阅读说明：本技术 盗号行为识别方法、装置、计算机设备和存储介质 (Method and device for identifying number stealing behavior, computer equipment and storage medium ) 是由 庞新强 于 2018-08-16 设计创作，主要内容包括：本发明提供了一种盗号行为识别方法、装置、计算机设备和存储介质,其中,盗号行为识别方法,包括：获取登录账号的终端设备识别信息；统计预设时间段内每一终端设备识别信息对应的所有登录账号的频次信息；根据频次信息,确定对应的终端设备识别信息所对应的终端设备是否存在盗号行为。通过本发明的技术方案,能够及时发现登录账号的异常登录,及时发现盗号行为,可有效的向运营商提供异常终端设备识别信息对应的终端设备以及向用户提醒登录账号异常操作,有效阻止大规模盗号行为的发生,提高账号的安全性,维护用户的合法权益。(The invention provides a method and a device for identifying a number stealing behavior, computer equipment and a storage medium, wherein the method for identifying the number stealing behavior comprises the following steps: acquiring terminal equipment identification information of a login account; counting frequency information of all login accounts corresponding to identification information of each terminal device in a preset time period; and determining whether the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior or not according to the frequency information. According to the technical scheme, abnormal login of the login account can be found in time, the number stealing behavior can be found in time, the terminal equipment corresponding to the identification information of the abnormal terminal equipment can be effectively provided for an operator, abnormal operation of the login account can be reminded for the user, the occurrence of large-scale number stealing behavior can be effectively prevented, the safety of the account is improved, and the legal rights and interests of the user are maintained.)

1. A method for identifying a number stealing behavior is characterized by comprising the following steps:

acquiring terminal equipment identification information of a login account;

counting frequency information of all the login accounts corresponding to the identification information of each terminal device in a preset time period;

and determining whether the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior or not according to the frequency information.

2. The method for identifying a number stealing behavior according to claim 1, wherein the determining whether a number stealing behavior exists in the terminal device corresponding to the corresponding terminal device identification information according to the frequency information includes:

analyzing the frequency information, and determining the login times of each login account corresponding to the same terminal equipment identification information;

comparing the login times of each login account, and determining the maximum login times corresponding to the same terminal equipment identification information;

and if the maximum login times are larger than a first preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

3. The method for identifying a number stealing behavior according to claim 1, wherein the determining whether a number stealing behavior exists in the terminal device corresponding to the corresponding terminal device identification information according to the frequency information includes:

analyzing the frequency information, and determining the login frequency of each login account corresponding to the same terminal equipment identification information;

comparing the login frequency of each login account, and determining the maximum login frequency corresponding to the same terminal equipment identification information;

and if the maximum login frequency is greater than a second preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

4. The method for identifying a number stealing behavior according to claim 2 or 3, wherein the step of determining whether the terminal device corresponding to the corresponding terminal device identification information has a number stealing behavior according to the frequency information further comprises the steps of:

analyzing the frequency information, and determining the number of different login accounts corresponding to the same terminal equipment identification information;

and if the number is larger than a third preset threshold value, determining that the number stealing behavior exists in the terminal equipment corresponding to the corresponding terminal equipment identification information.

5. The method according to any one of claims 1 to 3, wherein the method further comprises the steps of,

the terminal equipment identification information comprises terminal equipment fingerprint information and/or terminal equipment login IP address information.

6. A device for recognizing the stealing behavior of a number is characterized by comprising:

the acquisition unit is used for acquiring the terminal equipment identification information of the login account;

the statistical unit is used for counting the frequency information of all the login accounts corresponding to the identification information of each terminal device in a preset time period;

and the determining unit is used for determining whether the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior or not according to the frequency information.

7. The device for identifying number stealing behavior according to claim 6, further comprising:

the first analysis unit is used for analyzing the frequency information and determining the login times of each login account corresponding to the same terminal equipment identification information;

the first comparison unit is used for comparing the login times of each login account and determining the maximum login times corresponding to the same terminal equipment identification information;

the determination unit is further configured to: and when the maximum login times are larger than a first preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

8. The device for identifying number stealing behavior according to claim 6, further comprising:

the second analysis unit is used for analyzing the frequency information and determining the login frequency of each login account corresponding to the same terminal equipment identification information;

the second comparing unit is used for comparing the login frequency of each login account and determining the maximum login frequency corresponding to the same terminal equipment identification information;

the determination unit is further configured to: and when the maximum login frequency is greater than a second preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

9. The apparatus for identifying number stealing behavior according to claim 7 or 8, further comprising:

a third analyzing unit, configured to analyze the frequency information, and determine the number of different login accounts corresponding to the same terminal device identification information;

the determination unit is further configured to: and when the number is larger than a third preset threshold value, determining that the number stealing behavior exists in the terminal equipment corresponding to the corresponding terminal equipment identification information.

10. The stealing behavior recognition device according to any one of claims 6 to 8,

the terminal equipment identification information comprises terminal equipment fingerprint information and/or terminal equipment login IP address information.

11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program to perform the method of identifying a fraudulent activity of any one of claims 1 to 5.

12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the method for identifying fraudulent activity of any one of claims 1 to 5.

Technical Field

The invention relates to the technical field of network security, in particular to a method for identifying a number stealing behavior, a device for identifying a number stealing behavior, computer equipment and a computer readable storage medium.

Background

With the development of society, electronic payment is more and more popular, network related services provided by most companies all require a user to bind a bank card or a third party payment account, such as a payment treasure, and most users generally retain a part of funds in the account for convenience in use and also have some related personal privacy information, so that the security of the accounts is important to protect. However, many companies may only pay attention to the rapid development of business in the early stage, and the attention to account security is less, so that a certain vulnerability exists in the system, and some illegal persons can steal the account of the user to earn a riot.

Disclosure of Invention

The present invention is directed to solving at least one of the problems of the prior art or the related art.

Therefore, the invention aims to provide a method for identifying the stealing behavior of the number.

The invention also aims to provide a device for identifying the number stealing behavior.

It is a further object of this invention to provide such a computer apparatus.

It is yet another object of the present invention to provide a computer-readable storage medium.

In order to achieve the above object, a technical solution of a first aspect of the present invention provides a method for identifying a number stealing behavior, including: acquiring terminal equipment identification information of a login account; counting frequency information of all login accounts corresponding to identification information of each terminal device in a preset time period; and determining whether the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior or not according to the frequency information.

In the technical scheme, data support is provided for the determination of the number stealing behavior by acquiring the terminal equipment identification information of the login account and counting the frequency information of all login accounts corresponding to the identification information of each terminal equipment in a preset time period, whether the terminal equipment corresponding to the corresponding terminal equipment identification information has the stealing behavior or not is determined according to the frequency information, namely, the characteristic distribution of the frequency information can be analyzed, the small probability event is determined as the number stealing behavior, the number stealing behavior is determined relatively accurately, the method is favorable for timely determining the number stealing behavior, the method can effectively provide the terminal equipment corresponding to the identification information of the abnormal terminal equipment for an operator, remind the user of abnormal operation of logging in the account, adopt a corresponding coping strategy, effectively prevent large-scale number stealing behavior, improve the safety of the account and maintain the legal rights and interests of the user.

It should be noted that the preset time period may be 0.5-2 hours.

In the foregoing technical solution, preferably, determining whether a number stealing behavior exists in a terminal device corresponding to the corresponding terminal device identification information according to the frequency information includes: analyzing the frequency information, and determining the login times of each login account corresponding to the identification information of the same terminal equipment; comparing the login times of each login account, and determining the maximum login times corresponding to the identification information of the same terminal equipment; and if the maximum login times are larger than a first preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

In the technical scheme, the login times of each login account corresponding to the same terminal equipment identification information are determined by analyzing frequency information, data support is provided for determining the number stealing behavior, then the login times of each login account are compared, the maximum login times corresponding to the same terminal equipment identification information are determined, whether the terminal equipment corresponding to the terminal equipment identification information has the number stealing behavior or not is favorably determined, when the maximum login times are larger than a first preset threshold value, the terminal equipment corresponding to the corresponding terminal equipment identification information is determined to have the number stealing behavior, the number stealing behavior is relatively accurately determined, the terminal equipment corresponding to abnormal terminal equipment identification information can be effectively provided for an operator, abnormal operation of the login account is reminded for a user, a corresponding coping strategy is adopted, the occurrence of large-scale number stealing behavior is effectively prevented, and the safety of the account is improved, and maintaining the legal rights of the user.

It should be noted that the first preset threshold is determined through a large amount of big data analysis and is data with a small probability in frequency information feature distribution, the first preset threshold corresponds to a preset time period, the longer the preset time period is, the larger the first preset threshold is, for example, the preset time period is 0.5 hour, and the first preset threshold is 5 to 10.

