CN109034661A - User identification method, device, server and storage medium - Google Patents
User identification method, device, server and storage medium Download PDFInfo
- Publication number
- CN109034661A CN109034661A CN201810990944.6A CN201810990944A CN109034661A CN 109034661 A CN109034661 A CN 109034661A CN 201810990944 A CN201810990944 A CN 201810990944A CN 109034661 A CN109034661 A CN 109034661A
- Authority
- CN
- China
- Prior art keywords
- user
- value
- risk
- behavior
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/01—Social networking
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Theoretical Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Educational Administration (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- Development Economics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of user identification method, device, server and storage mediums, belong to network technique field.User identification method proposed by the present invention, it can be according to different mutual-action behaviors, it is targetedly analyzed, to find to the information for best embodying its true purpose in the mutual-action behavior, the value-at-risk based on determined by such information, accuracy is higher, therefore, comparison result determined by threshold value comparison is carried out based on the value-at-risk, accuracy is higher, so that malicious user recognition accuracy improves in social application multi-conference, avoid the problem that generating miscue.
Description
Technical field
The present invention relates to network technique field, in particular to a kind of user identification method, device, server and storage are situated between
Matter.
Background technique
With the development of network technology, interpersonal exchange is increasingly dependent on network, and this social application can be people
Provide intercommunion platform using more and more extensive.For example, a kind of typical usage mode is as more for social application
Conference that is to say that user can create a group, and invites good friend to be added in group and conversate.However, multi-conference
Some security risks may be brought, boss, which adds finance, for example, cheat can disguise oneself as becomes good friend, remanufactures crisis thing
Part, to inveigle finance to transfer accounts a huge sum of money.Therefore, these tool user with harmful intents how to be identified, to ensure the letter of normal users
Breath and property safety are most important.
Currently, mainly being carried out, being specifically included: by multi-conference mistake by keyword detection when carrying out user's identification
The message content of interaction is matched with the keyword prestored in journey, and when matching shows user message content, while showing for user
Show prompt information, to remind user's message or the user to be likely to be malicious user.
Due to that may also occur the message content with Keywords matching in normal dialog, the accuracy rate of identification is lower,
It is easy to generate the prompt of mistake.
Summary of the invention
The embodiment of the invention provides a kind of user identification method, device, server and storage mediums, are able to solve society
The problem of friendship is lower using recognition accuracy in multi-conference, is easy to produce miscue.The technical solution is as follows:
On the one hand, a kind of user identification method is provided, which comprises
When detecting the target mutual-action behavior of any user, the description letter of the target dimension of first user is obtained
Breath, the target dimension are corresponding with application function corresponding to the target mutual-action behavior;
The description information of the target dimension is inputted the target prediction model, and exported by invocation target prediction model
The value-at-risk of first user, what the value-at-risk of first user was used to indicate the first user implement general plan behavior can
It can property;
When the value-at-risk of first user is greater than default value-at-risk, determine that first user is pre-set user, institute
State the user that pre-set user refers to implement general plan behavior;
Wherein, the description information of multiple dimensions of first user includes the account information of first user and appoints
The usage behavior information of one application function.
On the one hand, a kind of customer identification device is provided, described device includes:
Description information obtains module, uses for when detecting the target mutual-action behavior of any user, obtaining described first
The description information of the target dimension at family, the target dimension are corresponding with application function corresponding to the target mutual-action behavior;
Value-at-risk obtains module, is used for invocation target prediction model, described in the description information input by the target dimension
Target prediction model, and the value-at-risk of first user is exported, the value-at-risk of first user is for indicating described first
A possibility that user's implement general plan behavior;
Pre-set user identification module, described in determining when the value-at-risk of first user is greater than default value-at-risk
First user is pre-set user, and the pre-set user refers to the user of implement general plan behavior;
Wherein, the description information of multiple dimensions of first user includes the account information of first user and appoints
The usage behavior information of one application function.
On the one hand, a kind of server is provided, the server includes processor and memory, is stored in the memory
There is at least one instruction, described instruction is loaded by the processor and executed to realize user identification method institute as provided above
The operation of execution.
On the one hand, a kind of computer readable storage medium is provided, at least one instruction is stored in the storage medium,
Described instruction is loaded as processor and is executed to realize operation performed by user identification method as provided above.
Technical solution provided in an embodiment of the present invention has the benefit that user identification method proposed by the present invention,
It can targetedly be analyzed according to different mutual-action behaviors, to find true to it is best embodied in the mutual-action behavior
The information of purpose, the value-at-risk based on determined by such information, accuracy is higher, therefore, carries out threshold value based on the value-at-risk
Compare identified comparison result, accuracy is higher, so that malicious user recognition accuracy mentions in social application multi-conference
Height avoids the problem that generating miscue.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of schematic diagram of implementation environment provided in an embodiment of the present invention;
Fig. 2 is a kind of flow chart of user identification method provided in an embodiment of the present invention;
Fig. 3 is a kind of examples of interfaces figure of alerting pattern provided in an embodiment of the present invention;
Fig. 4 is that a kind of interface provided in an embodiment of the present invention jumps exemplary diagram;
Fig. 5 is a kind of examples of interfaces figure of alerting pattern provided in an embodiment of the present invention;
Fig. 6 is a kind of flow chart of Prior Control provided in an embodiment of the present invention;
Fig. 7 is a kind of flow chart of mid-event control provided in an embodiment of the present invention;
Fig. 8 is the calling schematic diagram of multiple models involved in the embodiment of the present invention;
Fig. 9 is a kind of structural schematic diagram of customer identification device provided in an embodiment of the present invention;
Figure 10 is a kind of structural schematic diagram of server provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Fig. 1 is a kind of schematic diagram of implementation environment provided in an embodiment of the present invention.The implementation environment includes multiple terminals
101, for providing the server 102 of service for multiple terminal.
Multiple terminals 101 are connected by wireless or cable network and server 102, and multiple terminal 101 can be energy
The electronic equipment of server 102 is enough accessed, which can be computer, smart phone, tablet computer or other electronics
Equipment.
Server 102 can be the server of social application, which can provide transmission for user, receive i.e.
When the interactive functions such as communication message, user can conversate based on server 102 with other users, group can also be created,
And it is conversated based on the other users in group and group and waits interbehaviors.For server 102, the server 102
Can also have at least one database, to store log in environmental information, user property, hardware environment, critical behavior and
Relationship chain information etc..
Currently, a kind of typical social application swindle type is exactly the counterfeit boss's swindle of multi-conference, this multi-conference
The swindle method of counterfeit boss, aggrieved group's majority are that enterprise or Corporate Finance personnel, malicious user pass through clone enterprise first
Or the social application number of proprietor of an establishment, a group of intra-company is added in victim user, other users seem all in group
It is business associate, is actually also all to clone the social application number come, subsequent malicious user talks about work in the multi-conference
Make, scene set, induction victim user transfers accounts a huge sum of money.Entire swindle can be completed in process most fast ten minutes, how short
Precisely identify that such malicious user is particularly critical in time, for this purpose, providing following user identification method.
Fig. 2 is a kind of flow chart of user identification method provided in an embodiment of the present invention.This method can be applied to above-mentioned
On server 102 in Fig. 1, referring to fig. 2, which is specifically included:
201, when detecting the target mutual-action behavior of any user, the description letter of the target dimension of first user is obtained
Breath, the target dimension are corresponding with application function corresponding to the target mutual-action behavior.
Wherein, target mutual-action behavior is the key that a kind of for judging whether user is pre-set user test point, if certain
A user is in performance objective mutual-action behavior, it is understood that there may be risk of fraud, therefore, it is necessary to the generation based on target mutual-action behavior come
The user is detected.
In some embodiments, which can refer to that by the name modifications in personal information be true surname
Name, and the full name of company is extended this as in signature, or head portrait is updated;For some users for wanting to be cheated
For, fraud process needs to pretend to be other people identity, therefore the pet name can be arranged to the Real Name of two to three words, and
Autograph Session extends this as the full name of company, such as Jiangsu XXX Science and Technology Ltd., and head portrait is then the head by search company boss
It directly saves and uploads as after.
In some embodiments, which can be in plusing good friend link, some cell-phone number is searched
User adds as a friend, this is because in the case where corporate communication record leakage, it is desirable to the user cheated, generally by searching
Rope phone number goes the account of addition finance.
In some embodiments, which can be in creation group or session link, create one with public affairs
Relevant group or session are taken charge of, optionally, user's pet name in group or session after creation includes some position titles, warp
Reason, Marketing Director etc..Want the user cheated, group chat title can be generally set as " intra-company group " or " company
High-rise group " waits while also drawing in the several colleague's wechats cloned and, and group chat number can generally be controlled in 3-8 people, and each
It is just formed from setting group's pet name, such as vice general manager, Marketing Director, such a intra-company discussion group that such as false guarantee returnable
?.
In some embodiments, in the link that any user is added to group or session, user is added one with company
Relevant group or session, for example, a user is added to " intra-company chat group " or " company executives group " etc..With it is described
Application function corresponding to target mutual-action behavior then refers to function belonging to above-mentioned mutual-action behavior, including plusing good friend, creation group,
Group is added in any user, participates in session, modification account profile.
Certainly, in order to realize more comprehensive safety instruction effect, some needs can also be set for each application function
The typical fraud of detection, is updated at any time in above-mentioned detection process, so that the accuracy of user's identification is higher and higher.
For a user, the description information of multiple and different dimensions, such as behavioural information, the account letter of user be can have
Breath (such as attribute information and login environmental information) etc., and for different application functions, for evaluating the application function
Description information can be different dimensions, therefore, the target application function can be based on, believed to determine with the description of which dimension
It ceases to identify whether the user is to have a possibility that carrying out fraud.Wherein, the description of multiple dimensions of first user
Information includes the account information of first user and the usage behavior information of any application function.
202, the description information of the target dimension is inputted the target prediction model, and exported by invocation target prediction model
The value-at-risk of first user, the value-at-risk of first user is for indicating a possibility that first user carries out risk behavior.
In one embodiment, which can be realized using following step: the target prediction model includes row
For Exception Model, by abnormal behavior described in the usage behavior information input of at least one target application function of first user
Model, exports abnormal behavior value, and the abnormal behavior model is used to determine the intensity of anomaly of user behavior according to behavioural characteristic;Base
In the abnormal behavior value, the value-at-risk of first user is exported.
In one embodiment, which can be realized using following step: the target prediction model includes comprehensive
Attribute model is closed, the account information of first user and the account information of second user are inputted into the synthesized attribute mould
Type, exports the account exceptional value of first user, and the second user is to receive the interaction request of first user
User, the synthesized attribute model are used to determine the intensity of anomaly of user account according to the account information of user;Based on the account
Family exceptional value exports the value-at-risk of first user;Wherein, account information includes attribute information and login environmental information.
Wherein, when which may include: registration cell-phone number ownership place, client release, enlivens number of days, registration
Between, signature contents, logging device.Logging in environmental information may include the network address information of logging device, hardware address information
Deng.
In one embodiment, this method further include: the target prediction model includes multi-conference relation chain model,
By the relation chain information input multi-conference relation chain model of the relationship chain information of first user and second user, output is closed
Tethers exceptional value, the multi-conference relation chain model are used to determine the exception of customer relationship chain according to the relationship chain information of user
Degree, the second user are to receive the user of the interaction request of first user;It is defeated based on the relation chain exceptional value
The value-at-risk of first user out.
It should be noted that being only only to call a kind of model to carry out in each identification process in above embodiment
It is illustrated for identification, the case where for only calling a kind of model to identify, the value-at-risk exported can be equal to base
In the obtained exceptional value of model, and in some embodiments, above three model can also be called in an identification process
In at least two progress will for example, by taking abnormal behavior model and synthesized attribute model in invocation target prediction model as an example
Abnormal behavior model described in the usage behavior information input of at least one target application function of first user exports behavior
Exceptional value;The account information of first user and the account information of second user are inputted into the synthesized attribute model, it is defeated
The weight of the account exceptional value of first user out, Behavior-based control exceptional value and account exceptional value and two kinds of exceptional values carries out
Weighted calculation obtains the value-at-risk of the first user.The process is only illustrated for calling two models, is calling three moulds
When type, similarly with the above process, the embodiment of the present invention does not repeat them here this.
Wherein, when calling two or more models, the weight of each model output value can exist based on this model
Order of accuarcy etc. in history identification process is configured, and it is not limited in the embodiment of the present invention.
203, when the value-at-risk of first user is greater than default value-at-risk, determine that first user is pre-set user, it should
Pre-set user refers to the user of implement general plan behavior.
The default value-at-risk can be used for measuring whether user has a possibility that implementing fraud, the default value-at-risk
Specific value experience or actual test can be based on by System Management User and are arranged, the embodiment of the present invention not limit this
It is fixed.
204, according to preset control strategy, the step of processing indicated by the control strategy is carried out to first user
Suddenly.
Various control strategy can be preset on server, every kind of control strategy indicates corresponding processing step, for example, one
Kind control strategy is to remind strategy, be that is to say, based on the mutual-action behavior of first user, to the interaction row of first user
For associated user remind, for example, the prompting strategy may include following one or more:
(1) in the multi-conference where first user, the first prompting message is sent, first prompting message is used
In prompting first user to be pre-set user.
First prompting message sent in multi-conference can be as shown in figure 3, the information 300 in Fig. 3 be the
A kind of example of one prompting message.Wherein, the first prompting message can be based on default first for reminding template and being identified
The user name of user generates, targetedly to prompt the user may implement general plan behavior.First prompting message can be with
It highlights in a session, such as: top set shown and shown using the background of information color different from session background, certainly,
It can also both top set show, also shown using the background of information color different from session background, the embodiment of the present invention is to prominent aobvious
The concrete form shown is without limitation.In one embodiment, complaint can also be provided in the display box of first prompting message
Entrance 310, after trigger action of the detection to the complaint entrance 310, which, which can jump to, complains interface, so that with
Family can carry out filling in and submitting for calling information based on the agenda of first user.Certainly, first prompting message is also
The off option can be provided, blocked to avoid to session interface, it can be depending on the user's operation to first prompting message
Display is closed.
Certainly, which can also not only include an above-mentioned prompting message, can also include such as Fig. 3
In information 320, which can be more specific prompting message, which, which can provide, checks abnormal entrance
330 and complain entrance 350, wherein check that abnormal entrance 330 can be for triggering the look facility to the first user, when
When detecting to the trigger action for checking abnormal entrance 330, terminal can jump to from current sessions interface and check abnormal interface,
This checks that abnormal interface can provide the behavioural information of first user, such as shown in Fig. 4, this checks that abnormal interface can be based on
Registion time, customer relationship chain and the historical session situation of user, account information (logging in environmental information) etc., are looked into generate this
See the information in abnormal interface, certainly, it can also include multiple Treatment Options in abnormal interface that this, which is checked, such as in Fig. 4
Ignore option, this, which ignores option, can be shown as " determining user exception, no longer remind ", ignore option to this when detecting
When trigger action, terminal can jump back to session interface, and no longer show corresponding prompting message, this is checked in abnormal interface and also wraps
Consulting option is included, which can be shown as " I has a question, seek advice from customer service ", provide the user entering of further consulting with
Mouthful, when detecting the trigger action to consulting option, terminal can jump to customer service authorization interface, such as the middle figure institute in Fig. 4
Show, after user's authorization, then can show the consulting interface in the right figure such as Fig. 4, personalized consulting is carried out by user.
Content be not limited to as shown in the figure, can also include first user other relevant informations.Wherein, this checks different
Normal interface can also include the complaint entrance 350 and complain the function of entrance 310 can be identical, not do excessive introduction herein.
(2) when detecting that first user initiates interaction request to second user, second is sent to second user and is mentioned
Awake information, second prompting message are pre-set user for prompting first user.Wherein, interaction request can be to add
Friend's request, participation session request, greeting etc..
It, can be enterprising at the session interface of the first user and second user for the first user for initiating interaction request
Row mutually, it should be mentioned that as shown in figure 5, each information 500 and 520 in the Fig. 5 and information provide functional entrance 510,530,
540 and 550, there can be identical function with the functional entrance in Fig. 3, the embodiment of the present invention does not repeat them here this.
(3) third prompting message is sent to the third user for carrying out session with first user, the third is reminded
Information is pre-set user for prompting first user.
If the case where being related to existing victim user, notice feedback can also be sent to victim user, informs that other side relates to
Dislike fraud, by title, guards against swindle.Specifically, the historical session record of available first user of the server, being based on should
Historical session, which records, determines third user, sends third prompting message to third user.
Certainly, for not having started for the first interactive user, server can then cancel first user to clothes
The access right of any service, starts fraud to avoid first user on business device, has prevented the possibility of fraud from source
Property.Server can also carry out title processing to first user, so that first user can not carry out the behavior such as logging in again,
This processing mode, can be recognized accurately user exist higher risk of fraud when, can to user carry out kick it is offline and
Permanent title processing, blocks its fraudulent act in time.
In one embodiment, which further includes that will add pre-set user in the user name of first user
Label, it is the pre-set user that the pre-set user label, which is used to indicate first user,.By the way that user name is marked,
It can intuitively be found by other users risky.Certainly, pre-set user label can be dominant marker, that is to say, can be with
See for other users, can also be hidden indicium, so that server is in any mutual-action behavior for detecting first user
When, the other side of the mutual-action behavior can be reminded.
It, can be based on the user in multi-conference come really for a multi-conference in a kind of possible embodiment
Whether the fixed multi-conference has a possibility that implement general plan behavior.Wherein, which can be the session based on group,
It can also be the interim conversation comprising multiple users, it is not limited in the embodiment of the present invention.
Based on above-mentioned multi-conference, this method further include: for multiple users in any multi-conference, obtaining respectively should
The value-at-risk of multiple users;The process of the acquisition value-at-risk may refer to any embodiment in above-mentioned acquisition process,
This is not repeated them here.According to the value-at-risk of each user, the abnormal risk value of the multi-conference is obtained;Obtaining the different of multi-conference
When normal value-at-risk, can value-at-risk based on each user and weight be weighted, to obtain the abnormal risk value of multi-conference.
Wherein, for each user, value-at-risk be can be based on whether the user there is a certain off-note to determine, then is existed
When being weighted, it may be considered that off-note, weight is set according to the obvious degree of its feature, degree of malice, weight is got over
It is closer to indicate that this feature may be contacted with fraud for height.When the abnormal risk value of the multi-conference is greater than in advance
If when value-at-risk, the multi-conference is determined as default multi-conference, the default multi-conference is implement general plan behavior
Multi-conference.After default multi-conference has been determined, then it is assumed that there may be risk of fraud for the multi-conference, then can be more to this
Conference, which identifies, increases fraud label, or directly executes the processing such as safety instruction or cancellation access right.For example, different abnormal
Weight corresponding to feature can be different, and feature is more obvious, more maliciously, and weight is higher, in a kind of example, has been divided into four
Weight size has 0.5,1,1.5,2 respectively, then the weight of users all in multi-conference is added, and obtains final different
This score value is compared by normal value-at-risk with threshold value, when abnormal risk value is greater than threshold value, it is believed that there may be take advantage of for the group chat
Cheat risk.Wherein, the size of threshold value is related with number of users in multi-conference, it is generally the case that can take user in multi-conference
Several 2/3 or 3/4 is used as threshold size.
In order to realize above-mentioned user's identification process, the behavioral data based on user is needed, training pattern is carried out, for example, should
Abnormal behavior model, synthesized attribute model and multi-conference relation chain model etc..The multi-conference relation chain model is used for root
The intensity of anomaly of user is determined according to the relationship chain information of user.
Wherein, which can be used for (such as attribute information and logging in environment according to the account information of user
Information) determine the intensity of anomaly of user.The synthesized attribute model mainly considers the attribute dimensions of user account number and logs in environment
Etc. dimensions, such as combine that registration cell-phone number, IP address, client release, equipment aggregation, enlivening number of days etc., many-sided information is come
Judgement is abnormal.
Wherein, behavior Exception Model can be used for determining the intensity of anomaly of user behavior according to behavioural characteristic, specifically,
Behavior Exception Model can in conjunction with critical behavior data, such as the behavior in these last few days is done it is accumulative, while can it is some mutually
The interactive object user of dynamic behavior analyzes, for example, greeting object, chatting object, by report object etc..
Wherein, which is used to determine the intensity of anomaly of user according to the relationship chain information of user.
The multi-conference relation chain model can analyze other members in certain user and session relationship chain information, such as it is common good
Friendly, common session pays dealing, as good friend's time etc., then the further information for having two degree of relationships, for instance in same pass
Whether there is intersection etc. on the address list of two users on tethers, that is to say that whether there is or not intersections for the record of mobile phone reverse communication.
The specific training process of above-mentioned model is described as follows below:
(1) sample set obtains.
When obtaining sample set, can by positioning sample of users, then obtained based on sample of users user behavior data,
Attribute information logs in environmental information and customer relationship chain information etc..
Wherein, sample of users can be determines from multi-conference, for example, the multi-conference can be creation time most
Multi-conference within nearly one month, and group current persons count is no more than 15 people, is known by experience, the generation pair of fraud
The coverage rate of this kind of group reaches 99%.Certainly, the embodiment of the present invention wears the part time and number is not specifically limited to above-mentioned,
Specific value can also be adjusted according to realistic model training demand.
(2) feature extraction and model training.
Based on data in above-mentioned sample set, each sample of users can be analyzed, to extract off-note, such as
The login institute possession IP and registration cell-phone number ownership place are inconsistent, greet with other provinces people and group members are new plusing good friend relationships etc.,
Here it does not just repeat one by one.It is possible to further determine each feature when taking into consideration to knowledge by way of model training
Other influence finally obtains above three model, for carrying out user's identification.
In the following, being illustrated based on detailed process of the embodiment shown in Fig. 2 to user identification method, which can
With comprising three parts, early warning, mid-event control and subsequent feedback in advance.
Early warning in advance refers to that implementing the fraud stage in malicious user gives warning in advance, since malicious user in advance can be with
The organizational structure and address list of certain company can be got by certain channels, the identification in stage can be based in social application in advance
Modification personal information and the behavior triggering of at least one of plusing good friend, early warning can call abnormal behaviour model and synthesis in advance for this
Attribute model etc. realizes, the step of referring specifically to such as Fig. 6:
601, when the modification subscriber data and plusing good friend behavior for detecting any user, first user is obtained extremely
The usage behavior information of a few target application function.
In embodiments of the present invention, which, which can refer to, is modified as certain specific lattice for subscriber data
Formula for example, being Real Name by the name modifications in personal information, and extends this as in signature the full name of company, or by head
As being updated.
In embodiments of the present invention, which can refer to the behavior by specific channel plusing good friend, such as logical
Cross mobile phone number search plusing good friend.
602, by the usage behavior information input abnormal behavior model of at least one application function of first user, output
The behaviorist risk value of first user, behavior Exception Model are used to determine the intensity of anomaly of user behavior according to behavioural characteristic.
Wherein, the usage behavior information of each different application function of the first user, can be used to indicate that first user's
Various actions, since multiple behavioural characteristics that can characterize fraud can be set in abnormal behavior model, Ke Yitong
The behavior for crossing the first user of comparison meets which behavioural characteristic defined in abnormal behavior model, to determine the behavior of the first user
Value-at-risk.
603, the account information of first user and the account information of the second user are inputted into synthesized attribute model, it is defeated
Account exceptional value out, the second user are to receive the user of the plusing good friend request of first user, which uses
The intensity of anomaly of user is determined in the account information according to user.
Wherein, account information is attribute information and login environmental information.For plusing good friend, there is requesting party and be requested
Side, in embodiments of the present invention, requesting party are the first user, and Requested Party is second user, then need some categories between
It is whether relevant in property, to determine whether there is risk of fraud between the first user and second user.For example, promoter ip returns
Possession and recipient's registered permanent residence location be not in same province, the wechat of promoter and recipient without common friend, without common group
Merely and without two degree of relation chains etc..
604, it is based on behavior exceptional value and account exceptional value, obtains the value-at-risk of first user.
605, when the value-at-risk of first user is greater than default value-at-risk, determine that first user is pre-set user, it should
Pre-set user refers to the user of implement general plan behavior.
606, server sends the second prompting message to second user, and second prompting message is for prompting described first
User is pre-set user, which is to receive the user of the plusing good friend request of first user.
During carrying out Prior Control, the use for considering to determine that certain behavior occurs in conjunction with multiple dimensions can be
Family, when identifying the user with risk of fraud, passes through with the presence or absence of exception on the plusing good friend stage, the interface that can greet
Safety prompt function early warning is set before good friend's verifying, and call user's attention verifies other side's identity.Certainly, above-mentioned identification process is only a kind of
Citing to user's identification process, in fact, when detecting specific user's data modification, it can it is abnormal to execute Behavior-based control
Model is to the identification process of behavioural information, to know whether first user is pre-set user, thus to the first user into
Any user of row interaction carries out safety instruction.Second prompting message may be displayed on the prompting message of current interaction request
In, for example, can be shown in the message of plusing good friend request for plusing good friend request.
Mid-event control refers to after malicious user addition victim user is good friend, subsequently enters swindleness behavioural information and swindleness
Link is deceived, at least one of multi-conference or session row can be added in the stage based on creation multi-conference, by any user in thing
For triggering, early warning can call multi-conference relation chain model and synthesized attribute model etc. to realize in advance for this, specifically
The step of referring to such as Fig. 7:
701, after the completion of detecting new multi-conference creation, the account information of multiple users in the new multi-conference is obtained
And customer relationship chain information.
There is the multi-conference for carrying out fraud possibility for one, analyzed in homoplasy, in multi-conference
User between can have the consistency and aggregation of account attributes, it is likely that be all that new registration or inactive account number, login are set
Standby and network environment can also have aggregation;For sociability, possible non-temperature good friend, nothing are common between user in multi-conference
Good friend, social liveness are more low.The above problem is in need of consideration when analyzing multi-conference user.
702, the account information of multiple users in the multi-conference is inputted into synthesized attribute model, exports account exceptional value.
703, the customer relationship chain information of users multiple in multi-conference is inputted into multi-conference relation chain model, output is closed
Tethers exceptional value.
Optionally, in embodiments of the present invention only to be based on synthesized attribute model and multi-conference relation chain model, into
Row exceptional value is illustrated for obtaining, and in practical application, can be combined with abnormal behavior model to use each in multi-conference
The abnormal behavior value at family is obtained, and determines the different of multi-conference in conjunction with the output of other models based on behavior exceptional value
Constant value.
704, it is based on account exceptional value and relation chain exceptional value, obtains the value-at-risk of the multi-conference.
705, when the value-at-risk of the multi-conference is greater than default value-at-risk, determine that the multi-conference is to preset more people's meetings
Words, the default multi-conference refer to the multi-conference of implement general plan behavior.
706, server is that the default multi-conference adds default flag bit, and the default flag bit is for prompting this default more
Conference is the multi-conference of implement general plan behavior.
In multi-conference establishing stage, multi-conference member that can be currently all carries out multiple analysis, different when identifying
Chang Shi this multi-conference can be arranged the preset mark for prompting subsequent strategy judgement and control measure in group stage of building
Position.
And after the completion of multi-conference creation, cheat, which draws, can pull in the victim for adding intact friend group chat, in holding
Enter order of a group section, it is also necessary to wheel analysis is done again to user in current all multi-conferences, on the basis of building group stage detection,
This time then joined and be drawn into the second user of multi-conference and analyze together, the analysis can also by above-mentioned multiple models into
Row.Assuming that there are 5 counterfeit fraud account numbers and 1 victim's account numbers in 6 crowds chat, if from homoplasy angle,
In with the presence of the apparent account attributes consistency of 5 account numbers, such as be all the registration of external cell-phone number or using the full name of company as signing
Name, and these are characterized in not available for victim's account number, can be determined that victim may deposit in the group chat this when
In security risk, victim's account number will be taken as outlier or isolated point is treated, when there is a second user to be added into more people's meetings
While words, server can issue a safety prompt function at multi-conference interface, remind member's letter in user's multi-conference
Expenditure is not high, guards against swindle.
After user is added into multi-conference, cheats just start to send almost fixed chat set pattern in group,
Under the premise of not penetrated, they have had been prepared for all chat response and burst processing in advance.In chat link, lead to
In normal situation, cheat will not send the message of voice or expression type, and Chat mode is relatively fixed.When in conjunction with multi-conference
Establishing stage and the testing result that user is added to the multi-conference stage, judgement are deposited when abnormal to multi-conference, multi-conference
While any one interior abnormal user issues message, the safety prompt function in a chat sessions is also provided with to second user.It is optional
Ground, which can be attached to " checking exception " and " I will complain " quick entrance, to provide abnormal feedback channel, for example,
When the user clicks enter " checking exception " page, then can check the other user currently in the abnormal behaviour of each application function, and
Artificial customer service consulting entrance is provided, it is more preferable to help user's identification and verify other side's identity." I will complain " then when the user clicks
Into the complaints and denunciation page, Policy model can also be sentenced preferably in auxiliary line by submitting all evidence materials be complained
It is disconnected.
Further, server is also based on the Chat mode of the pre-set user of historical collection and type of message is built
Mould, to obtain session identification model, to call session identification model during multi-conference, identifying has fraud can
The session of energy property, to carry out above-mentioned securing prompt process.
Subsequent feedback refers to after it experienced a series of security risk prompts, it is assumed that victim user successfully identifies evil
Anticipate user, and the complaints and denunciation other side that succeeds, and the malicious user covers title by real-time model strategy and blocks, server
Can send and notify to victim user, inform the malicious user be accused of fraud, it is on hold, guard against swindle, and pass through article chain
The safety education for promoting antifraud is connect, achievees the effect that feed back afterwards.Meanwhile server can be to the typical case monitored
The discs analysis for carrying out each link, checks that each link is bypassed with the presence or absence of careless mistake and strategy, and reply malice is used at any time
The new fraudulent mode and gimmick that family is grown with each passing hour.Correspondingly, server can be based on the pre-set user identified, default
Multi-conference etc., to be updated to each model, to make the accuracy of each model higher.
User identification method proposed by the present invention can targetedly be analyzed according to different application function, thus
It finds to the information for best embodying its true purpose in the application function, the value-at-risk based on determined by such information, accurately
Property it is higher, therefore, based on the value-at-risk carry out threshold value comparison determined by comparison result, accuracy is higher, so that social activity is answered
It is improved with malicious user recognition accuracy in multi-conference, avoids the problem that generating miscue.
Referring to Fig. 8, on the basis of data collection and signature analysis, by excavating more profound user characteristics, knot
It shares the attributive character at family, behavioral data, social networks chain to be analyzed, to obtain account label portrait, cell-phone number portrait, IP
Portrait, equipment portrait, network environment portrait, customer relationship chain portrait and critical behavior portrait etc., to training pattern, for line
The risk of fraud of upper real-time calling prediction user, the system have hard real-time, strong specific aim, scalability, can effectively and
When find malicious user.And when analyzing group, the homoplasy of user, social liveness, chat mould out of group
Formula etc. is analyzed, and is realized and is comprehensively and accurately analyzed.Further, the more fully anti-user experience swindled is additionally provided
Design, possesses the antifraud safety protecting mechanism for integrating prompting, seeking help, complaining, and can effectively remind user at the first time
Security risk that may be present, and provide and free approach and scheme.Further, when recognizing suspicious fraudulent user, implement
The a set of control strategy that potential victim user can be allowed to perceive security risk that may be present, for this purpose, in chat scenario
Devise a set of anti-swindle safety protecting mechanism for integrating prompting, seeking help, complaining.When user and suspicious fraudulent user chat
When, the safety prompt function text of anti-swindle can be set on session interface, meanwhile, user can click the quick entrance in safety prompt function
Report and complaint is carried out, checks other side's exception, and carries out customer service consulting and seeks help.
All the above alternatives can form the alternative embodiment of the disclosure, herein no longer using any combination
It repeats one by one.
Fig. 9 is a kind of structural schematic diagram of customer identification device provided in an embodiment of the present invention, referring to Fig. 9, described device
Include:
Description information obtains module 901, for obtaining described first when detecting the target mutual-action behavior of any user
The description information of the target dimension of user, the target dimension are corresponding with application function corresponding to the target mutual-action behavior;
Value-at-risk obtains module 902, is used for invocation target prediction model, and the description information of the target dimension is inputted institute
Target prediction model is stated, and exports the value-at-risk of first user, the value-at-risk of first user is for indicating described the
A possibility that one user's implement general plan behavior;
Pre-set user identification module 903, for determining institute when the value-at-risk of first user is greater than default value-at-risk
Stating the first user is pre-set user, and the pre-set user refers to the user of implement general plan behavior;
Wherein, the description information of multiple dimensions of first user includes the account information of first user and appoints
The usage behavior information of one application function.
In a kind of possible embodiment, the target prediction model includes abnormal behavior model, and the value-at-risk obtains
Module 902 is used for abnormal behavior described in the usage behavior information input of at least one target application function of first user
Model, exports abnormal behavior value, and the abnormal behavior model is used to determine the intensity of anomaly of user behavior according to behavioural characteristic;Base
In the abnormal behavior value, the value-at-risk of first user is exported.
In a kind of possible embodiment, the target prediction model includes synthesized attribute model, and the value-at-risk obtains
Module 902 is used to the account information of first user and the account information of second user inputting the synthesized attribute mould
Type, exports the account exceptional value of first user, and the second user is to receive the interaction request of first user
User, the synthesized attribute model are used to determine the intensity of anomaly of user account according to the account information of user;Based on the account
Family exceptional value exports the value-at-risk of first user;Wherein, account information includes attribute information and login environmental information.
In a kind of possible embodiment, the target prediction model includes multi-conference relation chain model, the risk
Value obtains module 902, for will be more described in the relation chain information input of the relationship chain information of first user and second user
Conference relation chain model, output relation chain exceptional value, the multi-conference relation chain model are used for the relation chain according to user
Information determines the intensity of anomaly of customer relationship chain, and the second user is to receive the use of the interaction request of first user
Family;Based on the relation chain exceptional value, the value-at-risk of first user is exported.
In a kind of possible embodiment, which further includes session determining module, for in any multi-conference
Multiple users, obtain the value-at-risk of the multiple user respectively;
According to the value-at-risk of each user, the abnormal risk value of the multi-conference is obtained;
When the abnormal risk value of the multi-conference is greater than default value-at-risk, the multi-conference is determined as default more
Conference, the default multi-conference are the multi-conference of implement general plan behavior.
In a kind of possible embodiment, application function corresponding to the target mutual-action behavior includes: plusing good friend, creation
Any user is added group, participates in session, modification account profile by group.
In a kind of possible embodiment, described device further includes tactful processing module, for according to preset control plan
Slightly, processing step indicated by the control strategy is carried out to first user.
In a kind of possible embodiment, the control strategy includes:
Cancel first user to the access right of service any on server;Or,
Title processing is carried out to first user;Or,
Based on the mutual-action behavior of first user, mentioned to the associated user of the mutual-action behavior of first user
It wakes up;Or,
Pre-set user label will be added in the user name of first user, the pre-set user label is used to indicate described
First user is the pre-set user.
In a kind of possible embodiment, the mutual-action behavior based on first user, to first user's
It includes any one of following or multinomial that the associated user of mutual-action behavior, which remind:
In the multi-conference where first user, the first prompting message is sent, first prompting message is used for
Prompting first user is pre-set user;
When detecting that first user initiates interaction request to second user, second is sent to second user and reminds letter
Breath, second prompting message are pre-set user for prompting first user;
Third prompting message, the third prompting message are sent to the third user for carrying out session with first user
It is pre-set user for prompting first user.
It should be understood that customer identification device provided by the above embodiment user identify when, only with above-mentioned each function
The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds
Block is completed, i.e., the internal structure of equipment is divided into different functional modules, to complete all or part of function described above
Energy.In addition, customer identification device provided by the above embodiment and user identification method embodiment belong to same design, it is specific real
Existing process is detailed in embodiment of the method, and which is not described herein again.
Figure 10 is a kind of structural schematic diagram of server provided in an embodiment of the present invention, the server 1000 can because of configuration or
Performance is different and generates bigger difference, may include one or more processors (central processing
Units, CPU) 1001 and one or more memory 1002, wherein at least one is stored in the memory 1002
Item instruction, at least one instruction are loaded by the processor 1001 and are executed to realize that above-mentioned each embodiment of the method provides
Method.Certainly, which can also have the components such as wired or wireless network interface, keyboard and input/output interface,
To carry out input and output, which can also include other for realizing the component of functions of the equipments, and this will not be repeated here.
In the exemplary embodiment, a kind of computer readable storage medium is additionally provided, the memory for example including instruction,
Above-metioned instruction can be executed by the processor in terminal to complete the user identification method in following embodiments.For example, the calculating
Machine readable storage medium storing program for executing can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk and optical data storage devices
Deng.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (12)
1. a kind of user identification method, which is characterized in that the described method includes:
When detecting the target mutual-action behavior of any user, the description information of the target dimension of first user, institute are obtained
It is corresponding with application function corresponding to the target mutual-action behavior to state target dimension;
The description information of the target dimension is inputted the target prediction model by invocation target prediction model, and described in output
The value-at-risk of first user, the value-at-risk of first user are used to indicate the possibility of the first user implement general plan behavior
Property;
When the value-at-risk of first user is greater than default value-at-risk, determine that first user is pre-set user, it is described pre-
If user refers to the user of implement general plan behavior;
Wherein, the description information of multiple dimensions of first user includes the account information of first user and any answers
With the usage behavior information of function.
2. the method according to claim 1, wherein the invocation target prediction model, by the target dimension
Description information input the target prediction model, and the value-at-risk for exporting first user includes:
The target prediction model includes abnormal behavior model, by making at least one target application function of first user
The abnormal behavior model is inputted with behavioural information, exports abnormal behavior value, the abnormal behavior model is used for according to behavior spy
Levy the intensity of anomaly for determining user behavior;
Based on the abnormal behavior value, the value-at-risk of first user is exported.
3. according to claim 1 or method as claimed in claim 2, which is characterized in that the invocation target prediction model, by institute
The description information for stating target dimension inputs the target prediction model, and the value-at-risk for exporting first user includes:
The target prediction model includes synthesized attribute model, by the account information of first user and the account of second user
Synthesized attribute model described in the information input of family, exports the account exceptional value of first user, and the second user is to receive
The user of the interaction request of first user, the synthesized attribute model are used to determine user's account according to the account information of user
The intensity of anomaly at family;
Based on the account exceptional value, the value-at-risk of first user is exported;
Wherein, account information includes attribute information and login environmental information.
4. method according to claim 1-3, which is characterized in that the invocation target prediction model, it will be described
The description information of target dimension inputs the target prediction model, and the value-at-risk for exporting first user includes:
The target prediction model includes multi-conference relation chain model, and the relationship chain information of first user and second are used
Multi-conference relation chain model described in the relation chain information input at family, output relation chain exceptional value, the multi-conference relation chain
Model is used to determine the intensity of anomaly of customer relationship chain according to the relationship chain information of user, and the second user is described to receive
The user of the interaction request of first user;
Based on the relation chain exceptional value, the value-at-risk of first user is exported.
5. method according to claim 1 to 4, which is characterized in that the method also includes:
For multiple users in any multi-conference, the value-at-risk of the multiple user is obtained respectively;
According to the value-at-risk of each user, the abnormal risk value of the multi-conference is obtained;
When the abnormal risk value of the multi-conference is greater than default value-at-risk, the multi-conference is determined as to preset more people's meetings
Words, the default multi-conference are the multi-conference of implement general plan behavior.
6. the method according to claim 1, wherein application function packet corresponding to the target mutual-action behavior
Include: any user is added group, participates in session, modification account profile by plusing good friend, creation group.
7. the method according to claim 1, wherein the determination first user be pre-set user after,
The method also includes:
According to preset control strategy, processing step indicated by the control strategy is carried out to first user.
8. the method according to the description of claim 7 is characterized in that the control strategy includes:
Cancel first user to the access right of service any on server;Or,
Title processing is carried out to first user;Or,
Based on the mutual-action behavior of first user, reminded to the associated user of the mutual-action behavior of first user;Or,
Pre-set user label will be added in the user name of first user, the pre-set user label is used to indicate described first
User is the pre-set user.
9. according to the method described in claim 8, it is characterized in that, the mutual-action behavior based on first user, to institute
It includes any one of following or multinomial that the associated user for stating the mutual-action behavior of the first user, which remind:
In the multi-conference where first user, the first prompting message is sent, first prompting message is for prompting
First user is pre-set user;
When detecting that first user initiates interaction request to second user, the second prompting message is sent to second user,
Second prompting message is pre-set user for prompting first user;
Third prompting message is sent to the third user for carrying out session with first user, the third prompting message is used for
Prompting first user is pre-set user.
10. a kind of customer identification device, which is characterized in that described device includes:
Description information obtains module, for obtaining first user's when detecting the target mutual-action behavior of any user
The description information of target dimension, the target dimension are corresponding with application function corresponding to the target mutual-action behavior;
Value-at-risk obtains module, is used for invocation target prediction model, and the description information of the target dimension is inputted the target
Prediction model, and the value-at-risk of first user is exported, the value-at-risk of first user is for indicating first user
A possibility that implement general plan behavior;
Pre-set user identification module, for determining described first when the value-at-risk of first user is greater than default value-at-risk
User is pre-set user, and the pre-set user refers to the user of implement general plan behavior;
Wherein, the description information of multiple dimensions of first user includes the account information of first user and any answers
With the usage behavior information of function.
11. a kind of server, which is characterized in that the server includes processor and memory, is stored in the memory
At least one instruction, described instruction are loaded by the processor and are executed to realize such as any one of claim 1 to claim 9
Operation performed by the user identification method.
12. a kind of computer readable storage medium, which is characterized in that be stored at least one instruction, institute in the storage medium
Instruction is stated to be loaded by processor and executed to realize such as claim 1 to the described in any item user identification methods of claim 9
Performed operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810990944.6A CN109034661A (en) | 2018-08-28 | 2018-08-28 | User identification method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810990944.6A CN109034661A (en) | 2018-08-28 | 2018-08-28 | User identification method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109034661A true CN109034661A (en) | 2018-12-18 |
Family
ID=64625119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810990944.6A Pending CN109034661A (en) | 2018-08-28 | 2018-08-28 | User identification method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109034661A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110069923A (en) * | 2019-03-13 | 2019-07-30 | 咪咕文化科技有限公司 | Method and related device for identifying risk user |
| CN110225207A (en) * | 2019-04-29 | 2019-09-10 | 厦门快商通信息咨询有限公司 | A kind of anti-harassment method, system, terminal and storage medium merging semantic understanding |
| CN110336739A (en) * | 2019-06-24 | 2019-10-15 | 腾讯科技(深圳)有限公司 | Image warning method, device and storage medium |
| CN110363649A (en) * | 2019-06-27 | 2019-10-22 | 上海淇馥信息技术有限公司 | A kind of method for prewarning risk based on user operation case, device, electronic equipment |
| CN110378712A (en) * | 2019-07-26 | 2019-10-25 | 上海秒针网络科技有限公司 | A kind of complaint handling method and device |
| CN111737590A (en) * | 2020-05-22 | 2020-10-02 | 国家计算机网络与信息安全管理中心 | Social relationship mining method and device, electronic equipment and storage medium |
| CN111770011A (en) * | 2019-04-01 | 2020-10-13 | 钉钉控股(开曼)有限公司 | Risk prompting method and device, electronic equipment and computer readable storage medium |
| CN111861483A (en) * | 2019-04-26 | 2020-10-30 | 阿里巴巴集团控股有限公司 | A communication method, computer equipment, and storage medium |
| CN112215613A (en) * | 2020-10-09 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Password verification method, device, equipment and medium |
| TWI725607B (en) * | 2019-11-07 | 2021-04-21 | 遊戲橘子數位科技股份有限公司 | Method of account status detection |
| CN113129054A (en) * | 2021-03-30 | 2021-07-16 | 广州博冠信息科技有限公司 | User identification method and device |
| CN113642919A (en) * | 2021-08-27 | 2021-11-12 | 上海掌门科技有限公司 | Risk control method, electronic equipment and storage medium |
| CN113691440A (en) * | 2021-08-02 | 2021-11-23 | 维沃移动通信有限公司 | Message processing method and device |
| CN113849786A (en) * | 2021-08-13 | 2021-12-28 | 广州酷狗计算机科技有限公司 | Abnormal user detection method and device, electronic equipment and storage medium |
| CN113987206A (en) * | 2021-10-29 | 2022-01-28 | 平安银行股份有限公司 | Abnormal user identification method, device, equipment and storage medium |
| CN114139209A (en) * | 2021-12-15 | 2022-03-04 | 智谷互联网科技(廊坊)有限公司 | A method and system for preventing information theft applied to big data of business users |
| CN115115370A (en) * | 2021-03-18 | 2022-09-27 | 腾讯科技(深圳)有限公司 | Identification method, device, equipment and storage medium of risk group |
| CN115392937A (en) * | 2022-10-25 | 2022-11-25 | 成都新希望金融信息有限公司 | User fraud risk identification method and device, electronic equipment and storage medium |
| CN115860751A (en) * | 2023-02-27 | 2023-03-28 | 天津金城银行股份有限公司 | Anti-fraud analysis processing method and device and electronic equipment |
| CN118071354A (en) * | 2024-02-02 | 2024-05-24 | 北京卫达信息技术有限公司 | A method, device and electronic device for identifying network fraud |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103853841A (en) * | 2014-03-19 | 2014-06-11 | 北京邮电大学 | Method for analyzing abnormal behavior of user in social networking site |
| CN105871702A (en) * | 2016-05-31 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Information identification method and server |
| CN106529288A (en) * | 2016-11-16 | 2017-03-22 | 智者四海(北京)技术有限公司 | Account risk identification method and device |
| CN106549974A (en) * | 2016-12-06 | 2017-03-29 | 北京知道创宇信息技术有限公司 | Prediction the social network account whether equipment of malice, method and system |
| CN107483500A (en) * | 2017-09-25 | 2017-12-15 | 咪咕文化科技有限公司 | Risk identification method and device based on user behaviors and storage medium |
| CN107835113A (en) * | 2017-07-05 | 2018-03-23 | 中山大学 | Abnormal user detection method in a kind of social networks based on network mapping |
-
2018
- 2018-08-28 CN CN201810990944.6A patent/CN109034661A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103853841A (en) * | 2014-03-19 | 2014-06-11 | 北京邮电大学 | Method for analyzing abnormal behavior of user in social networking site |
| CN105871702A (en) * | 2016-05-31 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Information identification method and server |
| CN106529288A (en) * | 2016-11-16 | 2017-03-22 | 智者四海(北京)技术有限公司 | Account risk identification method and device |
| CN106549974A (en) * | 2016-12-06 | 2017-03-29 | 北京知道创宇信息技术有限公司 | Prediction the social network account whether equipment of malice, method and system |
| CN107835113A (en) * | 2017-07-05 | 2018-03-23 | 中山大学 | Abnormal user detection method in a kind of social networks based on network mapping |
| CN107483500A (en) * | 2017-09-25 | 2017-12-15 | 咪咕文化科技有限公司 | Risk identification method and device based on user behaviors and storage medium |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110069923A (en) * | 2019-03-13 | 2019-07-30 | 咪咕文化科技有限公司 | Method and related device for identifying risk user |
| CN111770011B (en) * | 2019-04-01 | 2022-08-26 | 钉钉控股(开曼)有限公司 | Risk prompting method and device, electronic equipment and computer readable storage medium |
| CN111770011A (en) * | 2019-04-01 | 2020-10-13 | 钉钉控股(开曼)有限公司 | Risk prompting method and device, electronic equipment and computer readable storage medium |
| CN111861483A (en) * | 2019-04-26 | 2020-10-30 | 阿里巴巴集团控股有限公司 | A communication method, computer equipment, and storage medium |
| CN111861483B (en) * | 2019-04-26 | 2024-11-15 | 阿里巴巴集团控股有限公司 | A communication method, a computer device, and a storage medium |
| CN110225207A (en) * | 2019-04-29 | 2019-09-10 | 厦门快商通信息咨询有限公司 | A kind of anti-harassment method, system, terminal and storage medium merging semantic understanding |
| CN110225207B (en) * | 2019-04-29 | 2021-08-06 | 厦门快商通信息咨询有限公司 | An anti-harassment method, system, terminal and storage medium integrating semantic understanding |
| CN110336739A (en) * | 2019-06-24 | 2019-10-15 | 腾讯科技(深圳)有限公司 | Image warning method, device and storage medium |
| CN110363649A (en) * | 2019-06-27 | 2019-10-22 | 上海淇馥信息技术有限公司 | A kind of method for prewarning risk based on user operation case, device, electronic equipment |
| CN110378712A (en) * | 2019-07-26 | 2019-10-25 | 上海秒针网络科技有限公司 | A kind of complaint handling method and device |
| TWI725607B (en) * | 2019-11-07 | 2021-04-21 | 遊戲橘子數位科技股份有限公司 | Method of account status detection |
| CN111737590A (en) * | 2020-05-22 | 2020-10-02 | 国家计算机网络与信息安全管理中心 | Social relationship mining method and device, electronic equipment and storage medium |
| CN111737590B (en) * | 2020-05-22 | 2023-09-12 | 国家计算机网络与信息安全管理中心 | Social relation mining method and device, electronic equipment and storage medium |
| CN112215613B (en) * | 2020-10-09 | 2022-06-24 | 支付宝(杭州)信息技术有限公司 | Password verification method, device, equipment and medium |
| CN112215613A (en) * | 2020-10-09 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Password verification method, device, equipment and medium |
| CN115115370A (en) * | 2021-03-18 | 2022-09-27 | 腾讯科技(深圳)有限公司 | Identification method, device, equipment and storage medium of risk group |
| CN113129054A (en) * | 2021-03-30 | 2021-07-16 | 广州博冠信息科技有限公司 | User identification method and device |
| CN113129054B (en) * | 2021-03-30 | 2024-05-31 | 广州博冠信息科技有限公司 | User identification method and device |
| CN113691440A (en) * | 2021-08-02 | 2021-11-23 | 维沃移动通信有限公司 | Message processing method and device |
| CN113849786A (en) * | 2021-08-13 | 2021-12-28 | 广州酷狗计算机科技有限公司 | Abnormal user detection method and device, electronic equipment and storage medium |
| CN113642919A (en) * | 2021-08-27 | 2021-11-12 | 上海掌门科技有限公司 | Risk control method, electronic equipment and storage medium |
| CN113987206A (en) * | 2021-10-29 | 2022-01-28 | 平安银行股份有限公司 | Abnormal user identification method, device, equipment and storage medium |
| CN114139209A (en) * | 2021-12-15 | 2022-03-04 | 智谷互联网科技(廊坊)有限公司 | A method and system for preventing information theft applied to big data of business users |
| CN115392937A (en) * | 2022-10-25 | 2022-11-25 | 成都新希望金融信息有限公司 | User fraud risk identification method and device, electronic equipment and storage medium |
| CN115860751A (en) * | 2023-02-27 | 2023-03-28 | 天津金城银行股份有限公司 | Anti-fraud analysis processing method and device and electronic equipment |
| CN118071354A (en) * | 2024-02-02 | 2024-05-24 | 北京卫达信息技术有限公司 | A method, device and electronic device for identifying network fraud |
| CN118071354B (en) * | 2024-02-02 | 2025-06-17 | 北京卫达信息技术有限公司 | A method, device and electronic device for identifying network fraud |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109034661A (en) | User identification method, device, server and storage medium | |
| US11818164B2 (en) | System and method for omnichannel social engineering attack avoidance | |
| CN110851872B (en) | Risk assessment method and device for private data leakage | |
| US20080104021A1 (en) | Systems and methods for controlling access to online personal information | |
| CN106548342B (en) | Trusted device determining method and device | |
| Ghoshray | Employer surveillance versus employee privacy: The new reality of social media and workplace privacy | |
| CN109683854A (en) | A kind of software security requirement analysis method and system | |
| CN107944293B (en) | Fictitious assets guard method, system, equipment and storage medium | |
| CN109450882A (en) | A kind of security management and control system and method for the internet behavior merging artificial intelligence and big data | |
| Jian et al. | Organized cyber-racketeering: Exploring the role of internet technology in organized cybercrime syndicates using a grounded theory approach | |
| CN113657849A (en) | Method, device and system for processing evaluation information of equal guarantee | |
| Albers | Surveillance and data protection rights: data retention and access to telecommunications data | |
| Feng et al. | A systematic approach of impact of GDPR in PII and privacy | |
| CN114564820A (en) | Social worker robot simulation method for identity impersonation type telecommunication network fraud crimes | |
| Verma | The Impact of Call Spoofing on Trust and Communication: A User Perception Study. | |
| Thomas et al. | A comparison of conventional and online fraud | |
| Mouton | Social engineering attack detection model | |
| Agbodzie | Telecommuting | |
| Kirk et al. | Sit Back, Relax, And Tell Me All Your Secrets | |
| HK40077150A (en) | System and method for social engineering identification and alerting | |
| Vasudevan et al. | Mapping the metaverse minefield: a TIPS framework for security-conscious business adoption | |
| HK40077150B (en) | System and method for social engineering identification and alerting | |
| CN120356375A (en) | Telecommunication phishing case investigation training system and method based on virtual reality | |
| CN119963177A (en) | A business processing method, related device, equipment and storage medium | |
| WO2022180157A1 (en) | Method and system for influencing user interactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |