if the login parameters used by the login device to log in to various user accounts under a certain device factor are constantly changing, it means that the login parameters under the device factor are less difficult to tamper with, that is, the login parameters under the device factor are easy to tamper with, and therefore cannot be used as a reference device factor for login device ban detection.

在本实施例中,可以通过分析已经检测出的各个已封禁设备在每一设备因子下所采用的登录参数的浮动情况,来判断该设备因子的被篡改难度,此时本实施例中采用登录浮动度来表征各个设备上注册或登录用户账号时在每一设备因子下所采用的历史登录参数的浮动情况;同时,由于在登录设备上注册或登录用户账号时,首先会对该登录设备进行封禁检测,因此首先需要从全部设备因子中筛选出对封禁检测的参考价值较大的参考设备因子,以提高登录设备进行封禁检测的准确性,此时在已经封禁检测完成的已封禁设备库中,首先会查找出每一已封禁设备在执行任意账号相关操作而被检测出出需要被封禁时在每一设备因子下所采用的历史登录参数,然后通过分析各个已封禁设备在每一设备因子下所采用的历史登录参数的变化情况,来分别计算已封禁设备库在每一设备因子下的登录浮动度,此时如果已封禁设备库在某一设备因子下的登录浮动度越高,说明该设备因子下的登录参数越容易被恶意篡改,也就是该设备因子对于登录设备进行封禁检测的参考价值较低,而如果已封禁设备库在某一设备因子下的登录浮动度越低,说明该设备因子下的登录参数越不容易被恶意篡改,也就是该设备因子对于登录设备进行封禁检测的参考价值较高,因此通过已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出登录浮动度较低的部分设备因子,作为本实施例中的参考设备因子,此时登录设备在各个参考设备因子下所采用的登录参数不容易被恶意篡改,后续通过分析登录设备与已封禁设备中每一已封禁设备在各个参考设备因子下所采用的登录参数之间的相似度,可以准确判断该登录设备是否为已封禁设备库中的某个已封禁设备,从而准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性。In this embodiment, the difficulty of tampering with the device factor can be determined by analyzing the floating of the login parameters used by each banned device under each device factor. At this time, the login floating degree is used in this embodiment to characterize the floating of the historical login parameters used under each device factor when registering or logging in to a user account on each device. At the same time, since the login device will first be banned when registering or logging in to a user account on the login device, it is first necessary to screen out reference device factors with greater reference value for ban detection from all device factors to improve the accuracy of ban detection for the login device. At this time, in the banned device library that has completed the ban detection, the historical login parameters used by each banned device under each device factor when performing any account-related operation and being detected as needing to be banned will be found first. Then, by analyzing the changes in the historical login parameters used by each banned device under each device factor, the login floating degree of the banned device library under each device factor is calculated respectively. At this time, if the banned device library is in a certain The higher the login floating degree under a device factor, the easier it is for the login parameters under the device factor to be maliciously tampered with, that is, the reference value of the device factor for login device ban detection is lower. If the login floating degree of the banned device library under a certain device factor is lower, the login parameters under the device factor are less likely to be maliciously tampered with, that is, the reference value of the device factor for login device ban detection is higher. Therefore, through the login floating degree of the banned device library under each device factor, some device factors with lower login floating degrees can be screened out from all device factors as the reference device factors in this embodiment. At this time, the login parameters adopted by the login device under each reference device factor are not easy to be maliciously tampered with. Subsequently, by analyzing the similarity between the login device and the login parameters adopted by each banned device in the banned devices under each reference device factor, it is possible to accurately determine whether the login device is a banned device in the banned device library, thereby accurately determining the possibility that the login device needs to be banned, thereby ensuring the reliability of the login device for ban detection.

S120,基于登录设备和已封禁设备库中每一已封禁设备在各参考设备因子下的登录参数相似度,计算登录设备的被封禁评分。S120, calculating a banned score of the logged-in device based on the similarity of the login parameters of the logged-in device and each banned device in the banned device library under each reference device factor.

可选的,在登录设备上注册或登录用户账号,并从各个设备因子中筛选出对应的参考设备因子之后,为了确保登录设备面向封禁检测的可靠性,本实施例首先会查找出该登录设备在执行任意账号相关操作时在每一参考设备因子下所采用的登录参数,同时查找出已封禁设备库中的每一已封禁设备被封禁时在每一参考设备因子下所采用的登录参数,进而分别分析该登录设备与每一已封禁设备在各个参考设备因子下所采用的登录参数之间的相似度,来判断该登录设备是否已封禁设备库中的某一已封禁设备,如果该登录设备与某一已封禁设备在各个参考设备因子下所采用的登录参数之间的相似度较高,说明该登录设备与该已封禁设备极有可能为同一设备,此时按照该登录设备与某一已封禁设备为同一设备的可能性,可以计算出该登录设备的被封禁评分,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,后续采用该被封禁评分可以准确判断该登录设备当前是否需要被封禁,以禁止用户在该登录设备执行任何的账号相关操作。Optionally, after registering or logging in to a user account on the login device and selecting the corresponding reference device factor from each device factor, in order to ensure the reliability of the login device for ban detection, this embodiment first finds out the login parameters used by the login device under each reference device factor when performing any account-related operation, and at the same time finds out the login parameters used by each banned device in the banned device library under each reference device factor when it is banned, and then analyzes the similarity between the login device and the login parameters used by each banned device under each reference device factor, to determine whether the login device has banned a banned device in the device library. If the login device has banned a banned device in the device library, The similarity between the login parameters adopted by the recording device and a banned device under each reference device factor is high, indicating that the login device and the banned device are very likely to be the same device. At this time, according to the possibility that the login device and a banned device are the same device, the banned score of the login device can be calculated. There is no need to ban each login device that uses multiple software, or to cluster and ban login devices. On the basis of ensuring that the login device performs any normal operation, the lag of ban detection is avoided. The banned score can be used subsequently to accurately determine whether the login device currently needs to be banned, so as to prohibit the user from performing any account-related operations on the login device.

本实施例提供的技术方案,由于已封禁设备库在每一设备因子下的登录浮动越大,说明该设备因子被篡改的可能性越大,也就是该设备因子对登录设备进行封禁检测的参考价值越低,因此基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出对应的参考设备因子,进而通过分析登录设备和该已封禁设备库中每一已封禁设备在各个参考设备因子下的登录参数相似度,来计算该登录设备的被封禁评分,从而准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,从而提高了登录设备面向封禁检测的准确性和封禁及时性。The technical solution provided by this embodiment is that the larger the login float of the banned device library under each device factor, the greater the possibility that the device factor has been tampered with, that is, the lower the reference value of the device factor for ban detection of the login device. Therefore, based on the login float of the banned device library under each device factor, the corresponding reference device factor can be screened out from all device factors, and then the ban score of the login device is calculated by analyzing the similarity of the login parameters between the login device and each banned device in the banned device library under each reference device factor, so as to accurately judge the possibility of whether the login device needs to be banned, ensure the reliability of the login device for ban detection, and do not need to ban each login device that uses multiple software, or cluster ban the login devices. On the basis of ensuring that the login device performs any normal operation, the lag of ban detection is avoided, thereby improving the accuracy of the login device for ban detection and the timeliness of the ban.

实施例二Embodiment 2

图2A为本发明实施例二提供的一种登录设备的封禁检测方法的流程图,图2B为本发明实施例二提供的登录设备的封禁检测过程的原理示意图。本实施例是在上述实施例的基础上进行优化。具体的,如图2A所示,本实施例对于参考设备因子的具体筛选过程以及登录设备的被封禁评分的具体计算过程进行详细的解释说明。FIG2A is a flow chart of a method for detecting a login device ban provided in Embodiment 2 of the present invention, and FIG2B is a schematic diagram of the principle of the login device ban detection process provided in Embodiment 2 of the present invention. This embodiment is optimized on the basis of the above-mentioned embodiment. Specifically, as shown in FIG2A , this embodiment provides a detailed explanation of the specific screening process of the reference device factor and the specific calculation process of the login device ban score.

可选的,如图2A所示,本实施例中可以包括如下步骤:Optionally, as shown in FIG2A , this embodiment may include the following steps:

S210,针对每一设备因子,基于已封禁设备库在该设备因子下各历史登录参数的重复频次,计算已封禁设备库在该设备因子下的登录浮动度。S210 , for each device factor, based on the repetition frequency of each historical login parameter of the banned device library under the device factor, calculate the login floating degree of the banned device library under the device factor.

可选的,由于已封禁设备库中的各个已封禁设备被封禁时在每一设备因子下所采用的历史登录参数可能会不同,而登录浮动度可以表征已封禁设备库中各个已封禁设备在每一设备因子下所采用的历史登录参数的变化情况,因此本实施例在检测到登录设备需要执行任意账号相关操作(如注册或登录用户账号)时,首先会查找出每一已封禁设备被封禁时在在每一设备因子下所采用的历史登录参数,进而针对每一设备因子,分别计算出各个已封禁设备被封禁时在该设备因子下所采用的每一历史登录参数在已封禁设备库中不断出现的频次,作为本实施例中已封禁设备库在该设备因子下各历史登录参数的重复频次,此时如果某一设备因子下各个历史登录参数的重复频次均比较高,则说明已封禁设备库在该设备因子下所使用的历史登录参数比较稳定,使得已封禁设备库在该设备因子下的浮动较低,因此本实施例可以通过对已封禁设备库在每一设备因子下所采用的各历史登录参数的重复频次进行综合分析,从而计算出已封禁设备库在每一设备因子下的登录浮动度。Optionally, since the historical login parameters used by each banned device in the banned device library under each device factor when it is banned may be different, and the login fluctuation degree can characterize the change of the historical login parameters used by each banned device in the banned device library under each device factor, when this embodiment detects that the login device needs to perform any account-related operation (such as registering or logging in to a user account), it will first find out the historical login parameters used by each banned device under each device factor when it is banned, and then for each device factor, calculate the historical login parameters used by each banned device under the device factor when it is banned. The frequency with which each historical login parameter appears continuously in the banned device library is taken as the repetition frequency of each historical login parameter of the banned device library under the device factor in this embodiment. If the repetition frequency of each historical login parameter under a certain device factor is relatively high, it means that the historical login parameters used by the banned device library under the device factor are relatively stable, so that the floating of the banned device library under the device factor is relatively low. Therefore, this embodiment can calculate the login floating degree of the banned device library under each device factor by comprehensively analyzing the repetition frequency of each historical login parameter used by the banned device library under each device factor.

示例性的,由于信息熵能够准确度量一个系统中信息的有序化程度,系统中信息越是有序,信息熵越低,而系统中信息越是混乱,信息熵越高,因此如图2B所示,本实施例可以通过信息熵来表示已封禁设备在各个设备因子下的登录浮动度,此时针对每一设备因子,基于已封禁设备库在该设备因子下各历史登录参数的重复频次,计算已封禁设备库在该设备因子下的登录浮动度,可以具体包括:对已封禁设备库在每一设备因子下各历史登录参数的重复频次进行熵运算,得到已封禁设备库在该设备因子下的登录浮动度。Exemplarily, since information entropy can accurately measure the degree of order of information in a system, the more ordered the information in the system is, the lower the information entropy is, and the more chaotic the information in the system is, the higher the information entropy is. Therefore, as shown in FIG2B , this embodiment can use information entropy to represent the login floating degree of the banned device under each device factor. At this time, for each device factor, based on the repetition frequency of each historical login parameter of the banned device library under the device factor, the login floating degree of the banned device library under the device factor is calculated. This can specifically include: performing entropy operation on the repetition frequency of each historical login parameter of the banned device library under each device factor to obtain the login floating degree of the banned device library under the device factor.

具体的,在查找出已封禁设备库在每一设备因子下所采用的历史登录参数,并确定出已封禁设备库在每一设备因子下各历史登录参数的重复频次之后,可以对已封禁设备库在每一设备因子下所采用的各个历史登录参数的重复频次进行熵运算,该熵运算公式为:其中,xi为已封禁设备库在每一设备因子下所采用的第i个历史登录参数,p(xi)为已封禁设备库在每一设备因子下的第i个历史登录参数的重复频次下对应的频率;进而将已封禁设备库在每一设备因子下所采用的各个历史登录参数的重复频次进行熵运算的运算结果作为已封禁设备库在该设备因子下的登录浮动度;按照上述熵运算过程,可以得到已封禁设备库在每一设备因子下的登录浮动度。Specifically, after finding out the historical login parameters used by the banned device library under each device factor and determining the repetition frequency of each historical login parameter used by the banned device library under each device factor, entropy calculation can be performed on the repetition frequency of each historical login parameter used by the banned device library under each device factor. The entropy calculation formula is: Among them, xi is the i-th historical login parameter adopted by the banned device library under each device factor, and p( xi ) is the frequency corresponding to the repetition frequency of the i-th historical login parameter of the banned device library under each device factor; then, the repetition frequency of each historical login parameter adopted by the banned device library under each device factor is subjected to entropy operation, and the result of the operation is taken as the login floating degree of the banned device library under the device factor; according to the above entropy operation process, the login floating degree of the banned device library under each device factor can be obtained.

S220,基于已封禁设备库在每一设备因子下的登录浮动度,确定各设备因子的封禁参考置信度,并筛选出封禁参考置信度符合指定封禁检测规格的设备因子,作为参考设备因子。S220, based on the login fluctuation of the banned device library under each device factor, determine the ban reference confidence of each device factor, and screen out the device factors whose ban reference confidence meets the specified ban detection specifications as reference device factors.

可选的,在计算出已封禁设备库在每一设备因子下的登录浮动度之后,由于登录浮动度与设备因子对于封禁检测的参考价值成反比,因此本实施例可以基于已封禁设备库在每一设备因子下的登录浮动度对于封禁检测的参考价值的反向影响程度,来确定各个设备因子的封禁参考置信度,该封禁参考置信度能够准确表征某一设备因子作为参考设备因子来对登录设备进行封禁检测的可信程度,此时为了准确筛选相应数量的参考设备因子,本实施例会预先设置对应的指定封禁检测规格,该指定封禁检测规格可以为参考设备因子的数量,进而按照各个设备因子的封禁参考置信度,来筛选出符合该指定封禁检测规格的多个设备因子,作为本实施例中的参考设备因子,例如可以采用TopK算法从全部设备因子中筛选出封禁参考置信度为前K项的设备因子,作为对应的参考设备因子。此外,本实施例中也可以将较低登录浮动度下符合该指定封禁检测规格的多个设备因子,作为本实施例中的参考设备因子,而无需计算各个设备因子的封禁参考置信度,从而减少参考设备因子的筛选步骤。Optionally, after calculating the login float of the banned device library under each device factor, since the login float is inversely proportional to the reference value of the device factor for ban detection, this embodiment can determine the ban reference confidence of each device factor based on the degree of reverse influence of the login float of the banned device library under each device factor on the reference value of ban detection. The ban reference confidence can accurately characterize the degree of credibility of a certain device factor as a reference device factor for ban detection of login devices. At this time, in order to accurately screen the corresponding number of reference device factors, this embodiment will pre-set the corresponding specified ban detection specification, which can be the number of reference device factors, and then according to the ban reference confidence of each device factor, multiple device factors that meet the specified ban detection specification are screened out as the reference device factors in this embodiment. For example, the TopK algorithm can be used to screen out device factors with the top K ban reference confidences from all device factors as the corresponding reference device factors. In addition, in this embodiment, multiple device factors that meet the specified ban detection specifications under lower login fluctuations can also be used as reference device factors in this embodiment, without calculating the ban reference confidence of each device factor, thereby reducing the screening steps of reference device factors.

S230,针对已封禁设备库中的每一已封禁设备,基于登录设备和该已封禁设备在各参考设备因子下的登录参数,计算登录设备和该已封禁设备之间的封禁相似度。S230, for each banned device in the banned device library, based on the login parameters of the login device and the banned device under each reference device factor, calculate the ban similarity between the login device and the banned device.

可选的,在筛选出对应的参考设备因子之后,可以针对已封禁设备库中的每一已封禁设备,分别查找出该登录设备执行任意的账号相关操作时在每一参考设备因子下所采用的登录参数,以及该已封禁设备被封禁时在每一参考设备因子下所采用的登录参数,然后由分别确定出每一参考设备因子下所采用的登录参数组成的该登录设备和该已封禁设备的设备特征,进而采用相应的相似度算法分析该登录设备和该已封禁设备在每一参考设备因子下所采用的登录参数之间的相似度,并对每一参考设备因子下的登录参数相似度进行综合分析,计算出登录设备和该已封禁设备之间的封禁相似度;此时通过执行上述步骤,可以分别计算出登录设备和每一已封禁设备之间的封禁相似度。Optionally, after screening out the corresponding reference device factors, for each banned device in the banned device library, the login parameters used under each reference device factor when the login device performs any account-related operation, as well as the login parameters used under each reference device factor when the banned device is banned, can be found out respectively. Then, the device characteristics of the login device and the banned device composed of the login parameters used under each reference device factor are determined respectively. Then, the similarity between the login parameters used by the login device and the banned device under each reference device factor is analyzed using the corresponding similarity algorithm. The login parameter similarity under each reference device factor is comprehensively analyzed to calculate the banning similarity between the login device and the banned device. At this time, by executing the above steps, the banning similarity between the login device and each banned device can be calculated respectively.

需要说明的是,对于所采用的相似度算法不作限定,而本实施例中登录设备和每一已封禁设备之间的封禁相似度可以采用杰卡德距离与相似度之间的反向影响来计算,通过杰卡德距离计算登录设备与已封禁设备的设备距离(也就是登录设备与已封禁设备之间的相异度),与封禁相似度之间存在反向影响的关系,此时采用杰卡德距离所计算出的登录设备和某一已封禁设备之间的设备距离越大,那么登录设备和该已封禁设备之间的封禁相似度越小。例如,如果参考设备因子为(serial,iid,uuid,eid,mac,aid),而登录设备在每一参考设备因子下所采用的登录参数为A=(efd313432,a3bedbd,4cc33ea,78c5b4a,01:01:01:01:01:01,e683acb),某一已封禁设备在每一参考设备因子下所采用的登录参数为B=(ABCDFG,a3bedbd,4cc33ea,78c5b4a,02:02:02:02:02:02,c4aabcd5673),那么登录设备和该已封禁设备之间的封禁相似度可以为此时|A∪B|为9,|A∩B|为3,因此登录设备和该已封禁设备之间的设备距离为2/3,所对应的封禁相似度为1/3。It should be noted that there is no limitation on the similarity algorithm adopted, and the ban similarity between the login device and each banned device in this embodiment can be calculated by using the inverse influence between the Jaccard distance and the similarity. The device distance between the login device and the banned device (that is, the difference between the login device and the banned device) is calculated by the Jaccard distance, which has an inverse influence relationship with the ban similarity. At this time, the larger the device distance between the login device and a banned device calculated by the Jaccard distance, the smaller the ban similarity between the login device and the banned device. For example, if the reference device factors are (serial, iid, uuid, eid, mac, aid), and the login parameters used by the login device under each reference device factor are A = (efd313432, a3bedbd, 4cc33ea, 78c5b4a, 01:01:01:01:01:01, e683acb), and the login parameters used by a banned device under each reference device factor are B = (ABCDFG, a3bedbd, 4cc33ea, 78c5b4a, 02:02:02:02:02:02, c4aabcd5673), then the ban similarity between the login device and the banned device can be At this time, |A∪B| is 9, |A∩B| is 3, so the device distance between the login device and the banned device is 2/3, and the corresponding ban similarity is 1/3.

S240,将登录设备和每一已封禁设备之间的封禁相似度中的最大相似度,作为登录设备的被封禁评分。S240: Using the maximum similarity among the blocking similarities between the login device and each banned device as the blocking score of the login device.

可选的,如果登录设备和已封禁设备库中任意一个已封禁设备之间相似,那么说明该登录设备需要被封禁,此时只需要判断登录设备和每一已封禁设备之间的封禁相似度中的最大相似度是否达到预设相似阈值即可,如果登录设备和每一已封禁设备之间的封禁相似度中的最大相似度也低于该预设相似阈值,说明该登录设备和每一已封禁设备均不相似,因此本实施例中可以将登录设备和每一已封禁设备之间的封禁相似度中的最大相似度,作为登录设备的被封禁评分,此时如果最大相似度表示该登录设备于某一已封禁设备之间相似,那么则可以准确确定该登录设备需要被封禁,从而提高通过登录设备的被封禁评分来判定该登录设备是否需要被封禁的全面性。Optionally, if the login device is similar to any banned device in the banned device library, then it means that the login device needs to be banned. At this time, it is only necessary to determine whether the maximum similarity in the banning similarity between the login device and each banned device reaches a preset similarity threshold. If the maximum similarity in the banning similarity between the login device and each banned device is also lower than the preset similarity threshold, it means that the login device and each banned device are not similar. Therefore, in this embodiment, the maximum similarity in the banning similarity between the login device and each banned device can be used as the banned score of the login device. At this time, if the maximum similarity indicates that the login device is similar to a banned device, then it can be accurately determined that the login device needs to be banned, thereby improving the comprehensiveness of determining whether the login device needs to be banned by the banned score of the login device.

本实施例提供的技术方案,通过熵运算来计算已封禁设备库在每一设备因子下的登录浮动度,能够确保每一设备因子下的登录浮动度的准确性,进而基于已封禁设备库在每一设备因子下的登录浮动度,筛选出符合指定封禁检测规格的设备因子,作为参考设备因子,确保参考设备因子的可靠性;后续通过分析登录设备和该已封禁设备库中每一已封禁设备在各个参考设备因子下的登录参数相似度,来计算该登录设备的被封禁评分,从而准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,从而提高了登录设备面向封禁检测的准确性和封禁及时性。The technical solution provided in this embodiment calculates the login floating degree of the banned device library under each device factor through entropy operation, which can ensure the accuracy of the login floating degree under each device factor, and then screen out the device factors that meet the specified ban detection specifications based on the login floating degree of the banned device library under each device factor, as the reference device factors, to ensure the reliability of the reference device factors; subsequently, by analyzing the similarity of login parameters between the login device and each banned device in the banned device library under each reference device factor, the ban score of the login device is calculated, so as to accurately judge the possibility of whether the login device needs to be banned, and ensure the reliability of the login device for ban detection. There is no need to ban each login device that uses multiple software, or to cluster and ban the login devices. On the basis of ensuring that the login device performs any normal operation, the lag of ban detection is avoided, thereby improving the accuracy of the login device for ban detection and the timeliness of the ban.

实施例三Embodiment 3

图3A为本发明实施例三提供的一种登录设备的封禁检测方法的流程图,图3B为本发明实施例三提供的方法中每一设备因子下的登录浮动度和判断是否封禁时参考的预设封禁阈值的动态更新过程的原理示意图。本实施例是在上述实施例的基础上进行优化。具体的,如图3A所示,本实施例主要对于根据登录设备的被封禁评分判断是否封禁该登录设备时参考的预设封禁阈值以及由于已封禁设备库的变化而使每一设备因子下的登录浮动度发生变化时登录浮动度的动态更新过程进行详细的解释说明。Figure 3A is a flow chart of a method for detecting a ban on a login device provided in the third embodiment of the present invention, and Figure 3B is a schematic diagram of the principle of the dynamic update process of the login float under each device factor and the preset ban threshold referenced when judging whether to ban in the method provided in the third embodiment of the present invention. This embodiment is optimized on the basis of the above-mentioned embodiment. Specifically, as shown in Figure 3A, this embodiment mainly explains in detail the preset ban threshold referenced when judging whether to ban the login device based on the banned score of the login device, and the dynamic update process of the login float when the login float under each device factor changes due to changes in the banned device library.

可选的,如图3A所示,本实施例中可以包括如下步骤:Optionally, as shown in FIG3A , this embodiment may include the following steps:

S310,基于已封禁设备库在每一设备因子下的登录浮动度,从各设备因子中筛选出对应的参考设备因子。S310: based on the registration floating degree of the banned device library under each device factor, select corresponding reference device factors from each device factor.

S320,基于登录设备和已封禁设备库中每一已封禁设备在各参考设备因子下的登录参数相似度,计算登录设备的被封禁评分。S320, calculating a banned score of the logged-in device based on the similarity of the login parameters of the logged-in device and each banned device in the banned device library under each reference device factor.

S330,基于完成封禁检测的目标登录设备集合下的封禁准确率和封禁召回率,确定对应的预设封禁阈值。S330: Determine a corresponding preset blocking threshold based on the blocking accuracy rate and blocking recall rate of the target login device set that has completed the blocking detection.

可选的,为了确保登录设备面向封禁检测的准确性,本实施例可以通过分析采用本实施例中提供的封禁检测方式来判断各个登录设备是否需要被封禁的准确性和召回率,来动态更新对应的预设封禁阈值,此时在对每一登录设备进行封禁检测之后,无论封禁检测结果如何,均可以将采用本实施例提供的封禁检测方式来判断是否需要被封禁的每一登录设备的封禁结果添加到对应的目标登录设备集合中,此时该目标登录设备集合中的各个登录设备均已经完成封禁检测,存在需要封禁的登录设备,也存在不需要封禁的登录设备,因此可以通过判断该目标登录设备集合中每一登录设备的封禁检测具体结果和真实封禁结果,在登录设备的封禁检测过程中,不断计算出对应的封禁准确率和封禁召回率,进而将该封禁准确率和该封禁召回率作为预设封禁阈值的评价指标,来动态更新对应的预设封禁阈值,此时该预设封禁阈值可以表示能够准确区分需要被封禁的登录设备时的评分节点。Optionally, in order to ensure the accuracy of the ban detection of the login device, the present embodiment can dynamically update the corresponding preset ban threshold by analyzing the accuracy and recall rate of determining whether each login device needs to be banned by the ban detection method provided in the present embodiment. At this time, after performing ban detection on each login device, regardless of the ban detection result, the ban result of each login device determined whether it needs to be banned by the ban detection method provided in the present embodiment can be added to the corresponding target login device set. At this time, each login device in the target login device set has completed the ban detection. There are login devices that need to be banned, and there are login devices that do not need to be banned. Therefore, by determining the specific ban detection result and the actual ban result of each login device in the target login device set, the corresponding ban accuracy rate and ban recall rate can be continuously calculated during the ban detection process of the login device, and then the ban accuracy rate and the ban recall rate can be used as evaluation indicators of the preset ban threshold to dynamically update the corresponding preset ban threshold. At this time, the preset ban threshold can represent a scoring node that can accurately distinguish login devices that need to be banned.

示例性的,该封禁准确率的计算公式可以为:其中,TP为目标登录设备集合内将需要被封禁的登录设备预测为需要被封禁的设备数量,FP为目标登录设备集合内将不需要被封禁的登录设备预测为需要被封禁的设备数量;而该封禁召回率的计算公式可以为:其中,FN为目标登录设备集合内将需要被封禁的登录设备预测为不需要被封禁的设备数量。Exemplarily, the calculation formula of the ban accuracy rate may be: Among them, TP is the number of login devices that need to be banned in the target login device set, and FP is the number of login devices that do not need to be banned in the target login device set. The calculation formula of the ban recall rate can be: Among them, FN is the number of login devices in the target login device set that are predicted to not need to be banned.

此时,可以将封禁准确率达到相应准确性要求,且封禁召回率达到相应的召回要求下对应的登录设备的被封禁评分作为当前的预设封禁阈值,例如本实施例对于封禁准确率要求较高,而对于封禁召回率要求能够达到某一范围即可,因此可以将目标登录设备集合下封禁召回率达到某一召回范围的要求时的多个登录设备中,封禁准确率最高时的该登录设备的被封禁评分作为当前的预设封禁阈值,此时该预设封禁阈值能够在保证相对高的封禁召回的基础上,使封禁检测的准确性达到最高。At this time, the banned score of the corresponding login device when the ban accuracy reaches the corresponding accuracy requirement and the ban recall rate reaches the corresponding recall requirement can be used as the current preset ban threshold. For example, the present embodiment has a higher requirement for the ban accuracy, but the ban recall rate requirement can reach a certain range. Therefore, among the multiple login devices when the ban recall rate under the target login device set reaches a certain recall range, the banned score of the login device with the highest ban accuracy can be used as the current preset ban threshold. At this time, the preset ban threshold can ensure the highest accuracy of ban detection on the basis of ensuring a relatively high ban recall.

S340,如果登录设备的被封禁评分超出预设封禁阈值,则对登录设备进行封禁。S340: If the ban score of the login device exceeds a preset ban threshold, the login device is banned.

可选的,在计算出登录设备的被封禁评分之后,可以通过比对该登录设备的被封禁评分与预设封禁阈值之间的大小,来判断该登录设备是否需要被封禁,如果登录设备的被封禁评分超出该预设封禁阈值,则说明该登录设备极有可能需要被封禁,因此可以对该登录设备进行封禁,以避免各个用户在该登录设备上执行任何的账号相关操作,从而降低违规内容的广泛传播,提高正常用户浏览信息的安全健康性。Optionally, after calculating the banned score of the login device, you can determine whether the login device needs to be banned by comparing the banned score of the login device with the preset banned threshold. If the banned score of the login device exceeds the preset banned threshold, it means that the login device is very likely to be banned. Therefore, the login device can be banned to prevent users from performing any account-related operations on the login device, thereby reducing the widespread dissemination of illegal content and improving the safety and health of normal users' browsing of information.

S350,将完成封禁的登录设备添加至已封禁设备库中,并更新已封禁设备库在每一设备因子下的登录浮动度。S350, adding the banned login device to the banned device library, and updating the login floating degree of the banned device library under each device factor.

可选的,在对登录设备进行封禁之后,可以直接将该登录设备作为已封禁设备,添加至已封禁设备库中,以便后续基于已封禁设备库在每一设备因子下的登录浮动度,来准确筛选出对应的参考设备因子,此时由于不断对登录设备进行封禁检测之后,会使已封禁设备库发生动态变化,那么已封禁设备库在每一设备因子下的登录浮动度也会随着发生动态变化,因此本实施例在将完成封禁的登录设备添加至已封禁设备库中,还需要采用与上述实施例中提供的对已封禁设备库在每一设备因子下的登录浮动度进行计算时的相同方式,来重新计算已封禁设备库在每一设备因子下的登录浮动度,以对每一设备因子下的登录浮动度进行动态更新,从而提高参考设备因子的筛选准确性。Optionally, after banning the login device, the login device can be directly added to the banned device library as a banned device, so that the corresponding reference device factors can be accurately screened out based on the login floating degree of the banned device library under each device factor. At this time, due to the continuous ban detection of the login device, the banned device library will change dynamically, and the login floating degree of the banned device library under each device factor will also change dynamically. Therefore, when adding the banned login device to the banned device library, this embodiment also needs to adopt the same method as provided in the above embodiment for calculating the login floating degree of the banned device library under each device factor to recalculate the login floating degree of the banned device library under each device factor, so as to dynamically update the login floating degree under each device factor, thereby improving the screening accuracy of the reference device factor.

本实施例提供的技术方案,基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出对应的参考设备因子,进而通过分析登录设备和该已封禁设备库中每一已封禁设备在各个参考设备因子下的登录参数相似度,来计算该登录设备的被封禁评分,从而准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,从而提高了登录设备面向封禁检测的准确性和封禁及时性;同时,参考完成封禁检测的目标登录设备集合下的封禁准确率和封禁召回率,动态更新对应的预设封禁阈值,进一步确保登录设备面向封禁检测的准确性,同时将完成封禁的登录设备不断添加至已封禁设备库中,并动态更新已封禁设备库在每一设备因子下的登录浮动度,进一步提高参考设备因子的筛选准确性。The technical solution provided in this embodiment can screen out corresponding reference device factors from all device factors based on the login float of the banned device library under each device factor, and then calculate the banned score of the login device by analyzing the login parameter similarity between the login device and each banned device in the banned device library under each reference device factor, so as to accurately judge whether the login device needs to be banned, and ensure the reliability of the login device for ban detection. There is no need to ban each login device that uses multiple software, or to cluster and ban login devices. On the basis of ensuring that the login device performs any normal operation, the lag of ban detection is avoided, thereby improving the accuracy and timeliness of ban detection for the login device. At the same time, with reference to the ban accuracy and ban recall rate under the target login device set that has completed the ban detection, the corresponding preset ban threshold is dynamically updated to further ensure the accuracy of the login device for ban detection, and at the same time, the banned login devices are continuously added to the banned device library, and the login float of the banned device library under each device factor is dynamically updated to further improve the screening accuracy of the reference device factor.

实施例四Embodiment 4

图4为本发明实施例四提供的一种登录设备的封禁检测装置的结构示意图,具体的,如图4所示,该装置可以包括:FIG4 is a schematic diagram of the structure of a blocking detection device for a login device provided in a fourth embodiment of the present invention. Specifically, as shown in FIG4 , the device may include:

参考因子筛选模块410,用于基于已封禁设备库在每一设备因子下的登录浮动度,从各所述设备因子中筛选出对应的参考设备因子;A reference factor screening module 410 is used to screen corresponding reference device factors from each device factor based on the registration floating degree of the banned device library under each device factor;

封禁检测模块420,用于基于登录设备和所述已封禁设备库中每一已封禁设备在各所述参考设备因子下的登录参数相似度,计算所述登录设备的被封禁评分。The ban detection module 420 is used to calculate the ban score of the login device based on the similarity of the login parameters between the login device and each banned device in the banned device library under each reference device factor.

本实施例提供的技术方案,由于已封禁设备库在每一设备因子下的登录浮动越大,说明该设备因子被篡改的可能性越大,也就是该设备因子对登录设备进行封禁检测的参考价值越低,因此基于已封禁设备库在每一设备因子下的登录浮动度,可以从全部设备因子中筛选出对应的参考设备因子,进而通过分析登录设备和该已封禁设备库中每一已封禁设备在各个参考设备因子下的登录参数相似度,来计算该登录设备的被封禁评分,从而准确判断该登录设备是否需要被封禁的可能性,确保登录设备面向封禁检测的可靠性,无需对每一使用多开软件的登录设备进行封禁,或者对登录设备进行聚类封禁,在保证登录设备执行任何正常操作的基础上,避免封禁检测的滞后性,从而提高了登录设备面向封禁检测的准确性和封禁及时性。The technical solution provided by this embodiment is that the larger the login float of the banned device library under each device factor, the greater the possibility that the device factor has been tampered with, that is, the lower the reference value of the device factor for ban detection of the login device. Therefore, based on the login float of the banned device library under each device factor, the corresponding reference device factor can be screened out from all device factors, and then the ban score of the login device is calculated by analyzing the similarity of the login parameters between the login device and each banned device in the banned device library under each reference device factor, so as to accurately judge the possibility of whether the login device needs to be banned, ensure the reliability of the login device for ban detection, and do not need to ban each login device that uses multiple software, or cluster ban the login devices. On the basis of ensuring that the login device performs any normal operation, the lag of ban detection is avoided, thereby improving the accuracy of the login device for ban detection and the timeliness of the ban.

本实施例提供的登录设备的封禁检测装置可适用于上述任意实施例提供的登录设备的封禁检测方法,具备相应的功能和有益效果。The ban detection device for a login device provided in this embodiment can be applied to the ban detection method for a login device provided in any of the above embodiments, and has corresponding functions and beneficial effects.

实施例五Embodiment 5

图5为本发明实施例五提供的一种服务器的结构示意图,如图5所示,该服务器包括处理器50、存储装置51和通信装置52;服务器中处理器50的数量可以是一个或多个,图5中以一个处理器50为例;服务器中的处理器50、存储装置51和通信装置52可以通过总线或其他方式连接,图5中以通过总线连接为例。Figure 5 is a schematic diagram of the structure of a server provided in Embodiment 5 of the present invention. As shown in Figure 5, the server includes a processor 50, a storage device 51 and a communication device 52. The number of processors 50 in the server may be one or more, and Figure 5 takes one processor 50 as an example. The processor 50, storage device 51 and communication device 52 in the server may be connected via a bus or other means, and Figure 5 takes connection via a bus as an example.

本实施例提供的一种服务器可用于执行上述任意实施例提供的登录设备的封禁检测方法,具备相应的功能和有益效果。A server provided in this embodiment can be used to execute the ban detection method for a login device provided in any of the above embodiments, and has corresponding functions and beneficial effects.

实施例六Embodiment 6

本发明实施例六还提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时可实现上述任意实施例中的登录设备的封禁检测方法。该方法具体可以包括:Embodiment 6 of the present invention further provides a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the method for detecting a login device being blocked in any of the above embodiments can be implemented. The method may specifically include:

基于已封禁设备库在每一设备因子下的登录浮动度,从各所述设备因子中筛选出对应的参考设备因子;Based on the registration fluctuation of the banned device library under each device factor, a corresponding reference device factor is selected from each of the device factors;

基于登录设备和所述已封禁设备库中每一已封禁设备在各所述参考设备因子下的登录参数相似度,计算所述登录设备的被封禁评分。Based on the similarity of the login parameters between the login device and each banned device in the banned device library under each of the reference device factors, a banned score of the login device is calculated.

当然,本发明实施例所提供的一种包含计算机可执行指令的存储介质,其计算机可执行指令不限于如上所述的方法操作,还可以执行本发明任意实施例所提供的登录设备的封禁检测方法中的相关操作。Of course, the storage medium containing computer executable instructions provided by an embodiment of the present invention is not limited to the method operations described above, and can also execute related operations in the ban detection method of the login device provided by any embodiment of the present invention.

通过以上关于实施方式的描述,所属领域的技术人员可以清楚地了解到,本发明可借助软件及必需的通用硬件来实现,当然也可以通过硬件实现,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如计算机的软盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(RandomAccess Memory,RAM)、闪存(FLASH)、硬盘或光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the above description of the implementation methods, the technicians in the relevant field can clearly understand that the present invention can be implemented by means of software and necessary general hardware, and of course it can also be implemented by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, such as a computer floppy disk, read-only memory (ROM), random access memory (RAM), flash memory (FLASH), hard disk or optical disk, etc., including a number of instructions for a computer device (which can be a personal computer, server, or network device, etc.) to execute the methods described in each embodiment of the present invention.

值得注意的是,上述登录设备的封禁检测装置的实施例中,所包括的各个单元和模块只是按照功能逻辑进行划分的,但并不局限于上述的划分,只要能够实现相应的功能即可;另外,各功能单元的具体名称也只是为了便于相互区分,并不用于限制本发明的保护范围。It is worth noting that in the embodiment of the ban detection device of the above-mentioned login device, the various units and modules included are only divided according to functional logic, but are not limited to the above-mentioned division, as long as the corresponding functions can be achieved; in addition, the specific names of the functional units are only for the convenience of distinguishing each other, and are not used to limit the scope of protection of the present invention.

以上所述仅为本发明的优选实施例,并不用于限制本发明,对于本领域技术人员而言,本发明可以有各种改动和变化。凡在本发明的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and variations. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection scope of the present invention.

Claims (10)

1. A seal detection method for a login device, comprising:
screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the blocked equipment library under each equipment factor; the reference device factor is a device factor with login parameters not easy to tamper;
calculating a blocked score of the login device based on the similarity of login parameters of the login device and each blocked device in the blocked device library under each reference device factor;
The calculating the blocked score of the login device based on the similarity of login parameters of each blocked device in the login device and the blocked device library under the reference device factors comprises the following steps:
Calculating, for each blocked device in the blocked device library, a blocking similarity between the login device and the blocked device based on login parameters of the login device and the blocked device under the reference device factors;
Taking the maximum similarity in the blocking similarity between the login device and each blocked device as a blocked score of the login device;
the screening the corresponding reference device factors from the device factors based on the login floating degree of the blocked device library under each device factor comprises the following steps:
Determining the blocking reference confidence coefficient of each equipment factor based on the login floating degree of the blocked equipment library under each equipment factor, and screening out the equipment factors with the blocking reference confidence coefficient meeting the specified blocking detection specification as the reference equipment factors; the seal reference confidence is used for representing the credibility of a certain device factor serving as a reference device factor for seal detection of the login device.
2. The method of claim 1, wherein the blocking similarity is calculated using a reverse effect between a jaccard distance and similarity.
3. The method of claim 1, further comprising, prior to screening out corresponding reference device factors from the device factors based on a degree of login float of the blocked device library at each device factor:
and calculating the login floating degree of the blocked equipment library under the equipment factors based on the repeated frequency of each historical login parameter of the blocked equipment library under the equipment factors aiming at each equipment factor.
4. The method of claim 3, wherein calculating the degree of logging float of the blocked device library under the device factor based on the repetition frequency of each historical logging parameter of the blocked device library under the device factor comprises:
And performing entropy operation on the repeated frequency of each historical login parameter of the blocked equipment library under each equipment factor to obtain the login floating degree of the blocked equipment library under the equipment factor.
5. The method of any of claims 1-4, further comprising, after calculating the blocked score for the login device:
and if the blocked score of the login equipment exceeds a preset blocking threshold, blocking the login equipment.
6. The method of claim 5, further comprising, after blocking the login device:
Adding the login equipment with the completion of blocking into the blocked equipment library, and updating the login floating degree of the blocked equipment library under each equipment factor.
7. The method as recited in claim 5, further comprising:
And determining a corresponding preset blocking threshold based on the blocking accuracy and the blocking recall rate of the target login equipment set with the blocking detection completed.
8. A seal detection device for a login device, comprising:
The reference factor screening module is used for screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the blocked equipment library under each equipment factor; the reference device factor is a device factor with login parameters not easy to tamper;
The blocking detection module is used for calculating a blocked score of the login equipment based on the similarity of login parameters of the login equipment and each blocked equipment in the blocked equipment library under the factors of the reference equipment;
the seal detection module is specifically configured to:
Calculating, for each blocked device in the blocked device library, a blocking similarity between the login device and the blocked device based on login parameters of the login device and the blocked device under the reference device factors;
Taking the maximum similarity in the blocking similarity between the login device and each blocked device as a blocked score of the login device;
the reference factor screening module is specifically configured to:
Determining the blocking reference confidence coefficient of each equipment factor based on the login floating degree of the blocked equipment library under each equipment factor, and screening out the equipment factors with the blocking reference confidence coefficient meeting the specified blocking detection specification as the reference equipment factors; the seal reference confidence is used for representing the credibility of a certain device factor serving as a reference device factor for seal detection of the login device.
9. A server, the server comprising:
one or more processors;
a storage means for storing one or more programs;
When the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the method of tamper detection of a login device according to any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements a method for detecting the disablement of a login device according to any one of claims 1 to 7.
CN202010872545.7A 2020-08-26 2020-08-26 A method, device, server and storage medium for detecting a blocking of a login device Active CN112016078B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010872545.7A CN112016078B (en) 2020-08-26 2020-08-26 A method, device, server and storage medium for detecting a blocking of a login device
PCT/CN2021/109010 WO2022042194A1 (en) 2020-08-26 2021-07-28 Block detection method and apparatus for login device, server, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010872545.7A CN112016078B (en) 2020-08-26 2020-08-26 A method, device, server and storage medium for detecting a blocking of a login device

Publications (2)

Publication Number Publication Date
CN112016078A CN112016078A (en) 2020-12-01
CN112016078B true CN112016078B (en) 2024-08-06

Family

ID=73502242

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010872545.7A Active CN112016078B (en) 2020-08-26 2020-08-26 A method, device, server and storage medium for detecting a blocking of a login device

Country Status (2)

Country Link
CN (1) CN112016078B (en)
WO (1) WO2022042194A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016078B (en) * 2020-08-26 2024-08-06 广州市百果园信息技术有限公司 A method, device, server and storage medium for detecting a blocking of a login device
CN113591898B (en) * 2021-06-04 2024-01-02 广州三七极创网络科技有限公司 Method and device for classifying accounts in game and electronic equipment
CN115361200B (en) * 2022-08-17 2025-01-24 中国建设银行股份有限公司 Blocking method and device, storage medium and electronic device
CN116545645A (en) * 2023-03-20 2023-08-04 中国华能集团有限公司北京招标分公司 IP address blocking method
CN117421729B (en) * 2023-12-18 2024-04-26 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450619A (en) * 2014-09-28 2016-03-30 腾讯科技(深圳)有限公司 Method, device and system of protection of hostile attacks
CN107391980A (en) * 2017-07-17 2017-11-24 上海众人网络安全技术有限公司 A kind of login validation method based on device data, device, equipment and storage medium
CN107481126A (en) * 2017-09-27 2017-12-15 北京同城必应科技有限公司 A kind of single method of anti-brush, server and client side
CN111586028A (en) * 2020-04-30 2020-08-25 广州市百果园信息技术有限公司 Abnormal login evaluation method and device, server and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9264423B2 (en) * 2014-06-12 2016-02-16 Nadapass, Inc. Password-less authentication system and method
CN108494796A (en) * 2018-04-11 2018-09-04 广州虎牙信息科技有限公司 Method for managing black list, device, equipment and storage medium
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN112016078B (en) * 2020-08-26 2024-08-06 广州市百果园信息技术有限公司 A method, device, server and storage medium for detecting a blocking of a login device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450619A (en) * 2014-09-28 2016-03-30 腾讯科技(深圳)有限公司 Method, device and system of protection of hostile attacks
CN107391980A (en) * 2017-07-17 2017-11-24 上海众人网络安全技术有限公司 A kind of login validation method based on device data, device, equipment and storage medium
CN107481126A (en) * 2017-09-27 2017-12-15 北京同城必应科技有限公司 A kind of single method of anti-brush, server and client side
CN111586028A (en) * 2020-04-30 2020-08-25 广州市百果园信息技术有限公司 Abnormal login evaluation method and device, server and storage medium

Also Published As

Publication number Publication date
CN112016078A (en) 2020-12-01
WO2022042194A1 (en) 2022-03-03

Similar Documents

Publication Publication Date Title
CN112016078B (en) A method, device, server and storage medium for detecting a blocking of a login device
CN107666490B (en) A suspicious domain name detection method and device
CN110417778B (en) Access request processing method and device
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN107992738B (en) Account login abnormity detection method and device and electronic equipment
CN109257390B (en) CC attack detection method, device and electronic device
CN112003838A (en) Network threat detection method, device, electronic device and storage medium
CN111756724A (en) Detection method, device and equipment for phishing website and computer readable storage medium
US20160381056A1 (en) Systems and methods for categorization of web assets
US20210174199A1 (en) Classifying domain names based on character embedding and deep learning
CN107426136B (en) Network attack identification method and device
CN109561097B (en) Method, device, equipment and storage medium for detecting security vulnerability injection of structured query language
WO2020057523A1 (en) Method and device for triggering vulnerability detection
CN113765850B (en) Internet of things abnormality detection method and device, computing equipment and computer storage medium
CN120151088A (en) A network application firewall rule configuration method, device, equipment and medium
CN113051571A (en) Method and device for detecting false alarm vulnerability and computer equipment
CN111131166B (en) User behavior prejudging method and related equipment
CN114978674A (en) Crawler identification enhancement method and device, storage medium and electronic equipment
CN114697110A (en) A network attack detection method, device, equipment and storage medium
US11232202B2 (en) System and method for identifying activity in a computer system
WO2020258509A1 (en) Method and device for isolating abnormal access of terminal device
CN111680301A (en) A kind of vulnerability detection method and device
CN113556308B (en) Method, system, equipment and computer storage medium for detecting flow security
CN108683670B (en) Method and system for identifying malicious traffic based on website application system access
CN114866338A (en) Network security detection method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20241206

Address after: 31a, 15 / F, building 30, maple mall, bangrang Road, Brazil, Singapore

Patentee after: Baiguoyuan Technology (Singapore) Co.,Ltd.

Country or region after: Singapore

Address before: 511402 5-13 / F, West Tower, building C, 274 Xingtai Road, Shiqiao street, Panyu District, Guangzhou City, Guangdong Province

Patentee before: GUANGZHOU BAIGUOYUAN INFORMATION TECHNOLOGY Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right