CN107274212A - Cheating recognition methods and device - Google Patents
Cheating recognition methods and device Download PDFInfo
- Publication number
- CN107274212A CN107274212A CN201710384505.6A CN201710384505A CN107274212A CN 107274212 A CN107274212 A CN 107274212A CN 201710384505 A CN201710384505 A CN 201710384505A CN 107274212 A CN107274212 A CN 107274212A
- Authority
- CN
- China
- Prior art keywords
- user
- cheating
- data
- identification
- recognition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 97
- 238000012545 processing Methods 0.000 claims abstract description 80
- 230000008569 process Effects 0.000 claims description 43
- 238000003066 decision tree Methods 0.000 claims description 41
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000011156 evaluation Methods 0.000 description 20
- 230000006399 behavior Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 238000013507 mapping Methods 0.000 description 9
- 238000012795 verification Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 6
- 238000009434 installation Methods 0.000 description 6
- 230000014759 maintenance of location Effects 0.000 description 6
- 241000209202 Bromus secalinus Species 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000003542 behavioural effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000002790 cross-validation Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012886 linear function Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0248—Avoiding fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0273—Determination of fees for advertising
- G06Q30/0275—Auctions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0277—Online advertisement
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Game Theory and Decision Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Marketing (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the present invention provides a kind of cheating recognition methods and device, is related to internet arena and anti-field of practising fraud.Wherein, the cheating recognition methods includes:Obtain user data;The user characteristics determined according to cheating recognition strategy and based on the user data, carries out cheating identifying processing;The recognition result of the output cheating identifying processing, the recognition result includes:Whether user is cheating user, and user is the proof data of cheating user.Technical scheme provided in an embodiment of the present invention can improve the identification precision for the user that practises fraud, and can provide the proof data for proving that user practises fraud.
Description
Technical Field
The embodiment of the invention relates to the field of internet and the field of anti-cheating, in particular to a cheating identification method and device.
Background
In the internet field (e.g., mobile internet field), it is an important operation way to acquire users through various channels. This also leads to a flooding of cheating users (fake users). For example, some of the current popular billing methods for the channel are CPM (Cost Per mill, pay Per thousand), CPC (Cost Per Click), CPI (Cost Per Install, pay Per installation), etc., but users can do cheating in each billing method, and there is only a certain difference in the difficulty of cheating.
Therefore, how to identify whether a user cheats becomes an increasingly important issue in the internet field.
Disclosure of Invention
The embodiment of the invention provides a cheating identification method and a cheating identification device, which are used for solving the problems that in the prior art, a cheating user cannot be identified accurately and cheating evidence cannot be provided.
In a first aspect, an embodiment of the present invention provides a cheating identification method, including:
acquiring user data;
carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
outputting a recognition result of the cheating recognition processing, wherein the recognition result comprises: whether the user is a cheating user, and evidence data that the user is a cheating user.
In a second aspect, an embodiment of the present invention provides a cheating identifying device, including:
the data module is used for acquiring user data;
the identification module is used for carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
an output module, configured to output a recognition result of the cheating recognition processing, where the recognition result includes: whether the user is a cheating user, and evidence data that the user is a cheating user.
The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
In one possible design, the cheat-recognition device is configured to include a processor and a memory, the memory is used for storing a program for supporting the cheat-recognition device to execute the cheat-recognition method, and the processor is configured to execute the program stored in the memory. The cheat-recognition device may further include a communication interface for the cheat-recognition device to communicate with other devices or a communication network.
In a third aspect, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for a cheat-recognition device, where the instructions, when executed, implement the cheat-recognition method.
The embodiment of the invention can improve the identification accuracy of the cheating user and provide the proving data for proving the cheating of the user.
These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 illustrates a flow diagram of a cheat-identification method, according to one embodiment of the present invention;
FIG. 2 illustrates a flow diagram of a cheat-identification method, according to another embodiment of the present invention;
FIG. 3 illustrates a flow diagram of a cheat-identification method, according to yet another embodiment of the present invention;
FIG. 4 shows a flow diagram of a method of determining channel quality according to one embodiment of the invention;
FIG. 5 illustrates a block diagram of a cheat-identifying device, according to one embodiment of the present invention;
FIG. 6 illustrates an example of a block diagram of an identification module of the cheat-identification mechanism of FIG. 5;
FIG. 7 illustrates an example of a block diagram of a first identification submodule of the identification module shown in FIG. 6;
FIG. 8 illustrates an example of a block diagram of a second identification submodule of the identification module of FIG. 6;
fig. 9 is a schematic diagram illustrating a logical process of a cheat-recognition method according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.
In some of the flows described in the present specification and claims and in the above-described figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they appear herein, with the order of the operations, e.g., 101, 102, etc., merely being used to distinguish between various operations, and the order of the operations itself does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making an invasive task, are within the scope of the present invention.
Fig. 1 is a schematic flow chart of a cheating identification method according to an embodiment of the present invention, and referring to fig. 1, the method includes:
100: user data is acquired.
Optionally, in an implementation manner of this embodiment, the process 100 includes: monitoring device environment data of a user in real time, the device environment data comprising: data reflecting the status and changes of the user terminal equipment. For example, in a specific example, the SDK (Software Development Kit) deployed on the user terminal device is utilized to actively detect the change of the hardware environment, the abnormality of the operating system environment, and whether various application interfaces are hijacked, so that the state and the change of the user terminal device are obtained at the first time. These data may be uploaded to a server or device that performs the cheat-identification method.
Optionally, in an implementation manner of this embodiment, the process 100 includes: and acquiring the behavior data of the user in real time, wherein the behavior data is used for reflecting the behavior characteristics of the user. For example, behavioral data of the user is obtained from a third party platform. In one specific example, obtaining behavioral data of a user from an advertising platform or a data analysis platform includes: time from advertisement exposure to click download, time from click download to application installation, etc.
Optionally, in an implementation manner of this embodiment, the process 100 includes monitoring the device environment data of the user in real time and acquiring the behavior data of the user in real time. By adopting the implementation mode, objective equipment environment data and subjective user behavior data are combined, and a more comprehensive data basis can be provided for subsequent determination of user characteristics.
102: and carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data.
Optionally, in an implementation manner of this embodiment, the user characteristics determined based on the user data include characteristics reflecting an environment of the user terminal device and/or characteristics reflecting user behavior.
Optionally, in an implementation manner of this embodiment, based on log data (including device environment data of the user) and third-party platform data collected in real time, various features of the user, such as an IP, a user ID (Mobile phone Number, IMEI (International Mobile Equipment Identity)/IMSI (International Mobile Subscriber Identity), GAID (Google Advertising ID), IDFA (Identity for Advertising), IOS advertisement ID/IDFV (Identity for Vendor ID), a MAC (physical) address, an active time, a user level, whether payment has been made, a country/city address, a timestamp, a device model, an OS version, a channel source, click-to-install time, and the like, are extracted in real time.
Optionally, in an implementation manner of this embodiment, the cheating identification policy is a secondary cheating identification policy. For example, process 102 is implemented using 302-304 in the embodiment illustrated in FIG. 3, which is mentioned below.
Optionally, in an implementation manner of this embodiment, the process 102 is implemented in the following manner: judging and processing based on the user characteristics and a blacklist and/or a cheating mode in a cheating database; and if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is the cheating user, and determining the blacklist and/or the cheating mode corresponding to the user as the evidence data.
Optionally, in an implementation manner of this embodiment, the process 102 is implemented in the following manner: inputting the user characteristics into a decision tree model. The decision tree model is used for identifying whether the user is a cheating user or not based on the user characteristics, and outputting a decision path as the evidence data under the condition that the user is identified as the cheating user.
Optionally, in an implementation manner of this embodiment, the cheating recognition processing is performed in real time.
104: and outputting the identification result of the cheating identification processing. Wherein the recognition result comprises: whether the user is a cheating user, and evidence data that the user is a cheating user. In other words, in the case where the user is a cheating user, the evidence data is output.
By adopting the method provided by the embodiment, the cheating user can be effectively determined, and evidence data for proving that the user is the cheating user can be obtained.
Optionally, in one implementation of this embodiment, processes 100-104 are each performed in real-time. "real-time" means that when a precondition is satisfied (for example, necessary data and trigger conditions are acquired), subsequent processing is executed. For example, once a user logs in an application, corresponding user data is acquired before an advertisement is displayed, and user features are extracted and cheating recognition processing is performed immediately after the user data is acquired. By adopting the implementation mode, the cheating users can be discovered as early as possible, so that bidding on the advertisement is refused, and loss is stopped in time.
Fig. 2 is a schematic flow chart of a cheating identification method according to an embodiment of the present invention, and referring to fig. 2, the method includes:
200: user data is acquired.
202: user features are extracted based on the user data.
For the description of the processing 200-202, please refer to the related description in the embodiment shown in fig. 1, which is not repeated herein.
204: and carrying out cheating identification processing according to the user characteristics and the primary judgment strategy to determine cheating users. The first-level discrimination strategy is to perform one-time discrimination.
By adopting the cheating identification method provided by the embodiment, the cheating user can be effectively identified through one-time judgment.
Optionally, in an implementation manner of this embodiment, the process 204 is implemented in the following manner: comparing and judging the first user characteristics determined based on the user data with a blacklist and a cheating mode in real time; and if the user falls into the blacklist or the cheating mode is met, determining the user is a cheating user.
The blacklist may include a blacklist ID, a proxy IP, and the like. The cheating pattern may comprise a series of judgment criteria for judging a combination of single or multiple user characteristics.
Optionally, in an implementation manner of this embodiment, the process 204 is implemented in the following manner: inputting a second user characteristic determined based on the user data into a recognition model in real time; and determining whether the user is a cheating user according to the output result of the identification model.
The identification model is used for judging whether the user is a cheating user according to the user characteristics. Illustratively, the recognition model can be a recognition model constructed by adopting a supervised learning mode based on long-term accumulated user characteristic data.
In one specific example, the recognition model is a decision tree model. At this time, for the identified cheating user, a decision path thereof may be output based on the decision tree model, and the cheating pattern mentioned above may be updated based on the decision path.
Optionally, in an implementation manner of this embodiment, as shown by a dashed box in the figure, the method further includes:
206: according to the mapping relation between the user and the terminal equipment, the user who maps the cheating user to the same terminal equipment is identified as the cheating user or the suspected user (namely, the user who cheats with a higher probability). By adopting the implementation mode, other cheating users or suspected users can be further determined based on the identified cheating users, and the cheating identification efficiency is improved.
Optionally, in a subsequent process of this implementation, for the suspected user, the cheating identifying process as described in the process 204 may be performed, so as to determine whether the suspected user is a cheating user. In this case, process 206 may be used as a first determination for the suspected user, and the subsequent use of process 204 for the suspected user may be used as a second determination for the suspected user. Thus, by adopting a multi-level (2 times or more) discrimination strategy, the accuracy of cheating recognition can be improved.
Fig. 3 is a schematic flowchart of a cheat-recognition method according to an embodiment of the present invention, and referring to fig. 3, the method includes:
300: user data is acquired.
302: and performing first identification processing according to the cheating database and the first user characteristics determined based on the user data.
Optionally, in an implementation manner of this embodiment, the first identification process is used to preliminarily determine whether the user cheats, and a determination result thereof may include: the user is a cheating user, the user is a normal user, and the user is a suspected user.
Alternatively, in other embodiments of the present invention, process 302 may be replaced by:
and carrying out equipment consistency check based on the first user characteristics, and if the check result is that the equipment information is inconsistent, determining that the user is a suspected user or a cheating user. The equipment consistency check includes whether the IMEI/IMSI corresponding relation is consistent, and/or whether other various terminal equipment information is consistent.
Optionally, in an embodiment of the present invention, the process 302 may be implemented by:
and performing the consistency check of the equipment based on the first user characteristic (including the equipment information) and the cheating database. At this time, the cheating database may store therein device information and/or verification rules for participating in the verification.
304: and performing second identification processing according to the identification result of the first identification processing, the decision tree model and a second user characteristic determined based on the user data.
Optionally, in an implementation manner of this embodiment, the second recognition processing is used for optimizing the result of the first recognition processing, and includes outputting evidence data that proves that the user is a cheating user.
In the present embodiment, the first recognition processing and the second recognition processing constitute cheating recognition processing.
306: and outputting the identification result according to the result of the cheating identification processing. The recognition result comprises: whether the user is a cheating user, and evidence data that the user is a cheating user.
By adopting the method provided by the embodiment, the accuracy of cheating recognition can be improved through the secondary cheating recognition processing comprising the first recognition processing and the second recognition processing.
Optionally, in an implementation manner of this embodiment, the process 302 is implemented by:
performing judgment processing based on the first user characteristics and a blacklist and/or a cheating mode in the cheating database; if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is a suspected user; otherwise, determining that the user is a normal user.
Optionally, in an implementation manner of this embodiment, the process 302 is implemented by: and judging whether the current user ID and the cheating user ID are mapped to the same terminal equipment ID according to the mapping relation between the user ID and the terminal equipment ID stored in the cheating database, if so, determining the current user as a suspected user, and otherwise, determining the current user as a normal user.
Optionally, in an implementation manner of this embodiment, the process 304 is implemented by any one or more of the following:
for example: and if the result of the first identification processing is that the user is a suspected user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user.
For another example: and if the result of the first identification processing is that the user is a normal user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user again, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user.
Of course, in addition to the above examples, the skilled person can flexibly design the combination relationship between the output result of the first recognition processing and the logic processing of the second recognition processing based on the idea that the first recognition processing preliminarily determines whether the user is a cheating user, the second recognition processing further optimizes the result of the first recognition processing, and the final recognition result includes evidence data when the user is a cheating user.
Optionally, in an implementation manner of this embodiment, the cheating patterns in the cheating database are updated according to the decision path.
Optionally, in an implementation manner of this embodiment, the first user characteristic is the same as the second user characteristic, or the first user characteristic is different from the second user characteristic. For example, an input user feature that matches a recognition model (e.g., a decision tree model) is filtered from the first user features as a second user feature.
Fig. 4 is a flowchart illustrating a method for determining channel quality according to an embodiment of the present invention. Referring to fig. 4, the method includes:
400: and (5) counting the evaluation indexes of the channels.
Optionally, in an implementation manner of this embodiment, the evaluation index includes, for example: the number of newly added users Per day, the number of active users Per day, the Average daily usage time, the retention rate of the next day, the retention rate of 7 days, the retention rate of 14 days, the conversion rate, the payment rate, ARPU (Average income Per User), and the like.
Optionally, in an implementation manner of this embodiment, a part of the evaluation indexes may be calculated according to a user characteristic (as described above) of a user in the channel.
402: and determining the quality of the channel according to the evaluation index of the channel and the weight of the evaluation index.
By adopting the embodiment, the quality of the channel where the user is located can be evaluated.
The present invention further provides an embodiment, in which, in addition to the embodiments shown in fig. 1 to fig. 3 or the implementation manner thereof, the embodiment shown in fig. 4 is also used to evaluate the quality of the channel where the user is located.
Fig. 5 is a block diagram of a cheat-identifying device according to an embodiment of the present invention. Referring to fig. 5, the cheat-identifying means includes a data module 50, an identification module 52, and an output module 54. The details will be described below.
In the present embodiment, the data module 50 is used to obtain user data. For example, the data module 50 is specifically configured to: and monitoring the equipment environment data of the user in real time, and/or acquiring the behavior data of the user in real time.
In this embodiment, the identifying module 52 is configured to perform the cheating identifying process according to the cheating identifying policy and the user characteristics determined based on the user data.
Optionally, in an implementation manner of this embodiment, the recognition module 52 is specifically configured to input the user characteristics into the decision tree model. The decision tree model is used for identifying whether the user is a cheating user or not based on the user characteristics, and outputting a decision path as the evidence data under the condition that the user is identified as the cheating user.
Optionally, in an implementation manner of this embodiment, the identifying module 52 is specifically configured to perform a judgment process based on the user characteristics and a blacklist and/or a cheating pattern in the cheating database; and if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is the cheating user, and determining the blacklist and/or the cheating mode corresponding to the user as the evidence data.
In this embodiment, the output module 54 is configured to output a recognition result of the cheating recognition process, where the recognition result includes: whether the user is a cheating user, and evidence data that the user is a cheating user.
Optionally, in an implementation manner of the present embodiment, as shown in fig. 6, the identification module 52 includes a first identification submodule 520 and a second identification submodule 522. The first identifying submodule 520 is configured to perform a first identifying process according to the cheating database and a first user characteristic determined based on the user data; the second recognition submodule 522 is configured to perform a second recognition process according to the result of the first recognition submodule, the decision tree model, and a second user characteristic determined based on the user data.
Optionally, in an implementation manner of this embodiment, as shown in fig. 7, the first identification sub-module 520 includes: a first judging unit, configured to judge whether a user falls into a blacklist and/or satisfies a cheating mode based on the first user characteristic and the blacklist and/or the cheating mode in the cheating database; and the first determining unit is used for determining the user as a suspected user when the first judging unit determines that the user falls into the blacklist and/or meets the cheating mode, and otherwise, determining the user as a normal user.
Optionally, in an implementation manner of this embodiment, as shown in a dashed box in fig. 7, the first identification sub-module 520 may only include: a second judging unit, configured to determine whether the current user ID and the cheating user ID are mapped to the same terminal device ID according to a mapping relationship between the user ID and the terminal device ID stored in the cheating database; a second determining unit, configured to determine the current user as a suspected user when the second determining unit determines that the current user is a suspected user, and determine the current user as a normal user when the second determining unit determines that the current user is a normal user.
Optionally, in an implementation manner of this embodiment, as shown in fig. 7, the first identification sub-module 520 may include the aforementioned first determining unit, second determining unit, and second determining unit at the same time.
Optionally, in an implementation manner of this embodiment, as shown in fig. 8, the second identification module 522 includes any one or more units of the second identification unit and the third identification unit.
The second identification unit is used for inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user or not under the condition that the result of the first identification processing is that the user is a suspected user, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user;
the third identification unit is used for inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user again when the result of the first identification processing is that the user is a normal user, and outputting a decision path as the evidence data when the user is determined to be the cheating user.
Optionally, in an implementation manner of this embodiment, as shown by a dashed box in fig. 5, the cheating identifying apparatus further includes an updating module 56 for updating the cheating patterns in the cheating database based on the aforementioned decision path.
Optionally, in an implementation manner of this embodiment, as shown by a dashed line box in fig. 5, the cheating identifying apparatus further includes an evaluation module 58, configured to count evaluation indexes of a channel where the user is located, and determine quality of the channel according to the evaluation indexes of the channel and weights of the evaluation indexes.
Method embodiments and apparatus embodiments and implementations thereof according to the present invention are described above with reference to the accompanying drawings. The following describes a logical process of a real-time cheating recognition method according to the present invention with reference to the accompanying drawings. As shown in fig. 9, the method includes:
900: and collecting terminal data and third-party platform data in real time.
For example, firstly, the SDK deployed on the user terminal device is used to actively detect the change of the hardware environment, the abnormality of the operating system environment, whether various application interfaces are hijacked, and the like, so as to obtain the state and the change of the user terminal device at the first time. Typically, the platform is tricked into generating a new user device by tampering with the device information. This change is monitored by the SDK in process 900 and device information is continuously recorded for cross-validation.
Additionally, before downloading, for example, a mobile phone application, data of a third party advertisement or analysis platform is integrated in process 900 because data such as advertisement presentation, click download, and application installation cannot be tracked. In this way, the user's behavior can be more comprehensively analyzed. These data are generated on the user's handset, which is helpful to perfect the user's behavior. Such as the time from advertisement presentation to click-to-download, the time from click-to-download to application installation. These data can be used to determine the likelihood of cheating, and there is a difference in these times between normal users and cheating users.
902: and extracting the user characteristics.
In process 902, based on the log data and third party platform data collected in real time, various information of the user, such as IP, user ID (mobile phone number, IMEI/IMSI, GAID, IDFA/IDFV, MAC address), active time, user level, whether or not payment has been made, country/city address, timestamp, device model, OS version, channel origin, click-to-install time, etc., is extracted.
904: and (5) performing cheating inspection.
In process 904, a comprehensive detection of all data of the user can be performed based on the cheating pattern and the blacklist. Such as:
example 1: and comparing the IP address with a blacklist library to judge whether the IP address is from a blacklist IP or not and whether the IP address is from an agent IP or not.
Example 2: user installations from the same IP or subnet are analyzed and marked significantly (e.g., as a suspect user) when the installation volume exceeds a threshold.
Example 3: and analyzing whether the geographic position meets the requirement of the delivery area based on the IP, and if not, explicitly filtering out the part of cheating users.
Example 4: and the consistency verification of the equipment comprises the consistency verification of the IMEI/IMSI corresponding relation and the consistency verification of other various terminal equipment information. If there are inconsistencies, these inconsistent users are marked significantly (e.g., as suspect users or cheating users).
Example 5: more effective consistency verification is realized by establishing and maintaining a Mapping relation (ID-Mapping) between the user ID and the terminal equipment information. The mapping relationship may be a many-to-many relationship, for example, one user ID may be associated with a plurality of terminal devices, and one terminal device may be used by a plurality of user IDs. Moreover, the mapping relationship can also be propagated, for example, a terminal device associated with a cheating user ID may also be cheated (e.g., marked as a suspected terminal device), and a user ID associated with a cheating terminal device may also be cheated (e.g., marked as a suspected user).
906: and constructing a decision tree discrimination model.
In this embodiment, a decision tree discrimination model may be constructed based on long-term accumulated user feature data, model training is performed, and then iterative updating is performed continuously to reflect the latest data change. The decision tree model may also be used to discover new cheating patterns.
In one implementation of process 906, prior to building the model, valid features are selected from existing user features, such as: whether the information comes from a blacklist IP or not, whether the information comes from an agent IP or not, whether the equipment information is consistent or not, the application starting times, the daily average starting times, the average single use time, the average daily use time, the active days, the user level, whether the payment is made or not, the payment times, the payment total amount, the average payment amount, the channel source quality and the like. The training data needs to be marked with classification labels, and for cheating judgment, the classification labels indicate whether cheating is performed or not.
908: cheating patterns are discovered.
Based on the discrimination model (decision tree model), whether the user cheats can be discriminated. For example, for a suspected user, the user is further analyzed based on the discriminant model, and the reason for identifying the user cheating is collected, so as to realize the cheating evidence explanation and the refusal payment processing aiming at the channel. Wherein the decision path of the decision tree can be used to explain the cause of the cheating. For example, the impact of different features on the cheating decision may be analyzed based on the decision path, such as deciding to install cheating if the number of active days of the user is greater than 7 and the user level is equal to 1.
Once a new cheating pattern is discovered, its way and manner of cheating can be analyzed and the cheating pattern can be added to the cheating pattern database after the cheating pattern is validated. In addition, once an IP or channel is identified as cheating, it may also be added to the blacklist database for later device consistency verification.
910: and (6) channel assessment.
Application and operation teams generally need to cooperate with a plurality of channels for application and popularization, so that channel management increasingly becomes an important problem. To this end, the present invention employs a process 910 that evaluates the quality or health of a channel based on the quality of the channel user, which can determine whether to continue delivery based on the channel quality.
In this embodiment, the quality or health degree of the evaluation channel may be normalized and then weighted and summed by counting various indicators of the channel. Wherein, the weights of different indexes can be adjusted according to the requirement. Some specific channel indicators are such as: the number of newly increased users per day, the number of active users per day, the average daily use duration, the retention rate of the next day, the retention rate of 7 days, the retention rate of 14 days, the conversion rate, the payment rate, the ARPU and the like.
The normalization of the index may employ a linear function transformation, as follows:
wherein, Measure and normaize (Measure) represent values before and after the index conversion, and Max and Min represent the maximum value and the minimum value of a certain index.
The quality of the channel can be expressed as:
wherein Publisher represents a channel; quality (publish) indicates the quality of the channel, and weight (measure) indicates the weight of the index.
Wherein,
it is noted that various embodiments are provided in the present disclosure, and that various embodiments may include various implementations. Although different implementations may be described for the same or similar steps in different embodiments, these implementations may be flexibly and reasonably applied to other embodiments, and the resulting solution also falls within the scope of the present invention.
Various embodiments of the present invention have been described in detail above. In one possible design, the aforementioned cheating recognition apparatus includes a processor and a memory, the memory is used for storing a program supporting the cheating recognition apparatus to execute the aforementioned cheating recognition method, and the processor is configured to execute the program stored in the memory.
The program includes one or more computer instructions, where the one or more computer instructions are for execution invoked by the processor. The processor is configured to execute the instructions to implement the method described in the embodiments of fig. 1-4 or 9.
Embodiments of the present invention further provide a computer storage medium for storing computer software instructions for the cheat-identifying device, which are executed to perform the method described in the embodiments of fig. 1-4 or 9.
It is clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes, explanations of related terms, descriptions of related effects, and the like of the devices, modules, and units described above can all refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and of course, can also be implemented by hardware. With this understanding in mind, the above technical solutions may be embodied in the form of a software product, which can be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
The invention discloses a1 and a cheating identification method, which comprises the following steps:
acquiring user data;
carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
outputting a recognition result of the cheating recognition processing, wherein the recognition result comprises: whether the user is a cheating user, and evidence data that the user is a cheating user.
A2, the method of A1, wherein the obtaining user data includes: monitoring and acquiring the equipment environment data of a user in real time; and acquiring the behavior data of the user in real time.
A3, the method of A1, wherein the performing cheating recognition processing according to the cheating recognition policy and the user characteristics determined based on the user data includes: judging and processing based on the user characteristics and a blacklist and/or a cheating mode in a cheating database; and if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is the cheating user, and determining the blacklist and/or the cheating mode corresponding to the user as the evidence data.
A4, the method of A1, wherein the performing cheating recognition processing according to the cheating recognition policy and the user characteristics determined based on the user data includes: inputting the user characteristics into a decision tree model; the decision tree model is used for identifying whether the user is a cheating user or not based on the user characteristics, and outputting a decision path as the evidence data under the condition that the user is identified as the cheating user.
A5, the method of claim a1, wherein the performing cheating recognition processing according to the cheating recognition policy and the user characteristics determined based on the user data includes: performing first identification processing according to a cheating database and a first user characteristic determined based on the user data; and performing second recognition processing according to the result of the first recognition processing, the decision tree model and a second user characteristic determined based on the user data.
A6, the method of A5, the performing a first recognition process according to a cheating database and a first user characteristic determined based on the user data, comprising: judging and processing based on the first user characteristics and the blacklist and/or the cheating mode in the cheating database; if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is a suspected user; otherwise, determining that the user is a normal user.
A7, the method of A5, the performing a first recognition process according to a cheating database and a first user characteristic determined based on the user data, comprising: judging whether the current user ID and the cheating user ID are mapped to the same terminal equipment ID according to the mapping relation between the user ID and the terminal equipment ID stored in the cheating database; if yes, determining that the current user is a suspected user; and if not, determining that the current user is a normal user.
A8, the method of A5, the performing a second recognition process according to the recognition result of the first recognition process, the decision tree model and a second user characteristic determined based on the user data, comprising any one or more of:
if the result of the first identification processing is that the user is a suspected user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user;
and if the result of the first identification processing is that the user is a normal user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user again, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user.
A9, the method of a4 or A8, further comprising: updating a cheating pattern in a cheating database based on the decision path.
A10, the method of a1, further comprising: and counting the evaluation indexes of the channel where the user is located, and determining the quality of the channel according to the evaluation indexes of the channel and the weights of the evaluation indexes.
The invention also discloses B11, a cheating identification device, comprising:
the data module is used for acquiring user data;
the identification module is used for carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
an output module, configured to output a recognition result of the cheating recognition processing, where the recognition result includes: whether the user is a cheating user, and evidence data that the user is a cheating user.
B12, the apparatus as in B11, the data module being specifically configured to: monitoring equipment environment data of a user in real time; and acquiring the behavior data of the user in real time.
B13, the apparatus as in B11, the identification module being specifically configured to: judging and processing based on the user characteristics and a blacklist and/or a cheating mode in a cheating database; and if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is the cheating user, and determining the blacklist and/or the cheating mode corresponding to the user as the evidence data.
B14, the apparatus as in B11, the identification module being specifically configured to: inputting the user features into a decision tree model; the decision tree model is used for identifying whether the user is a cheating user or not based on the user characteristics, and outputting a decision path as the evidence data under the condition that the user is identified as the cheating user.
B15, the apparatus of B11, the identification module comprising: the first identification submodule is used for carrying out first identification processing according to the cheating database and a first user characteristic determined based on the user data; and the second identification submodule is used for carrying out second identification processing according to the result of the first identification submodule, the decision tree model and a second user characteristic determined based on the user data.
B16, the apparatus as in B15, the first identification submodule comprising: a first judging unit, configured to judge whether a user falls into a blacklist and/or satisfies a cheating pattern based on the first user characteristic and the blacklist and/or the cheating pattern in the cheating database; and the first determining unit is used for determining the user as a suspected user when the first judging unit determines that the user falls into the blacklist and/or meets the cheating mode, and otherwise, determining the user as a normal user.
B17, the apparatus as in B15, the first identification submodule comprising: a second judging unit, configured to determine whether the current user ID and the cheating user ID are mapped to the same terminal device ID according to a mapping relationship between the user ID and the terminal device ID stored in the cheating database; a second determining unit, configured to determine the current user as a suspected user when the second determining unit determines that the current user is a suspected user, and determine the current user as a normal user when the second determining unit determines that the current user is a normal user.
B18, the apparatus as described in B15, the second identification module comprising any one or more of:
a second identification unit, configured to, when a result of the first identification processing is that the user is a suspected user, input the second user characteristic into the decision tree model to determine whether the user is a cheating user, and output a decision path as the evidence data when it is determined that the user is a cheating user;
and a third identification unit, configured to, in a case where a result of the first identification processing is that the user is a normal user, input the second user characteristic into the decision tree model to determine again whether the user is a cheating user, and output a decision path as the evidence data in a case where it is determined that the user is a cheating user.
B19, the apparatus of B14 or B18, further comprising: and the updating module is used for updating the cheating mode in the cheating database based on the decision path.
B20, the apparatus of B11, further comprising: and the evaluation module is used for counting the evaluation indexes of the channel where the user is positioned and determining the quality of the channel according to the evaluation indexes of the channel and the weights of the evaluation indexes.
The invention also discloses C21, a cheating identification device, comprising a memory and a processor; wherein,
the memory is to store one or more computer instructions, wherein the one or more computer instructions are for the processor to invoke for execution;
the processor is configured to execute the instructions to:
acquiring user data;
carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
outputting a recognition result of the cheating recognition processing, wherein the recognition result comprises: whether the user is a cheating user, and evidence data that the user is a cheating user.
C22, the apparatus of C21, the processor to execute the instructions to: monitoring and acquiring equipment environment data of a user in real time; and acquiring the behavior data of the user in real time.
C23, the apparatus of C21, the processor to execute the instructions to: judging and processing based on the user characteristics and a blacklist and/or a cheating mode in a cheating database; and if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is a cheating user, and determining the blacklist and/or the cheating mode corresponding to the user as the evidence data.
C24, the apparatus of C21, the processor to execute the instructions to: inputting the user features into a decision tree model; the decision tree model is used for identifying whether the user is a cheating user or not based on the user characteristics, and outputting a decision path as the evidence data under the condition that the user is identified as the cheating user.
C25, the apparatus of claim C21, the processor to execute the instructions to: performing first identification processing according to a cheating database and a first user characteristic determined based on the user data; and performing second identification processing according to the result of the first identification processing, the decision tree model and a second user characteristic determined based on the user data.
C26, the apparatus of C25, the processor to execute the instructions to: performing judgment processing based on the first user characteristics and a blacklist and/or a cheating mode in the cheating database; if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is a suspected user; otherwise, determining that the user is a normal user.
C27, the apparatus of C25, the processor to execute the instructions to: judging whether the current user ID and the cheating user ID are mapped to the same terminal equipment ID according to the mapping relation between the user ID and the terminal equipment ID stored in the cheating database; if yes, determining that the current user is a suspected user; otherwise, determining the current user as a normal user.
C28, the apparatus of claim 25, the processor to execute the instructions to implement any one or more of the following:
if the result of the first identification processing is that the user is a suspected user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user;
and if the result of the first identification processing is that the user is a normal user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user again, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user.
C29, the apparatus as described in C24 or C28, the processor to execute the instructions to: updating a cheating pattern in a cheating database based on the decision path.
C30, the apparatus of C21, the processor to execute the instructions to: and counting the evaluation indexes of the channel where the user is located, and determining the quality of the channel according to the evaluation indexes of the channel and the weights of the evaluation indexes.
The present invention also provides D31, a computer storage medium having stored therein one or more computer instructions that, when executed, implement the method of any one of a1-a 10.
Claims (10)
1. A cheat identification method, the method comprising:
acquiring user data;
carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
outputting a recognition result of the cheating recognition processing, wherein the recognition result comprises: whether the user is a cheating user, and evidence data that the user is a cheating user.
2. The method of claim 1, wherein the obtaining user data comprises:
monitoring and acquiring equipment environment data of a user in real time;
and acquiring the behavior data of the user in real time.
3. The method of claim 1, wherein performing a cheat recognition process based on a cheat recognition policy and a user characteristic determined based on the user data comprises:
performing first identification processing according to a cheating database and a first user characteristic determined based on the user data;
and performing second recognition processing according to the result of the first recognition processing, the decision tree model and second user characteristics determined based on the user data.
4. The method of claim 3, wherein performing a first recognition process based on the cheating database and a first user profile determined based on the user data comprises:
performing judgment processing based on the first user characteristics and a blacklist and/or a cheating mode in the cheating database;
if the user is judged to fall into the blacklist and/or the cheating mode is met, determining that the user is a suspected user;
otherwise, determining that the user is a normal user.
5. The method of claim 3, wherein performing a second recognition process based on the recognition result of the first recognition process, a decision tree model, and a second user characteristic determined based on the user data comprises any one or more of:
if the result of the first identification processing is that the user is a suspected user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user;
and if the result of the first identification processing is that the user is a normal user, inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user again, and outputting a decision path as the evidence data under the condition that the user is determined to be the cheating user.
6. A cheat-recognition device, the device comprising:
the data module is used for acquiring user data;
the identification module is used for carrying out cheating identification processing according to the cheating identification strategy and the user characteristics determined based on the user data;
an output module, configured to output a recognition result of the cheating recognition processing, where the recognition result includes: whether the user is a cheating user, and evidence data that the user is a cheating user.
7. The apparatus of claim 6, wherein the data module is specifically configured to:
monitoring equipment environment data of a user in real time;
and acquiring the behavior data of the user in real time.
8. The apparatus of claim 6, wherein the identification module comprises:
the first identification submodule is used for carrying out first identification processing according to the cheating database and a first user characteristic determined based on the user data;
and the second identification submodule is used for carrying out second identification processing according to the result of the first identification submodule, the decision tree model and a second user characteristic determined based on the user data.
9. The apparatus of claim 8, wherein the first identification submodule comprises:
a first judging unit, configured to judge whether a user falls into a blacklist and/or satisfies a cheating pattern based on the first user characteristic and the blacklist and/or the cheating pattern in the cheating database;
and the first determining unit is used for determining the user as a suspected user when the first judging unit determines that the user falls into the blacklist and/or meets the cheating mode, and otherwise, determining the user as a normal user.
10. The apparatus of claim 8, wherein the second identifying means comprises any one or more of:
a second identification unit, configured to, when a result of the first identification processing is that the user is a suspected user, input the second user characteristic into the decision tree model to determine whether the user is a cheating user, and output a decision path as the evidence data when it is determined that the user is a cheating user;
and the third identification unit is used for inputting the second user characteristic into the decision tree model to determine whether the user is a cheating user again when the result of the first identification processing is that the user is a normal user, and outputting a decision path as the evidence data when the user is determined to be the cheating user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710384505.6A CN107274212A (en) | 2017-05-26 | 2017-05-26 | Cheating recognition methods and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710384505.6A CN107274212A (en) | 2017-05-26 | 2017-05-26 | Cheating recognition methods and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107274212A true CN107274212A (en) | 2017-10-20 |
Family
ID=60064705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710384505.6A Pending CN107274212A (en) | 2017-05-26 | 2017-05-26 | Cheating recognition methods and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107274212A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108053256A (en) * | 2017-12-27 | 2018-05-18 | 上海银橙文化传媒股份有限公司 | A kind of anti-cheat method based on PageRank |
| CN108768743A (en) * | 2018-06-11 | 2018-11-06 | 北京奇艺世纪科技有限公司 | A kind of user identification method, device and server |
| CN108876464A (en) * | 2018-06-27 | 2018-11-23 | 珠海市君天电子科技有限公司 | A kind of cheating detection method, device, service equipment and storage medium |
| CN109034906A (en) * | 2018-08-03 | 2018-12-18 | 北京木瓜移动科技股份有限公司 | Anti- cheat method, device, electronic equipment and the storage medium of advertising conversion |
| CN109165691A (en) * | 2018-09-05 | 2019-01-08 | 北京奇艺世纪科技有限公司 | Training method, device and the electronic equipment of the model of cheating user for identification |
| CN109561069A (en) * | 2018-10-25 | 2019-04-02 | 阿里巴巴集团控股有限公司 | A kind of generation method and device, a kind of recognition methods and device of identification model |
| CN109729054A (en) * | 2017-10-31 | 2019-05-07 | 阿里巴巴集团控股有限公司 | Access data monitoring method and relevant device |
| WO2019136990A1 (en) * | 2018-01-12 | 2019-07-18 | 深圳壹账通智能科技有限公司 | Network data detection method, apparatus, computer device and storage medium |
| CN110189165A (en) * | 2019-05-14 | 2019-08-30 | 微梦创科网络科技(中国)有限公司 | Channel abnormal user and abnormal channel recognition methods and device |
| CN110197378A (en) * | 2018-02-27 | 2019-09-03 | 北京嘀嘀无限科技发展有限公司 | The recognition methods and device that cheating department multiplies in network about parking lot scape |
| CN111105262A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111105263A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111105259A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111104628A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111178938A (en) * | 2019-12-03 | 2020-05-19 | 微梦创科网络科技(中国)有限公司 | Anti-cheating advertisement monitoring method and device |
| CN111210271A (en) * | 2020-01-03 | 2020-05-29 | 北京字节跳动网络技术有限公司 | Method and device for identifying form cheating, electronic equipment and storage medium |
| CN112468461A (en) * | 2020-11-13 | 2021-03-09 | 北京明略昭辉科技有限公司 | Multi-dimensional abnormal flow identification method and device and computer equipment |
| CN112700287A (en) * | 2021-01-11 | 2021-04-23 | 郑州阿帕斯数云信息科技有限公司 | Anti-cheating method and device for application program |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080319774A1 (en) * | 2007-06-22 | 2008-12-25 | O'sullivan Patrick | Pixel cluster transit monitoring for detecting click fraud |
| US20090024461A1 (en) * | 2007-07-16 | 2009-01-22 | Willner Barry E | Cursor path vector analysis for detecting click fraud |
| CN105824834A (en) * | 2015-01-06 | 2016-08-03 | 腾讯科技(深圳)有限公司 | Search traffic cheating behavior identification method and apparatus |
| CN106022834A (en) * | 2016-05-24 | 2016-10-12 | 腾讯科技(深圳)有限公司 | Advertisement against cheating method and device |
| CN106127505A (en) * | 2016-06-14 | 2016-11-16 | 北京众成汇通信息技术有限公司 | The single recognition methods of a kind of brush and device |
| CN106326497A (en) * | 2016-10-10 | 2017-01-11 | 合网络技术(北京)有限公司 | Cheating video user identification method and device |
-
2017
- 2017-05-26 CN CN201710384505.6A patent/CN107274212A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080319774A1 (en) * | 2007-06-22 | 2008-12-25 | O'sullivan Patrick | Pixel cluster transit monitoring for detecting click fraud |
| US20090024461A1 (en) * | 2007-07-16 | 2009-01-22 | Willner Barry E | Cursor path vector analysis for detecting click fraud |
| CN105824834A (en) * | 2015-01-06 | 2016-08-03 | 腾讯科技(深圳)有限公司 | Search traffic cheating behavior identification method and apparatus |
| CN106022834A (en) * | 2016-05-24 | 2016-10-12 | 腾讯科技(深圳)有限公司 | Advertisement against cheating method and device |
| CN106127505A (en) * | 2016-06-14 | 2016-11-16 | 北京众成汇通信息技术有限公司 | The single recognition methods of a kind of brush and device |
| CN106326497A (en) * | 2016-10-10 | 2017-01-11 | 合网络技术(北京)有限公司 | Cheating video user identification method and device |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109729054B (en) * | 2017-10-31 | 2021-08-13 | 阿里巴巴集团控股有限公司 | Access data monitoring method and related equipment |
| CN109729054A (en) * | 2017-10-31 | 2019-05-07 | 阿里巴巴集团控股有限公司 | Access data monitoring method and relevant device |
| CN108053256A (en) * | 2017-12-27 | 2018-05-18 | 上海银橙文化传媒股份有限公司 | A kind of anti-cheat method based on PageRank |
| WO2019136990A1 (en) * | 2018-01-12 | 2019-07-18 | 深圳壹账通智能科技有限公司 | Network data detection method, apparatus, computer device and storage medium |
| CN110197378A (en) * | 2018-02-27 | 2019-09-03 | 北京嘀嘀无限科技发展有限公司 | The recognition methods and device that cheating department multiplies in network about parking lot scape |
| CN108768743A (en) * | 2018-06-11 | 2018-11-06 | 北京奇艺世纪科技有限公司 | A kind of user identification method, device and server |
| CN108768743B (en) * | 2018-06-11 | 2021-07-20 | 北京奇艺世纪科技有限公司 | User identification method and device and server |
| CN108876464A (en) * | 2018-06-27 | 2018-11-23 | 珠海市君天电子科技有限公司 | A kind of cheating detection method, device, service equipment and storage medium |
| CN109034906A (en) * | 2018-08-03 | 2018-12-18 | 北京木瓜移动科技股份有限公司 | Anti- cheat method, device, electronic equipment and the storage medium of advertising conversion |
| CN109165691B (en) * | 2018-09-05 | 2022-04-22 | 北京奇艺世纪科技有限公司 | Training method and device for model for identifying cheating users and electronic equipment |
| CN109165691A (en) * | 2018-09-05 | 2019-01-08 | 北京奇艺世纪科技有限公司 | Training method, device and the electronic equipment of the model of cheating user for identification |
| CN109561069A (en) * | 2018-10-25 | 2019-04-02 | 阿里巴巴集团控股有限公司 | A kind of generation method and device, a kind of recognition methods and device of identification model |
| CN111105263A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111105259A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111104628A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111105262A (en) * | 2018-10-29 | 2020-05-05 | 北京奇虎科技有限公司 | User identification method and device, electronic equipment and storage medium |
| CN111105263B (en) * | 2018-10-29 | 2024-09-20 | 北京奇虎科技有限公司 | User identification method, device, electronic equipment and storage medium |
| CN111105262B (en) * | 2018-10-29 | 2024-05-14 | 北京奇虎科技有限公司 | User identification method, device, electronic equipment and storage medium |
| CN111105259B (en) * | 2018-10-29 | 2024-04-02 | 北京奇虎科技有限公司 | User identification method, device, electronic equipment and storage medium |
| CN110189165A (en) * | 2019-05-14 | 2019-08-30 | 微梦创科网络科技(中国)有限公司 | Channel abnormal user and abnormal channel recognition methods and device |
| CN110189165B (en) * | 2019-05-14 | 2021-07-23 | 微梦创科网络科技(中国)有限公司 | Channel abnormal user and abnormal channel identification method and device |
| CN111178938A (en) * | 2019-12-03 | 2020-05-19 | 微梦创科网络科技(中国)有限公司 | Anti-cheating advertisement monitoring method and device |
| CN111178938B (en) * | 2019-12-03 | 2023-09-01 | 微梦创科网络科技(中国)有限公司 | Anti-cheating advertisement monitoring method and device |
| CN111210271B (en) * | 2020-01-03 | 2023-10-17 | 北京字节跳动网络技术有限公司 | Method, device, electronic equipment and storage medium for identifying form cheating |
| CN111210271A (en) * | 2020-01-03 | 2020-05-29 | 北京字节跳动网络技术有限公司 | Method and device for identifying form cheating, electronic equipment and storage medium |
| CN112468461B (en) * | 2020-11-13 | 2022-09-23 | 北京明略昭辉科技有限公司 | Multi-dimensional abnormal flow identification method and device and computer equipment |
| CN112468461A (en) * | 2020-11-13 | 2021-03-09 | 北京明略昭辉科技有限公司 | Multi-dimensional abnormal flow identification method and device and computer equipment |
| CN112700287A (en) * | 2021-01-11 | 2021-04-23 | 郑州阿帕斯数云信息科技有限公司 | Anti-cheating method and device for application program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107274212A (en) | Cheating recognition methods and device | |
| CN106022834B (en) | Advertisement anti-cheating method and device | |
| CN109063966B (en) | Risk account identification method and device | |
| CN111435507A (en) | Advertisement anti-cheating method and device, electronic equipment and readable storage medium | |
| CN109842858B (en) | Service abnormal order detection method and device | |
| CN107895323A (en) | Credit assessment method and device | |
| CN112370793B (en) | Risk control method and device for user account | |
| CN110349039A (en) | Complaint risk appraisal procedure, system, computer equipment and readable storage medium storing program for executing | |
| CN113673870B (en) | Enterprise data analysis method and related components | |
| CN110138638B (en) | Network traffic processing method and device | |
| CN109583731B (en) | Risk identification method, device and equipment | |
| CN111626754A (en) | Card maintenance user identification method and device | |
| CN111160919A (en) | Block chain address risk assessment method and device | |
| CN112598225A (en) | Evaluation index determination method and apparatus, storage medium, and electronic apparatus | |
| CN110347566B (en) | Method and device for evaluating effectiveness of registration wind control model | |
| CN106330960B (en) | Method for limiting transaction by adopting virtual coin and server system | |
| CN113240259B (en) | Rule policy group generation method and system and electronic equipment | |
| CN113680074B (en) | Service information pushing method and device, electronic equipment and readable medium | |
| CN112347457A (en) | Abnormal account detection method and device, computer equipment and storage medium | |
| CN111105064A (en) | Method and device for determining suspected information of fraud event | |
| CN109670929A (en) | Control method, device, equipment and the computer readable storage medium of loan early warning | |
| CN117640408A (en) | Model training method, evaluation processing method and device | |
| CN110213341A (en) | The downloading detection method and device of application program | |
| CN110458707B (en) | Behavior evaluation method and device based on classification model and terminal equipment | |
| CN112257098A (en) | Method and device for determining safety of rule model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 202, 2 / F, 1-3 / F, No. 11, Shangdi Information Road, Haidian District, Beijing 100084 Applicant after: Beijing Xingxuan Technology Co.,Ltd. Address before: 100085 Beijing, Haidian District on the road to the information on the ground floor of the 1 to the 3 floor of the 2 floor, room 11, 202 Applicant before: Beijing Xiaodu Information Technology Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |