CN112016078A - Method, device, server and storage medium for detecting forbidding of login equipment - Google Patents

Method, device, server and storage medium for detecting forbidding of login equipment Download PDF

Info

Publication number
CN112016078A
CN112016078A CN202010872545.7A CN202010872545A CN112016078A CN 112016078 A CN112016078 A CN 112016078A CN 202010872545 A CN202010872545 A CN 202010872545A CN 112016078 A CN112016078 A CN 112016078A
Authority
CN
China
Prior art keywords
login
equipment
forbidden
factor
sealed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010872545.7A
Other languages
Chinese (zh)
Other versions
CN112016078B (en
Inventor
杨景添
苏航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Baiguoyuan Information Technology Co Ltd
Original Assignee
Guangzhou Baiguoyuan Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Baiguoyuan Information Technology Co Ltd filed Critical Guangzhou Baiguoyuan Information Technology Co Ltd
Priority to CN202010872545.7A priority Critical patent/CN112016078B/en
Publication of CN112016078A publication Critical patent/CN112016078A/en
Priority to PCT/CN2021/109010 priority patent/WO2022042194A1/en
Application granted granted Critical
Publication of CN112016078B publication Critical patent/CN112016078B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention discloses a method and a device for detecting the block of a login device, a server and a storage medium. Wherein, the method comprises the following steps: screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor; and calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor. The technical scheme provided by the embodiment of the invention ensures the reliability of the login equipment facing the forbidden detection, does not need to seal each login equipment using multi-switch software or cluster and seal the login equipment, and avoids the hysteresis of the forbidden detection on the basis of ensuring the login equipment to execute any normal operation, thereby improving the accuracy and the timeliness of the forbidden detection of the login equipment facing the forbidden detection.

Description

Method, device, server and storage medium for detecting forbidding of login equipment
Technical Field
The embodiment of the invention relates to the technical field of internet, in particular to a method and a device for detecting the prohibition of login equipment, a server and a storage medium.
Background
With the rapid development of internet technology, some network black industrial chains (network black products) and malicious users and the like basically exist in various Application (APP) platforms or network communities to propagate some violation information; therefore, in order to limit the illegal behaviors of the network black products and the malicious users, corresponding wind control penalty logic is usually preset, and when the illegal account numbers used by the network black products and the malicious users reach a certain blocking level, the illegal account numbers and the login devices where the illegal account numbers are located are simultaneously blocked. At this time, when a user requests to log in a corresponding account on a certain device, the wind control penalty logic mainly uses the identification information of the device to judge whether the device is a forbidden device, but a network black product and a malicious user can use various multi-open software to change the identification information of the device logged in this time so as to bypass the violation detection of the forbidden device, continue to execute corresponding violation behaviors, and cannot guarantee the information browsing safety of a normal user.
At present, the following two ways are generally adopted to solve the above problems: 1) whether multi-open software is used or not is judged by analyzing the reported information of the login equipment, and then a user is prohibited from logging in the login equipment using the multi-open software; however, in many APP network scenarios, it is supported that a normal user uses the multi-open software to change the identification information of the login device, and at this time, the user login on each login device using the multi-open software is prohibited, which directly affects the normal operation of the normal user and causes a lot of user loss. 2) The method is characterized in that a large number of login devices are classified by adopting a clustering algorithm, then each login device under the class of the sealed device is sealed, at the moment, the clustering algorithm can only initially define the range of the sealed device, the accuracy of the sealed device cannot be ensured, and the range of the sealed device initially defined by the clustering algorithm has certain hysteresis, so that the login device with illegal behaviors cannot be timely sealed.
Disclosure of Invention
The embodiment of the invention provides a method and a device for detecting the prohibition of login equipment, a server and a storage medium, which improve the accuracy of the login equipment facing the prohibition detection and the prohibition timeliness on the basis of ensuring the normal operation of the login equipment.
In a first aspect, an embodiment of the present invention provides a method for detecting a block of a login device, where the method includes:
screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor;
and calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
In a second aspect, an embodiment of the present invention provides a blocking detection apparatus for a login device, where the apparatus includes:
the reference factor screening module is used for screening corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor;
and the forbidden detection module is used for calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
In a third aspect, an embodiment of the present invention provides a server, where the server includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the block detection method of the login device according to any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a blocking detection method for a login device according to any embodiment of the present invention.
The method, the device, the server and the storage medium for detecting the forbidden of the login equipment provided by the embodiment of the invention have the advantages that the larger the login floating of the forbidden equipment library under each equipment factor is, the higher the possibility of tampering the equipment factor is, namely, the lower the reference value of the equipment factor for carrying out forbidden detection on the login equipment is, the corresponding reference equipment factor can be screened out from all the equipment factors based on the login floating degree of the forbidden equipment library under each equipment factor, and the forbidden score of the login equipment is calculated by analyzing the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor, so that the possibility of whether the login equipment needs to be forbidden is accurately judged, the reliability of the login equipment facing forbidden detection is ensured, and each login equipment using multi-open software does not need to be forbidden, or the login equipment is clustered and forbidden, and the hysteresis of forbidden detection is avoided on the basis of ensuring that the login equipment executes any normal operation, so that the accuracy of the login equipment facing the forbidden detection and the forbidden timeliness are improved.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1A is a flowchart of a method for detecting a block of a login device according to an embodiment of the present invention;
fig. 1B is a schematic diagram illustrating a block detection process of a login device according to an embodiment of the present invention;
fig. 2A is a flowchart of a method for detecting a block of a login device according to a second embodiment of the present invention;
fig. 2B is a schematic diagram illustrating a block detection process of a login device according to a second embodiment of the present invention;
fig. 3A is a flowchart of a method for detecting a block of a login device according to a third embodiment of the present invention;
fig. 3B is a schematic diagram illustrating a dynamic update process of the login floating degree and the preset block threshold value that is referred to when determining whether to block in the method according to the third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a block detection apparatus of a login device according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures. In addition, the embodiments and features of the embodiments in the present invention may be combined with each other without conflict.
Example one
Fig. 1A is a flowchart of a method for detecting prohibition of a login device according to an embodiment of the present invention, which can be applied to a situation where whether the current login device needs to be prohibited in any login scenario is detected in this embodiment. The method for detecting the prohibition of the login device provided by this embodiment of the present invention may be implemented by the prohibition detecting device of the login device provided by this embodiment of the present invention, the device may be implemented in a software and/or hardware manner, and is integrated in a server for executing the method, and the server may be a backend server configured with various applications for user account registration and login requirements.
Specifically, referring to fig. 1A, the method may include the steps of:
and S110, screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor.
Specifically, in order to limit the illegal behaviors of network black products and malicious users and avoid the propagation of various illegal contents issued in the internet field, when a user registers or logs in a corresponding account of an application program on a certain device, firstly, whether the device adopted by the current registration and login belongs to the detected forbidden device needs to be judged, at this time, any login device which uses multi-open software to change the identification information of the current login device is usually used as the forbidden device to forbid the user from executing any account related operation on the login device, but the multi-open software is used by the network black products and the malicious users to change the device identification information to bypass the forbidden detection, the use of normal users can be supported, at this time, the normal operation of the normal users is directly influenced by the way of carrying out the forbidden on all login devices using the multi-open software, the sealing accuracy of the login equipment cannot be guaranteed; or, whether the current login equipment is forbidden or not is judged by analyzing whether the class to which the current login equipment belongs after clustering is the forbidden equipment class, but the clustering algorithm belongs to coarse-grained classification, so that the forbidden accuracy of the login equipment cannot be ensured, and the forbidden equipment classification after the clustering algorithm has certain hysteresis, so that the forbidden detection timeliness of the login equipment cannot be ensured. Therefore, in order to avoid the above problems, the present embodiment provides a new blocking detection method, so that when a user registers or logs in a corresponding account using a certain device, operations of the user when the user uses multi-open software on a login device are not limited, while the user is ensured to perform various normal operations on the login device, the login device that needs to be blocked can be accurately and timely detected, and the user is limited to perform any account related operations on the login device.
At this time, because the network black product and the malicious user usually use multi-open software to change the identification information of the login device to bypass the detected violation detection of each forbidden device, and when logging in the corresponding user account on various applications of a certain device, the user account is in the corresponding device environment, that is, the user accounts on different login devices are registered or logged in, there are various device factors such as the corresponding device adaptive identification, Internet Protocol (IP) address, Media Access Control (MAC) address, wireless network, client version, operating system, device model and screen resolution, and at this time, it can be understood that when the network black product and the malicious user change the login parameters under different device factors on a certain login device, the tampering costs of the login parameters under different device factors are different due to the different development design difficulties of different device factors, the difficulty of tampering each device factor is different, that is, there always exists a device factor whose login parameter is not easily tampered in all device factors of the device, so this embodiment can use the device factor whose login parameter is not easily tampered as a reference device factor for performing the block detection on the login device, at this time, the login parameter adopted by the login device under the reference device factor is not easily tampered maliciously, and thus the true device information can be represented more easily, and further, by comparing the similarity between the login parameter of the login device and the login parameter of each detected block device under each reference device factor, the possibility that the login device needs to be blocked can be accurately determined, thereby ensuring the reliability of the login device facing the block detection.
It should be noted that, if login parameters used when the login device historically logs in various user accounts under a certain device factor are changed continuously, it indicates that the difficulty of tampering the login parameters under the device factor is low, that is, the login parameters under the device factor are easily tampered, and therefore, the login parameters cannot be used as reference device factors for detecting the prohibition of the login device.
In this embodiment, the tampering difficulty of each detected sealed device may be determined by analyzing a floating condition of a login parameter adopted by each device factor, where a login floating degree is adopted in this embodiment to represent a floating condition of a historical login parameter adopted by each device factor when a user account is registered or logged in on each device; meanwhile, when registering or logging in a user account on the login device, the login device is firstly subjected to the forbidden detection, so that a reference device factor with a higher reference value for the forbidden detection needs to be screened out from all the device factors to improve the accuracy of the forbidden detection of the login device, at the moment, in a forbidden device library which is subjected to the forbidden detection, the historical login parameters adopted by each forbidden device under each device factor when the forbidden device is detected to be forbidden by executing any account related operation are firstly found out, then the login floating degree of the forbidden device library under each device factor is respectively calculated by analyzing the change condition of the historical login parameters adopted by each forbidden device under each device factor, at the moment, if the login floating degree of the forbidden device library under a certain device factor is higher, the more easily the login parameters under the device factor are maliciously tampered, that is, the lower the reference value of the device factor for performing the block detection on the login device, and if the lower the login floating degree of the block device library under a certain device factor, the less easily the login parameters under the device factor are maliciously tampered, that is, the higher the reference value of the device factor for performing the block detection on the login device, therefore, through the login floating degree of the block device library under each device factor, a part of device factors with lower login floating degree can be screened out from all the device factors as the reference device factors in the embodiment, at this time, the login parameters adopted by the login device under each reference device factor are not easily maliciously tampered, and subsequently, through analyzing the similarity between the login parameters adopted by each block device under each reference device factor in the login device and each block device in the block device, whether the login equipment is a certain forbidden equipment in a forbidden equipment library can be accurately judged, so that the possibility that the login equipment needs to be forbidden is accurately judged, and the reliability of the login equipment for forbidden detection is ensured.
And S120, calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
Optionally, after registering or logging in a user account on the login device, and screening out corresponding reference device factors from the device factors, in order to ensure the reliability of the login device for the forbidden detection, in this embodiment, first, the login parameters used by the login device under each reference device factor when performing operations related to any account are found, and meanwhile, the login parameters used by the login device under each reference device factor when each forbidden device in the forbidden device library is forbidden are found, and then, the similarity between the login parameters used by the login device and each forbidden device under each reference device factor is respectively analyzed to determine whether the login device has blocked a certain forbidden device in the device library, if the similarity between the login parameters used by the login device and a certain forbidden device under each reference device factor is higher, the login equipment and the sealed equipment are most likely to be the same equipment, at the moment, according to the possibility that the login equipment and a certain sealed equipment are the same equipment, the sealed score of the login equipment can be calculated, each login equipment using multi-open software does not need to be sealed, or the login equipment is clustered and sealed, on the basis of ensuring that the login equipment executes any normal operation, the hysteresis of sealing detection is avoided, and subsequently, the sealed score can be adopted to accurately judge whether the login equipment needs to be sealed currently, so that a user is prevented from executing any account related operation on the login equipment.