It should be further noted that all the accounts needing to be logged in by the illegal person who wants to steal the account generally need a password, and the illegal person generally needs a password to log in the same login account in a short time in the decryption process, so that the maximum login times corresponding to the identification information of the same terminal device is beneficial to timely discovering large-scale number stealing behaviors, corresponding coping strategies are favorably carried out on all the login accounts of the terminal device corresponding to the identification information of the terminal device, the occurrence of the large-scale number stealing behaviors is effectively prevented, the safety of the accounts is improved, and the legal rights and interests of the user are maintained.

In any one of the above technical solutions, preferably, determining whether the terminal device corresponding to the corresponding terminal device identification information has a number stealing behavior according to the frequency information includes: analyzing the frequency information, and determining the login frequency of each login account corresponding to the identification information of the same terminal device; comparing the login frequency of each login account, and determining the maximum login frequency corresponding to the identification information of the same terminal device; and if the maximum login frequency is greater than a second preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

In the technical scheme, the login frequency of each login account corresponding to the same terminal equipment identification information is determined by analyzing frequency information, data support is provided for determining a number stealing behavior, then the login frequency of each login account is compared, the maximum login frequency corresponding to the same terminal equipment identification information is determined, whether the terminal equipment corresponding to the terminal equipment identification information has the number stealing behavior or not is favorably determined, when the maximum login frequency is larger than a second preset threshold value, the terminal equipment corresponding to the corresponding terminal equipment identification information is determined to have the number stealing behavior, the number stealing behavior is relatively accurately determined, the terminal equipment corresponding to abnormal terminal equipment identification information can be effectively provided for an operator, abnormal operation of the login account is reminded for a user, a corresponding coping strategy is adopted, the occurrence of large-scale number stealing behavior is effectively prevented, and the safety of the account is improved, and maintaining the legal rights of the user.

It should be noted that the second preset threshold is determined through analysis of a large amount of large data and is data with a small probability in frequency information characteristic distribution, and the second preset threshold may be 5 times/10 minutes, that is, if the same login account is logged for 5 times or more within 10 minutes continuously in a preset time period, it is determined that the terminal device corresponding to the corresponding terminal device identification information has a number stealing behavior, and the determination accuracy of the number stealing behavior is further improved.

In any one of the above technical solutions, preferably, determining whether the terminal device corresponding to the corresponding terminal device identification information has a number stealing behavior according to the frequency information, further includes: analyzing the frequency information, and determining the number of different login accounts corresponding to the identification information of the same terminal equipment; and if the number is larger than a third preset threshold value, determining that the number stealing behavior exists in the terminal equipment corresponding to the corresponding terminal equipment identification information.

According to the technical scheme, the number of different login accounts corresponding to the same terminal equipment identification information is determined by analyzing the frequency information, data support is provided for determining the number stealing behavior, and then when the number is larger than a third preset threshold value, the number stealing behavior of the terminal equipment corresponding to the corresponding terminal equipment identification information is determined, so that the accuracy of determining the number stealing behavior is further improved, a corresponding coping strategy is favorably adopted, the occurrence of large-scale number stealing behavior is effectively prevented, the safety of the account is improved, and the legal rights and interests of users are maintained.

It should be noted that the third preset threshold is determined through a large amount of big data analysis and is data with a small probability in frequency information feature distribution, the third preset threshold corresponds to a preset time period, the longer the preset time period is, the larger the third preset threshold is, for example, the preset time period is 0.5 hour, and the third preset threshold is 10 to 20.

It should be further noted that all the account numbers that need to be logged in by an illegal person who wants to steal the account numbers generally need a password, and the illegal person generally logs in a plurality of different account numbers on the same terminal device to decrypt and steal the number in the decryption process, so that the invention is beneficial to discovering large-scale number stealing behaviors in time through the number of different login account numbers corresponding to the identification information of the same terminal device, is beneficial to performing corresponding coping strategies on all the login account numbers of the terminal device corresponding to the identification information of the terminal device, effectively prevents the large-scale number stealing behaviors, improves the security of the account numbers, and maintains the legal rights and interests of the user.

In any one of the above technical solutions, preferably, the terminal device identification information includes terminal device fingerprint information and/or terminal device login IP address information.

According to the technical scheme, the terminal equipment fingerprint information and/or the terminal equipment login IP address information are used as terminal equipment identification information, are in one-to-one correspondence with the terminal equipment, have identification performance, are favorable for timely determining the terminal equipment with the number stealing behavior, effectively prevent the large-scale number stealing behavior on the terminal equipment, further improve the safety of the account number and maintain the legal rights and interests of the user.

The technical solution of the second aspect of the present invention provides a device for identifying a number stealing behavior, including: the acquisition unit is used for acquiring the terminal equipment identification information of the login account; the statistical unit is used for counting the frequency information of all login accounts corresponding to the identification information of each terminal device in a preset time period; and the determining unit is used for determining whether the terminal equipment corresponding to the corresponding terminal equipment identification information has the number stealing behavior or not according to the frequency information.

In the technical scheme, data support is provided for the determination of the number stealing behavior by acquiring the terminal equipment identification information of the login account and counting the frequency information of all login accounts corresponding to the identification information of each terminal equipment in a preset time period, whether the terminal equipment corresponding to the corresponding terminal equipment identification information has the stealing behavior or not is determined according to the frequency information, namely, the characteristic distribution of the frequency information can be analyzed, the small probability event is determined as the number stealing behavior, the number stealing behavior is determined relatively accurately, the method is favorable for timely determining the number stealing behavior, the method can effectively provide the terminal equipment corresponding to the identification information of the abnormal terminal equipment for an operator, remind the user of abnormal operation of logging in the account, adopt a corresponding coping strategy, effectively prevent large-scale number stealing behavior, improve the safety of the account and maintain the legal rights and interests of the user.

It should be noted that the preset time period may be 0.5-2 hours.

In the above technical solution, preferably, the method further includes: the first analysis unit is used for analyzing the frequency information and determining the login times of each login account corresponding to the same terminal equipment identification information; the first comparison unit is used for comparing the login times of each login account and determining the maximum login times corresponding to the identification information of the same terminal equipment; the determination unit is further configured to: and when the maximum login times are larger than a first preset threshold value, determining that the number stealing behavior exists in the terminal equipment corresponding to the corresponding terminal equipment identification information.

In the technical scheme, the login times of each login account corresponding to the same terminal equipment identification information are determined by analyzing frequency information, data support is provided for determining the number stealing behavior, then the login times of each login account are compared, the maximum login times corresponding to the same terminal equipment identification information are determined, whether the terminal equipment corresponding to the terminal equipment identification information has the number stealing behavior or not is favorably determined, when the maximum login times are larger than a first preset threshold value, the terminal equipment corresponding to the corresponding terminal equipment identification information is determined to have the number stealing behavior, the number stealing behavior is relatively accurately determined, the terminal equipment corresponding to abnormal terminal equipment identification information can be effectively provided for an operator, abnormal operation of the login account is reminded for a user, a corresponding coping strategy is adopted, the occurrence of large-scale number stealing behavior is effectively prevented, and the safety of the account is improved, and maintaining the legal rights of the user.

It should be noted that the first preset threshold is determined through a large amount of big data analysis and is data with a small probability in frequency information feature distribution, the first preset threshold corresponds to a preset time period, the longer the preset time period is, the larger the first preset threshold is, for example, the preset time period is 0.5 hour, and the first preset threshold is 5 to 10.

It should be further noted that all the accounts needing to be logged in by the illegal person who wants to steal the account generally need a password, and the illegal person generally needs a password to log in the same login account in a short time in the decryption process, so that the maximum login times corresponding to the identification information of the same terminal device is beneficial to timely discovering large-scale number stealing behaviors, corresponding coping strategies are favorably carried out on all the login accounts of the terminal device corresponding to the identification information of the terminal device, the occurrence of the large-scale number stealing behaviors is effectively prevented, the safety of the accounts is improved, and the legal rights and interests of the user are maintained.

In any one of the above technical solutions, preferably, the method further includes: the second analysis unit is used for analyzing the frequency information and determining the login frequency of each login account corresponding to the same terminal equipment identification information; the second comparison unit is used for comparing the login frequency of each login account and determining the maximum login frequency corresponding to the identification information of the same terminal equipment; the determination unit is further configured to: and when the maximum login frequency is larger than a second preset threshold value, determining that the terminal equipment corresponding to the corresponding terminal equipment identification information has a number stealing behavior.

In the technical scheme, the login frequency of each login account corresponding to the same terminal equipment identification information is determined by analyzing frequency information, data support is provided for determining a number stealing behavior, then the login frequency of each login account is compared, the maximum login frequency corresponding to the same terminal equipment identification information is determined, whether the terminal equipment corresponding to the terminal equipment identification information has the number stealing behavior or not is favorably determined, when the maximum login frequency is larger than a second preset threshold value, the terminal equipment corresponding to the corresponding terminal equipment identification information is determined to have the number stealing behavior, the number stealing behavior is relatively accurately determined, the terminal equipment corresponding to abnormal terminal equipment identification information can be effectively provided for an operator, abnormal operation of the login account is reminded for a user, a corresponding coping strategy is adopted, the occurrence of large-scale number stealing behavior is effectively prevented, and the safety of the account is improved, and maintaining the legal rights of the user.

It should be noted that the second preset threshold is determined through analysis of a large amount of large data and is data with a small probability in frequency information characteristic distribution, and the second preset threshold may be 5 times/10 minutes, that is, if the same login account is logged for 5 times or more within 10 minutes continuously in a preset time period, it is determined that the terminal device corresponding to the corresponding terminal device identification information has a number stealing behavior, and the determination accuracy of the number stealing behavior is further improved.

In any one of the above technical solutions, preferably, the method further includes: the third analysis unit is used for analyzing the frequency information and determining the number of different login accounts corresponding to the same terminal equipment identification information; the determination unit is further configured to: and when the number is larger than a third preset threshold value, determining that the number stealing behavior exists in the terminal equipment corresponding to the corresponding terminal equipment identification information.

According to the technical scheme, the number of different login accounts corresponding to the same terminal equipment identification information is determined by analyzing the frequency information, data support is provided for determining the number stealing behavior, and then when the number is larger than a third preset threshold value, the number stealing behavior of the terminal equipment corresponding to the corresponding terminal equipment identification information is determined, so that the accuracy of determining the number stealing behavior is further improved, a corresponding coping strategy is favorably adopted, the occurrence of large-scale number stealing behavior is effectively prevented, the safety of the account is improved, and the legal rights and interests of users are maintained.

It should be noted that the third preset threshold is determined through a large amount of big data analysis and is data with a small probability in frequency information feature distribution, the third preset threshold corresponds to a preset time period, the longer the preset time period is, the larger the third preset threshold is, for example, the preset time period is 0.5 hour, and the third preset threshold is 10 to 20.

It should be further noted that all the account numbers that need to be logged in by an illegal person who wants to steal the account numbers generally need a password, and the illegal person generally logs in a plurality of different account numbers on the same terminal device to decrypt and steal the number in the decryption process, so that the invention is beneficial to discovering large-scale number stealing behaviors in time through the number of different login account numbers corresponding to the identification information of the same terminal device, is beneficial to performing corresponding coping strategies on all the login account numbers of the terminal device corresponding to the identification information of the terminal device, effectively prevents the large-scale number stealing behaviors, improves the security of the account numbers, and maintains the legal rights and interests of the user.

In any one of the above technical solutions, preferably, the terminal device identification information includes terminal device fingerprint information and/or terminal device login IP address information.

According to the technical scheme, the terminal equipment fingerprint information and/or the terminal equipment login IP address information are used as terminal equipment identification information, are in one-to-one correspondence with the terminal equipment, have identification performance, are favorable for timely determining the terminal equipment with the number stealing behavior, effectively prevent the large-scale number stealing behavior on the terminal equipment, further improve the safety of the account number and maintain the legal rights and interests of the user.

An aspect of the third aspect of the present invention provides a computer device, where the computer device includes a processor, and the processor is configured to implement, when executing a computer program stored in a memory, the steps of the method for identifying a fraudulent conduct as set forth in any one of the above-mentioned aspects of the first aspect of the present invention.

In this technical solution, the computer device includes a processor, and the processor is configured to implement the steps of any one of the methods for identifying a number stealing behavior as set forth in the technical solution of the first aspect of the present invention when executing the computer program stored in the memory, so that all the beneficial effects of any one of the methods for identifying a number stealing behavior as set forth in the technical solution of the first aspect of the present invention are achieved, and details are not described herein again.

An aspect of the fourth aspect of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for identifying a fraudulent activity of any one of the methods provided in the first aspect of the present invention.

In this technical solution, a computer-readable storage medium stores thereon a computer program, and when executed by a processor, the computer program implements the steps of the method for identifying a number stealing behavior according to any one of the technical solutions of the first aspect of the present invention, so that the method has all the beneficial effects of the method for identifying a number stealing behavior according to any one of the technical solutions of the first aspect of the present invention, and details are not repeated herein.

Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

FIG. 1 shows a schematic flow diagram of a method of theft identification according to one embodiment of the invention;

FIG. 2 shows a schematic flow diagram of a method of theft identification according to another embodiment of the invention;

FIG. 3 shows a schematic flow diagram of a method of theft identification according to a further embodiment of the invention;

fig. 4 shows a schematic block diagram of a theft behavior recognition apparatus according to an embodiment of the present invention.

Detailed Description

In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.