In the technical scheme provided by this embodiment, the larger the login floating of the sealed device library under each device factor is, the higher the possibility that the device factor is tampered with is, that is, the lower the reference value of the device factor for performing the sealing detection on the login device is, therefore, based on the login floating degree of the sealed device library under each device factor, the corresponding reference device factor can be screened from all the device factors, and further, the sealed score of the login device is calculated by analyzing the login parameter similarity of each sealed device in the login device and the sealed device library under each reference device factor, so as to accurately judge the possibility that the login device needs to be sealed, ensure the reliability of the login device for the sealing detection, and need not to seal each login device using multi-open software or perform the clustering sealing on the login device, on the basis of ensuring that the login equipment executes any normal operation, the hysteresis of the forbidden detection is avoided, so that the accuracy of the login equipment facing the forbidden detection and the forbidden timeliness are improved.
Example two
Fig. 2A is a flowchart of a method for detecting a block of a login device according to a second embodiment of the present invention, and fig. 2B is a schematic diagram of a block detection process of a login device according to a second embodiment of the present invention. The embodiment is optimized on the basis of the embodiment. Specifically, as shown in fig. 2A, the present embodiment explains in detail a specific screening process of the reference device factor and a specific calculation process of the prohibited score of the login device.
Optionally, as shown in fig. 2A, the present embodiment may include the following steps:
and S210, aiming at each equipment factor, calculating the login floating degree of the sealed equipment library under the equipment factor based on the repetition frequency of each historical login parameter of the sealed equipment library under the equipment factor.
Optionally, because the historical login parameters adopted by each sealed device in the sealed device library may be different under each device factor when the sealed device is sealed, and the login floating degree may represent the change condition of the historical login parameters adopted by each sealed device in the sealed device library under each device factor, when detecting that the login device needs to perform any account related operation (such as registering or logging in a user account), the historical login parameters adopted by each sealed device under each device factor when the sealed device is sealed are first found out, and then for each device factor, the frequency of each historical login parameter adopted by each sealed device under the device factor when the sealed device is sealed appearing in the sealed device library is respectively calculated, as the repetition frequency of each historical login parameter of the sealed device library under the device factor in this embodiment, at this time, if the repetition frequency of each historical login parameter under a certain device factor is higher, it indicates that the historical login parameters used by the sealed device library under the device factor are more stable, so that the fluctuation of the sealed device library under the device factor is lower.
For example, since the information entropy can accurately measure the ordering degree of the information in a system, the information in the system is ordered more, the information entropy is lower, the information in the system is disordered more, and the information entropy is higher, as shown in fig. 2B, this embodiment may represent the login floating degree of the sealed device under each device factor through the information entropy, at this time, for each device factor, the calculating the login floating degree of the sealed device library under the device factor based on the repetition frequency of each historical login parameter of the sealed device library under the device factor may specifically include: and performing entropy operation on the repetition frequency of each historical login parameter of the sealed equipment library under each equipment factor to obtain the login floating degree of the sealed equipment library under the equipment factor.
Specifically, after the historical login parameters of the sealed device library under each device factor are found out and the repetition frequency of each historical login parameter of the sealed device library under each device factor is determined, the repetition frequency of each historical login parameter of the sealed device library under each device factor can be subjected to entropy operation, and the entropy operation formula is as follows:
Figure BDA0002651577690000101
wherein x isiThe ith historical login parameter, p (x), adopted for the sealed equipment library under each equipment factori) The corresponding frequency of the sealed equipment library under the repetition frequency of the ith historical login parameter under each equipment factor is obtained; further, the operation result of entropy operation is carried out on the repetition frequency of each historical login parameter adopted by the sealed equipment library under each equipment factor is used as the login floating degree of the sealed equipment library under the equipment factor; according to the entropy operation process, the login floating degree of the sealed equipment library under each equipment factor can be obtained.
S220, determining the forbidden reference confidence coefficient of each equipment factor based on the login floating degree of the forbidden equipment library under each equipment factor, and screening out the equipment factors of which the forbidden reference confidence coefficients meet the specified forbidden detection specification as reference equipment factors.
Optionally, after the login floating degree of the sealed device library under each device factor is calculated, since the login floating degree is inversely proportional to the reference value of the device factor for the sealing detection, the present embodiment may determine the sealing reference confidence of each device factor based on the reverse influence degree of the login floating degree of the sealed device library under each device factor on the reference value of the sealing detection, where the sealing reference confidence can accurately represent the credibility of a certain device factor as a reference device factor for sealing detection of the logged device, and in order to accurately screen a corresponding number of reference device factors, the present embodiment may preset a corresponding designated sealing detection specification, where the designated sealing detection specification may be the number of the reference device factors, and further, according to the sealing reference confidence of each device factor, a plurality of device factors that conform to screen the designated sealing detection specification are screened out, as the reference device factor in this embodiment, for example, a TopK algorithm may be adopted to screen out a device factor with the top K items of forbidden reference confidence from all the device factors, and the device factor is used as a corresponding reference device factor. In addition, in this embodiment, a plurality of device factors that meet the specified forbidden detection specification under a low login floating degree may also be used as the reference device factors in this embodiment, without calculating the forbidden reference confidence of each device factor, thereby reducing the screening steps of the reference device factors.
S230, for each sealed device in the sealed device library, based on the login parameters of the login device and the sealed device under the reference device factors, calculating the sealing similarity between the login device and the sealed device.
Optionally, after screening out the corresponding reference device factor, the login parameters adopted by the login device under each reference device factor when executing any account related operation may be respectively found for each sealed device in the sealed device library, and the login parameters to be used at each reference device factor when the sealed device is sealed, then the device characteristics of the login device and the disabled device are respectively determined by the login parameters adopted under each reference device factor, and then analyzing the similarity between the login parameters adopted by the login equipment and the sealed equipment under each reference equipment factor by adopting a corresponding similarity algorithm, comprehensively analyzing the login parameter similarity under each reference equipment factor, and calculating the sealing and forbidden similarity between the login equipment and the sealed and forbidden equipment; at this time, by performing the above steps, the blocking similarity between the login device and each blocked device can be calculated respectively.
It should be noted that, the similarity calculation method is not limited, but the blocking similarity between the login device and each blocked device in this embodiment may be calculated by using the reverse influence between the jackard distance and the similarity, and the device distance between the login device and the blocked device (i.e., the difference between the login device and the blocked device) and the blocking similarity are calculated by using the jackard distance, and there is a relationship of the reverse influence between the device distance and the blocking similarity, at this time, the larger the device distance between the login device and a certain blocked device is calculated by using the jackard distance, the smaller the blocking similarity between the login device and the blocked device is. For example, if the reference equipment factors are (serial, iid, uuid, eid, mac, aid), and the login parameters used by the login equipment under each reference equipment factor are a ═ (efd313432, a3bedbd, 4cc33ea, 78c5B4a, 01:01:01:01:01:01, e683acb), and the login parameters used by a certain sealed equipment under each reference equipment factor are B ═ (ABCDFG, a3bedbd, 4cc33ea, 78c5B4a, 02:02:02:02:02:02, c4aabcd5673), then the sealing similarity between the login equipment and the sealed equipment may be (ABCDFG, a3bedbd, 4cc33ea, 78c5B4a, 02:02:02:02:02, c4aabcd5673)
Figure BDA0002651577690000121
At this time, | a ≧ B | is 9 and | a ≧ B | is 3, so the device distance between the login device and the sealed device is 2/3, and the corresponding sealing similarity is 1/3.
And S240, taking the maximum similarity in the forbidden similarities between the login device and each forbidden device as a forbidden score of the login device.
Optionally, if the login device and any one of the disabled devices in the disabled device library are similar, it is determined that the login device needs to be disabled, and at this time, it is only necessary to determine whether the maximum similarity in the disabled similarity between the login device and each of the disabled devices reaches a preset similarity threshold, and if the maximum similarity in the disabled similarity between the login device and each of the disabled devices is lower than the preset similarity threshold, it is determined that the login device and each of the disabled devices are not similar, in this embodiment, the maximum similarity in the disabled similarity between the login device and each of the disabled devices may be used as a disabled score of the login device, and at this time, if the maximum similarity indicates that the login device is similar to one of the disabled devices, it may be accurately determined that the login device needs to be disabled, so as to improve the security of the login device that needs to be disabled by the disabled score of the login device .
According to the technical scheme provided by the embodiment, the login floating degree of the sealed equipment library under each equipment factor is calculated through entropy operation, the accuracy of the login floating degree under each equipment factor can be ensured, and then the equipment factors meeting the specified sealing detection specification are screened out as reference equipment factors based on the login floating degree of the sealed equipment library under each equipment factor, so that the reliability of the reference equipment factors is ensured; subsequently, the login parameter similarity of each forbidden device in the login device and the forbidden device library under each reference device factor is analyzed to calculate the forbidden score of the login device, so that the possibility of whether the login device needs to be forbidden or not is accurately judged, the reliability of the login device for forbidden detection is ensured, each login device using multi-switch software does not need to be forbidden, or the login devices are clustered and forbidden, on the basis of ensuring that the login device executes any normal operation, the hysteresis of forbidden detection is avoided, and the accuracy and the forbidden timeliness of the login device for forbidden detection are improved.
EXAMPLE III
Fig. 3A is a flowchart of a method for detecting a block of a login device according to a third embodiment of the present invention, and fig. 3B is a schematic diagram of a dynamic update process of a login floating degree under each device factor and a preset block threshold value referred to when determining whether to block in the method according to the third embodiment of the present invention. The embodiment is optimized on the basis of the embodiment. Specifically, as shown in fig. 3A, this embodiment mainly explains the preset blocking threshold referred to when determining whether to block the login device according to the blocked score of the login device, and the dynamic update process of the login floating degree when the login floating degree under each device factor changes due to the change of the blocked device library in detail.
Optionally, as shown in fig. 3A, the present embodiment may include the following steps:
s310, based on the login floating degree of the sealed equipment library under each equipment factor, screening out corresponding reference equipment factors from the equipment factors.
And S320, calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
S330, determining a corresponding preset forbidden threshold value based on the forbidden accuracy and the forbidden recall rate of the target login equipment set with the forbidden detection completed.
Optionally, in order to ensure the accuracy of the login device for the prohibition detection, the embodiment may dynamically update the corresponding preset prohibition threshold by analyzing the accuracy and the recall rate of whether each login device needs to be prohibited by using the prohibition detection method provided in this embodiment, at this time, after performing the prohibition detection on each login device, regardless of the prohibition detection result, the prohibition result of each login device that needs to be prohibited by using the prohibition detection method provided in this embodiment may be added to the corresponding target login device set, at this time, each login device in the target login device set has completed the prohibition detection, there are login devices that need to be prohibited and login devices that do not need to be prohibited, so that the specific result of the prohibition detection and the real prohibition result of each login device in the target login device set may be determined, in the process of detecting the forbidden devices, continuously calculating corresponding forbidden accuracy and forbidden recall rate, and further taking the forbidden accuracy and the forbidden recall rate as evaluation indexes of a preset forbidden threshold value to dynamically update the corresponding preset forbidden threshold value, wherein the preset forbidden threshold value can represent a scoring node capable of accurately distinguishing the forbidden devices to be logged.
For example, the calculation formula of the blocking accuracy rate canComprises the following steps:
Figure BDA0002651577690000141
the method comprises the steps that TP is the number of pieces of login equipment needing to be blocked in a target login equipment set and is predicted as the number of pieces of equipment needing to be blocked, and FP is the number of pieces of login equipment needing not to be blocked in the target login equipment set and is predicted as the number of pieces of equipment needing to be blocked; the calculation formula of the forbidden recall rate can be as follows:
Figure BDA0002651577690000142
the FN predicts the number of devices which need to be blocked as devices which do not need to be blocked for the login devices which need to be blocked in the target login device set.
At this time, the forbidden score of the login device corresponding to the forbidden recall rate meeting the corresponding recall requirement can be used as the current preset forbidden threshold, for example, the forbidden score of the login device corresponding to the forbidden recall rate meeting the corresponding recall requirement is higher in the embodiment, and the forbidden score of the login device corresponding to the forbidden recall rate meeting the corresponding recall requirement can reach a certain range, so that the forbidden score of the login device corresponding to the highest forbidden accuracy can be used as the current preset forbidden threshold in the multiple login devices corresponding to the target login device set when the forbidden recall rate meeting the requirement of a certain recall range, and the preset forbidden threshold can ensure that the forbidden detection accuracy is highest on the basis of ensuring relatively high forbidden recall.
S340, if the forbidden score of the login device exceeds a preset forbidden threshold, the login device is forbidden.
Optionally, after the forbidden score of the login device is calculated, whether the login device needs to be forbidden is determined by comparing the forbidden score of the login device with a preset forbidden threshold, and if the forbidden score of the login device exceeds the preset forbidden threshold, it indicates that the login device is probably forbidden, so that the login device can be forbidden to avoid any account related operation performed on the login device by each user, thereby reducing the wide spread of illegal contents and improving the safety and health of browsing information by normal users.
And S350, adding the login equipment which is sealed off into the sealed-off equipment library, and updating the login floating degree of the sealed-off equipment library under each equipment factor.
Optionally, after the login device is disabled, the login device may be directly used as a disabled device and added to the disabled device library, so as to accurately screen out the corresponding reference device factor based on the login floating degree of the disabled device library under each device factor, at this time, since the disabled device library is dynamically changed after the login device is continuously disabled, the login floating degree of the disabled device library under each device factor also changes dynamically, so that in this embodiment, the login device that has been disabled is added to the disabled device library, and the login floating degree of the disabled device library under each device factor needs to be recalculated in the same manner as that provided in the above embodiment when the login floating degree of the disabled device library under each device factor is calculated, the login floating degree under each equipment factor is dynamically updated, so that the screening accuracy of the reference equipment factors is improved.
According to the technical scheme provided by the embodiment, based on the login floating degree of the sealed device library under each device factor, the corresponding reference device factor can be screened out from all the device factors, and then the sealed score of the login device is calculated by analyzing the login parameter similarity of the login device and each sealed device in the sealed device library under each reference device factor, so that the possibility of whether the login device needs to be sealed or not is accurately judged, the reliability of the seal detection of the login device is ensured, each login device using multi-open software does not need to be sealed or clustered to be sealed, on the basis of ensuring that the login device executes any normal operation, the hysteresis of the seal detection is avoided, and the accuracy and the seal time of the seal detection of the login device are improved; meanwhile, the corresponding preset sealing threshold value is dynamically updated according to the sealing accuracy and the sealing recall rate of the target login equipment set which completes the sealing detection, the accuracy of the login equipment facing the sealing detection is further ensured, meanwhile, the sealed login equipment is continuously added into the sealed equipment library, the login floating degree of the sealed equipment library under each equipment factor is dynamically updated, and the screening accuracy of the reference equipment factors is further improved.
Example four
Fig. 4 is a schematic structural diagram of a block and entry detection apparatus of login equipment according to a fourth embodiment of the present invention, specifically, as shown in fig. 4, the apparatus may include:
a reference factor screening module 410, configured to screen a corresponding reference device factor from each device factor based on a login floating degree of a sealed device library under each device factor;
a block detection module 420, configured to calculate a block score of the logged device based on the similarity of the logged parameters of the logged device and each block device in the block device library under each reference device factor.
In the technical scheme provided by this embodiment, the larger the login floating of the sealed device library under each device factor is, the higher the possibility that the device factor is tampered with is, that is, the lower the reference value of the device factor for performing the sealing detection on the login device is, therefore, based on the login floating degree of the sealed device library under each device factor, the corresponding reference device factor can be screened from all the device factors, and further, the sealed score of the login device is calculated by analyzing the login parameter similarity of each sealed device in the login device and the sealed device library under each reference device factor, so as to accurately judge the possibility that the login device needs to be sealed, ensure the reliability of the login device for the sealing detection, and need not to seal each login device using multi-open software or perform the clustering sealing on the login device, on the basis of ensuring that the login equipment executes any normal operation, the hysteresis of the forbidden detection is avoided, so that the accuracy of the login equipment facing the forbidden detection and the forbidden timeliness are improved.
The device for detecting the prohibition of the login equipment provided by the embodiment can be applied to the method for detecting the prohibition of the login equipment provided by any embodiment, and has corresponding functions and beneficial effects.
EXAMPLE five
Fig. 5 is a schematic structural diagram of a server according to a fifth embodiment of the present invention, and as shown in fig. 5, the server includes a processor 50, a storage device 51, and a communication device 52; the number of the processors 50 in the server may be one or more, and one processor 50 is taken as an example in fig. 5; the processor 50, the storage device 51 and the communication device 52 in the server may be connected by a bus or other means, and the bus connection is taken as an example in fig. 5.
The server provided by this embodiment can be used to execute the block detection method of the login device provided by any of the above embodiments, and has corresponding functions and beneficial effects.
EXAMPLE six
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, can implement the method for detecting a block of a login device in any of the above embodiments. The method specifically comprises the following steps:
screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor;
and calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the block detection method for a login device provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the blocking detection apparatus of the login device, each included unit and module are only divided according to functional logic, but are not limited to the above division, as long as the corresponding function can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (12)

1. A method for detecting the block of a login device is characterized by comprising the following steps:
screening out corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor;
and calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
2. The method of claim 1, wherein calculating the block score for the logged device based on the similarity of the logged parameters between the logged device and each blocked device in the library of blocked devices for each of the reference device factors comprises:
for each sealed device in the sealed device library, calculating a sealing similarity between the login device and the sealed device based on the login parameters of the login device and the sealed device under the reference device factors;
and taking the maximum similarity in the forbidden similarities between the login device and each forbidden device as the forbidden score of the login device.
3. The method of claim 2, wherein the block similarity is calculated using an inverse influence between the Jacard distance and the similarity.
4. The method of claim 1, wherein the screening out a corresponding reference equipment factor from each equipment factor based on the registered float of the sealed equipment library under each equipment factor comprises:
and determining the forbidden reference confidence coefficient of each equipment factor based on the login floating degree of the forbidden equipment library under each equipment factor, and screening out the equipment factors of which the forbidden reference confidence coefficients meet the specified forbidden detection specification as the reference equipment factors.
5. The method of claim 1, further comprising, prior to screening out a corresponding reference equipment factor from each of the equipment factors based on a registered float of the sealed equipment library at each equipment factor:
and aiming at each equipment factor, calculating the login floating degree of the sealed equipment library under the equipment factor based on the repetition frequency of each historical login parameter of the sealed equipment library under the equipment factor.
6. The method of claim 5, wherein calculating the registration float of the sealed device library at the device factor based on the repetition frequency of the historical registration parameters of the sealed device library at the device factor comprises:
and performing entropy operation on the repetition frequency of each historical login parameter of the sealed equipment library under each equipment factor to obtain the login floating degree of the sealed equipment library under the equipment factor.
7. The method of any of claims 1-6, further comprising, after calculating a prohibited score for the login device:
and if the forbidden score of the login equipment exceeds a preset forbidden threshold value, the login equipment is forbidden.
8. The method of claim 7, further comprising, after disabling the login device:
and adding the login equipment which is completely sealed into the sealed equipment library, and updating the login floating degree of the sealed equipment library under each equipment factor.
9. The method of claim 7, further comprising:
and determining a corresponding preset sealing threshold value based on the sealing accuracy and the sealing recall rate of the target login equipment set which completes the sealing detection.
10. A block detection device of a login device, comprising:
the reference factor screening module is used for screening corresponding reference equipment factors from the equipment factors based on the login floating degree of the sealed equipment library under each equipment factor;
and the forbidden detection module is used for calculating the forbidden score of the login equipment based on the login parameter similarity of the login equipment and each forbidden equipment in the forbidden equipment library under each reference equipment factor.
11. A server, characterized in that the server comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a block detection method for a login device according to any one of claims 1-9.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a block detection method of a login device according to any one of claims 1-9.
CN202010872545.7A 2020-08-26 2020-08-26 Sealing detection method and device for login equipment, server and storage medium Active CN112016078B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010872545.7A CN112016078B (en) 2020-08-26 2020-08-26 Sealing detection method and device for login equipment, server and storage medium
PCT/CN2021/109010 WO2022042194A1 (en) 2020-08-26 2021-07-28 Block detection method and apparatus for login device, server, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010872545.7A CN112016078B (en) 2020-08-26 2020-08-26 Sealing detection method and device for login equipment, server and storage medium

Publications (2)

Publication Number Publication Date
CN112016078A true CN112016078A (en) 2020-12-01
CN112016078B CN112016078B (en) 2024-08-06

Family

ID=73502242

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010872545.7A Active CN112016078B (en) 2020-08-26 2020-08-26 Sealing detection method and device for login equipment, server and storage medium

Country Status (2)

Country Link
CN (1) CN112016078B (en)
WO (1) WO2022042194A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591898A (en) * 2021-06-04 2021-11-02 广州三七极创网络科技有限公司 Method and device for classifying account numbers in game and electronic equipment
WO2022042194A1 (en) * 2020-08-26 2022-03-03 百果园技术(新加坡)有限公司 Block detection method and apparatus for login device, server, and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116545645A (en) * 2023-03-20 2023-08-04 中国华能集团有限公司北京招标分公司 IP address blocking method
CN117421729B (en) * 2023-12-18 2024-04-26 湖南森鹰科技有限公司 Automatic program attack detection method, device, system and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150365400A1 (en) * 2014-06-12 2015-12-17 Nadapass, Inc. Password-less authentication system and method
CN107481126A (en) * 2017-09-27 2017-12-15 北京同城必应科技有限公司 A kind of single method of anti-brush, server and client side
CN108494796A (en) * 2018-04-11 2018-09-04 广州虎牙信息科技有限公司 Method for managing black list, device, equipment and storage medium
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN111586028A (en) * 2020-04-30 2020-08-25 广州市百果园信息技术有限公司 Abnormal login evaluation method and device, server and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450619A (en) * 2014-09-28 2016-03-30 腾讯科技(深圳)有限公司 Method, device and system of protection of hostile attacks
CN107391980B (en) * 2017-07-17 2020-09-29 上海众人网络安全技术有限公司 Login verification method, device, equipment and storage medium based on equipment data
CN112016078B (en) * 2020-08-26 2024-08-06 广州市百果园信息技术有限公司 Sealing detection method and device for login equipment, server and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150365400A1 (en) * 2014-06-12 2015-12-17 Nadapass, Inc. Password-less authentication system and method
CN107481126A (en) * 2017-09-27 2017-12-15 北京同城必应科技有限公司 A kind of single method of anti-brush, server and client side
CN108494796A (en) * 2018-04-11 2018-09-04 广州虎牙信息科技有限公司 Method for managing black list, device, equipment and storage medium
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN111586028A (en) * 2020-04-30 2020-08-25 广州市百果园信息技术有限公司 Abnormal login evaluation method and device, server and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022042194A1 (en) * 2020-08-26 2022-03-03 百果园技术(新加坡)有限公司 Block detection method and apparatus for login device, server, and storage medium
CN113591898A (en) * 2021-06-04 2021-11-02 广州三七极创网络科技有限公司 Method and device for classifying account numbers in game and electronic equipment
CN113591898B (en) * 2021-06-04 2024-01-02 广州三七极创网络科技有限公司 Method and device for classifying accounts in game and electronic equipment

Also Published As

Publication number Publication date
CN112016078B (en) 2024-08-06
WO2022042194A1 (en) 2022-03-03

Similar Documents

Publication Publication Date Title
US11558418B2 (en) System for query injection detection using abstract syntax trees
CN112016078B (en) Sealing detection method and device for login equipment, server and storage medium
CN110677380B (en) Method and related apparatus for cyber threat indicator extraction and response
US10430586B1 (en) Methods of identifying heap spray attacks using memory anomaly detection
US8229930B2 (en) URL reputation system
EP3264312A1 (en) Model-based computer attack analytics orchestration
US20190306191A1 (en) Sql injection interception detection method and device, apparatus and computer readable medium
EP3763097B1 (en) System and method for restricting access to web resources from web robots
WO2018017872A1 (en) Dynamic sensors
CN107992738B (en) Account login abnormity detection method and device and electronic equipment
CN110399722B (en) Virus family generation method, device, server and storage medium
US10965553B2 (en) Scalable unsupervised host clustering based on network metadata
US20200380117A1 (en) Aggregating anomaly scores from anomaly detectors
CN113010268B (en) Malicious program identification method and device, storage medium and electronic equipment
CN109547427B (en) Blacklist user identification method and device, computer equipment and storage medium
CN107426136B (en) Network attack identification method and device
CN111953665A (en) Server attack access identification method and system, computer equipment and storage medium
CN111131166B (en) User behavior prejudging method and related equipment
US20220269817A1 (en) Methods and apparatus to orchestrate personal protection across digital assets
CN112804374B (en) Threat IP identification method, threat IP identification device, threat IP identification equipment and threat IP identification medium
US20240320329A1 (en) Machine Learning Model Adversarial Attack Monitoring
US10242318B2 (en) System and method for hierarchical and chained internet security analysis
CN113542252A (en) Detection method, detection model and detection device for Web attack
WO2020258509A1 (en) Method and device for isolating abnormal access of terminal device
Li et al. LogKernel: A threat hunting approach based on behaviour provenance graph and graph kernel clustering

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant