CN109446030A - A kind of behavior monitoring method and device - Google Patents
A kind of behavior monitoring method and device Download PDFInfo
- Publication number
- CN109446030A CN109446030A CN201811339201.9A CN201811339201A CN109446030A CN 109446030 A CN109446030 A CN 109446030A CN 201811339201 A CN201811339201 A CN 201811339201A CN 109446030 A CN109446030 A CN 109446030A
- Authority
- CN
- China
- Prior art keywords
- information
- target
- user
- identity
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 80
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012806 monitoring device Methods 0.000 claims description 7
- 230000003542 behavioural effect Effects 0.000 claims 1
- 230000006399 behavior Effects 0.000 description 110
- 238000012546 transfer Methods 0.000 description 16
- 238000004590 computer program Methods 0.000 description 9
- 230000015654 memory Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Quality & Reliability (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
This application provides a kind of behavior monitoring method and devices, comprising: obtains the business operation request of user;The business operation request includes operation behavior information and the identification information of the user;Based on preset regular expression, determine whether the operation behavior information is target monitoring information;In the case where the operation behavior information is the target monitoring information, it is based on the identification information, requests corresponding business operation behavior to be monitored the business operation of the user.Whether the operation behavior that the embodiment of the present application can judge automatically user needs to monitor, and does not need bury a little in client and operation system, and then cooperates without developer, and easy to operate, practicability is higher.
Description
Technical Field
The present application relates to the field of network application technologies, and in particular, to a behavior monitoring method and apparatus.
Background
In modern life, more and more services can be operated based on electronic products such as computers and mobile phones for convenience. For example, high level personnel of a government agency may review confidential documents through a client of a computer; an individual can transact services such as account transfer and the like through the electronic bank client.
In order to ensure the security during the transaction process, in the prior art, it is not only necessary to perform point burying at the client side in the service system, but also to monitor the operation behavior of the user after the point burying is activated.
However, in the existing point burying technology, the point burying codes are embedded into the application system of the client to monitor the operation behavior of the user, so that once the client is updated, the point burying codes need to be correspondingly updated, a system developer needs to be matched with the updated point burying codes, the requirement on technicians is high, the operation is complex, and the practicability is poor.
Disclosure of Invention
In view of this, an object of the embodiments of the present application is to provide a behavior monitoring method and apparatus, which can automatically determine whether an operation behavior of a user needs to be monitored, and do not need to bury a point in an application system corresponding to a client, and further do not need to cooperate with a developer, and are simple in operation and high in practicability.
In a first aspect, an embodiment of the present application provides a behavior monitoring method, including:
acquiring a service operation request of a user; the service operation request comprises operation behavior information and identity identification information of the user;
determining whether the operation behavior information is target monitoring information or not based on a preset rule;
and monitoring the business operation behavior corresponding to the business operation request of the user based on the identity identification information under the condition that the operation behavior information is the target monitoring information.
With reference to the first aspect, an embodiment of the present application provides a first possible implementation manner of the first aspect, where the monitoring, based on the identity information, a service operation behavior corresponding to the service operation request of the user includes:
determining the risk level of the business operation behavior according to the target monitoring information;
when the risk level is larger than the risk level threshold value, an identity authentication request is sent to a user;
and forwarding the service operation request to a server under the condition that the user identity authentication is passed.
With reference to the first aspect, an embodiment of the present application provides a second possible implementation manner of the first aspect, where the implementation manner includes:
matching identity information corresponding to the identity information from a data pool by using the identity information;
and associating the identity information with the business operation behavior.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present application provides a third possible implementation manner of the first aspect, where forwarding the service operation request to the server when the user identity authentication passes includes:
generating target operation information based on the service operation request;
requesting target information corresponding to the target operation information from a server based on the target operation information and the identity information;
and receiving the target information fed back by the server.
With reference to the third possible implementation manner of the first aspect, an embodiment of the present application provides a fourth possible implementation manner of the first aspect, where the fourth possible implementation manner includes:
storing the target information and/or analyzing the target information.
In a second aspect, an embodiment of the present application further provides a behavior monitoring device, including:
the acquisition module is used for acquiring a service operation request of a user; the service operation request comprises operation behavior information and identity identification information of the user;
the determining module is used for determining whether the operation behavior information is target monitoring information or not based on a preset rule;
and the monitoring module is used for monitoring the business operation behavior corresponding to the business operation request of the user based on the identity identification information under the condition that the operation behavior information is the target monitoring information.
With reference to the second aspect, an embodiment of the present application provides a first possible implementation manner of the second aspect, where the monitoring module is specifically configured to monitor, based on the identity information, a service operation behavior corresponding to the service operation request of the user by the following method, and the monitoring module includes:
determining the risk level of the business operation behavior according to the target monitoring information;
when the risk level is larger than the risk level threshold value, an identity authentication request is sent to a user;
and forwarding the service operation request to a server under the condition that the user identity authentication is passed.
With reference to the second aspect, embodiments of the present application provide a second possible implementation manner of the second aspect, where the apparatus further includes an association module;
the association module is used for matching the identity information corresponding to the identity information from a data pool by using the identity information; and associating the identity information with the business operation behavior.
With reference to the second possible implementation manner of the second aspect, an embodiment of the present application provides a third possible implementation manner of the second aspect, where the monitoring module is specifically configured to forward the service operation request to the server in the following manner when the user identity authentication passes:
generating target operation information based on the service operation request;
requesting target information corresponding to the target operation information from a server based on the target operation information and the identity information;
and receiving the target information fed back by the server.
With reference to the third possible implementation manner of the second aspect, the present application provides a fourth possible implementation manner of the second aspect, where the apparatus further includes a storage analysis module;
the storage analysis module is specifically configured to store the target information and/or analyze the target information.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the steps of the first aspect described above, or any possible implementation of the first aspect.
In a fourth aspect, this application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps in the first aspect or any one of the possible implementation manners of the first aspect.
According to the behavior monitoring method and the behavior monitoring device, a gateway is adopted to obtain a service operation request of a user; the service operation request carries operation behavior information and identity identification information of a user; whether the business operation information is the target monitoring information or not is determined by using a preset regular expression, when the business operation information is the target monitoring information, the business operation behavior corresponding to the business operation request of the user is monitored according to the identity identification information of the user, and compared with the prior art that the embedded point code is embedded into an application system of a client side to monitor the operation behavior of the user, once the client side is updated, the embedded point code needs to be correspondingly updated, a system developer needs to be matched with the embedded point code for updating, the requirement on the developer is higher, the operation is complex, and the practicability is poor, the method can automatically judge whether the operation behavior of the user needs to be monitored or not, the embedded point is not needed in the client side and the business system, further, the cooperation of the developer is not needed, the operation is simple, and the practicability is higher.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a flow chart illustrating a behavior monitoring method provided by an embodiment of the present application;
fig. 2 is a flowchart illustrating a specific method for monitoring a service operation behavior corresponding to the service operation request of the user based on the identity information in the behavior monitoring method provided in the embodiment of the present application;
FIG. 3 is a schematic diagram of a behavior monitoring device provided by an embodiment of the present application;
fig. 4 shows a schematic diagram of an electronic device provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
At present, in order to ensure the security of a user in the process of using a client on an electronic product, a point burying method is adopted at the client, when a corresponding business operation behavior occurs, the point burying method can be triggered to monitor the behavior of the user, but the point burying technology is adopted to monitor the behavior of the user, namely, a section of code is embedded into an application system of the client, when the client is updated, a code corresponding to the point burying method also needs to be updated, and the code corresponding to the point burying method needs to be updated and needs to be matched by developers of the application system, so that the requirements on technical personnel are high, the operation is complex, and the practicability is poor.
Research shows that a gateway is arranged between a client and a service server, the gateway is adopted to monitor the operation behavior of a user, whether the operation behavior of the user is the operation behavior needing to be monitored or not is matched through a regular expression, and the embedding of points in an application system corresponding to the client is not needed.
Based on the research, the application provides a behavior monitoring method and device, whether the operation behavior of the user needs to be monitored or not can be automatically judged, the application system corresponding to the client does not need to be embedded, and then cooperation of developers is not needed, so that the operation is simple, and the practicability is high.
The above-mentioned drawbacks are the results of the inventor after practical and careful study, and therefore, the discovery process of the above-mentioned problems and the solution proposed by the present application to the above-mentioned problems in the following should be the contribution of the inventor to the present application in the process of the present application.
The technical solutions in the present application will be described clearly and completely with reference to the drawings in the present application, and it should be understood that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the present application, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
To facilitate understanding of the embodiment, first, a behavior monitoring method disclosed in the embodiment of the present application is described in detail, where an execution subject of the behavior monitoring method provided in the embodiment of the present application is a gateway disposed between a client and a service server.
Example one
Referring to fig. 1, a flowchart of a behavior monitoring method provided in an embodiment of the present application is shown, where the method includes steps S101 to S103, where:
s101: acquiring a service operation request of a user; the service operation request comprises operation behavior information and the identity information of the user.
In the specific implementation, when the user operates the client, the user requests a corresponding service from the service system, for example: login and bank transfer service, and user request for looking up personal data, the service operation request is the request information of user requesting service from service system, and the identification information can be the data stored in user client for identifying user identity, such as cookie.
When a user operates at a client, the gateway can acquire a service operation request corresponding to a service requested by the user from the service system.
S102: and determining whether the operation behavior information is target monitoring information or not based on a preset regular expression.
When the monitoring is specifically realized, a filtering module is arranged at the gateway, a regular expression is arranged in the filtering module, a plurality of service operation behavior data needing to be monitored are also stored at the gateway, the service operation behavior data corresponding to the operation behavior information can be matched through the regular expression, and when the service operation behavior data corresponding to the operation behavior information are matched, the operation behavior information is represented as target monitoring information.
For example: when a user carries out a transfer service, operation behaviors such as transfer frequency, transfer amount and the like are required to be monitored, then a regular expression is used for setting a monitoring rule and service operation behavior data corresponding to the operation behaviors such as transfer frequency, transfer amount and the like, and when the regular expression is matched with the service operation behavior data corresponding to the operation behaviors such as transfer frequency, transfer amount and the like, the operation behaviors such as the transfer frequency, the transfer amount and the like are required to be monitored by a gateway, namely target monitoring information.
S103: and monitoring the business operation behavior corresponding to the business operation request of the user based on the identity identification information under the condition that the operation behavior information is the target monitoring information.
When the operation behavior information is determined to be the target detection information, matching a user identity corresponding to the identity identification information in the data pool according to the identity identification information, determining identity information corresponding to the service operation request, determining the user identity, associating the identity information of the user with the service operation behavior after the user identity is determined, and monitoring the service operation behavior of the user.
Specifically, referring to fig. 2, an embodiment of the present application further provides a flowchart of a specific method for monitoring a service operation behavior corresponding to the service operation request of the user based on the identity information, where the method includes steps S201 to S203, where:
s201: and determining the risk level of the business operation behavior according to the target monitoring information.
S202: and when the risk level is greater than the risk level threshold value, initiating an identity authentication request to the user.
S203: and forwarding the service operation request to a server under the condition that the user identity authentication is passed.
In the specific implementation, the risk level of the business operation behavior can be determined according to the target monitoring information, for example: the target monitoring information is the number of transferred accounts, the business operation behavior is the transfer of eighty-hundred-thousand, then the corresponding transfer of eighty-hundred-thousand business operation behavior has a certain risk, after the corresponding risk level is determined, the risk level is compared with a risk level threshold, if the risk level is greater than the risk level threshold, an identity authentication request is sent to a user, the identity of the user is authenticated, for example, identity authentication is carried out in a face recognition mode, identity authentication of the user is carried out by using fingerprints, and the like, and after the identity authentication is passed, the business operation request is forwarded to a server, so that the business operation is completed.
Specifically, the embodiment of the present application further provides a specific method for forwarding the service operation request to a server when the user identity authentication passes, including:
generating target operation information based on the service operation request;
requesting target information corresponding to the target operation information from a server based on the target operation information and the identity information;
and receiving the target information fed back by the server.
In the specific implementation, target operation information is generated according to the service operation request, for example: and if the business operation request is transfer, and the transfer number is eight million, generating target operation information which is eight million of transfer. After the target operation information is generated, corresponding to the identity information corresponding to the target operation information, requesting the server for the target information corresponding to the target operation information, and receiving the target information fed back by the server.
And after receiving the target information fed back by the server, storing the target information, and when the business operation behavior of the user needs to be analyzed, calling the stored target information to analyze the target information so as to analyze the business operation behavior of the user.
Example two
An embodiment of the present application further provides another behavior monitoring method, including:
acquiring a service operation request of a user; the service operation request comprises operation behavior information and identity identification information of the user;
determining whether the operation behavior information is target monitoring information or not by using a preset regular expression based on the identity identification information;
and monitoring the business operation behavior corresponding to the business operation request of the user under the condition that the operation behavior information is the target monitoring information.
And when the specific implementation is carried out, according to the identity identification information, matching the user identity corresponding to the identity identification information in the data pool, determining the identity information corresponding to the service operation request, and determining the user identity. After the identity of the user is determined, the identity information of the user is associated with the business operation behavior, the business operation behavior data corresponding to the operation behavior information is matched through a regular expression, when the business operation behavior data corresponding to the operation behavior information is matched, the operation behavior information is represented as target monitoring information, and when the operation behavior information is determined to be target detection information, the business operation behavior of the user is monitored.
The behavior monitoring method provided by the embodiment of the application adopts the gateway to obtain the service operation request of the user; the service operation request carries operation behavior information and identity identification information of a user; whether the business operation information is the target monitoring information or not is determined by using a preset regular expression, when the business operation information is the target monitoring information, the business operation behavior corresponding to the business operation request of the user is monitored according to the identity identification information of the user, and compared with the prior art that the embedded point code is embedded into an application system of a client side to monitor the operation behavior of the user, once the client side is updated, the embedded point code needs to be correspondingly updated, a system developer needs to be matched with the embedded point code for updating, the requirement on the developer is higher, the operation is complex, and the practicability is poor, the method can automatically judge whether the operation behavior of the user needs to be monitored or not, the embedded point is not needed in the client side and the business system, further, the cooperation of the developer is not needed, the operation is simple, and the practicability is higher.
Based on the same inventive concept, the embodiment of the present application further provides a behavior monitoring device corresponding to the behavior monitoring method, and as the principle of solving the problem of the device in the embodiment of the present application is similar to that of the behavior monitoring method in the embodiment of the present application, the implementation of the device can refer to the implementation of the method, and repeated details are not repeated.
EXAMPLE III
Referring to fig. 3, which is a schematic view of a behavior monitoring device provided in a fifth embodiment of the present application, the behavior monitoring device includes: an acquisition module 31, a determination module 32, and a monitoring module 33; wherein,
an obtaining module 31, configured to obtain a service operation request of a user; the service operation request comprises operation behavior information and identity identification information of the user;
a determining module 32, configured to determine whether the operation behavior information is target monitoring information based on a preset regular expression;
a monitoring module 33, configured to monitor, based on the identity information, a service operation behavior corresponding to the service operation request of the user when the operation behavior information is the target monitoring information.
In a possible implementation manner, the monitoring module 33 is specifically configured to monitor a service operation behavior corresponding to the service operation request of the user based on the identity information in the following manner, and includes:
determining the risk level of the business operation behavior according to the target monitoring information;
when the risk level is larger than the risk level threshold value, an identity authentication request is sent to a user;
and forwarding the service operation request to a server under the condition that the user identity authentication is passed.
In a possible embodiment, the apparatus further comprises an association module 34;
the association module 34 is configured to match, from a data pool, the identity information corresponding to the identity information using the identity information; and associating the identity information with the business operation behavior.
In a possible embodiment, the monitoring module 33 is specifically configured to forward the service operation request to the server in the following manner if the user identity authentication passes:
generating target operation information based on the service operation request;
requesting target information corresponding to the target operation information from a server based on the target operation information and the identity information;
and receiving the target information fed back by the server.
In a possible embodiment, the apparatus further comprises a storage analysis module 35;
the storage analysis module is specifically configured to store the target information and/or analyze the target information.
The description of the processing flow of each module in the device and the interaction flow between the modules may refer to the related description in the above method embodiments, and will not be described in detail here.
Corresponding to the behavior monitoring method in fig. 1, an embodiment of the present application further provides an electronic device, as shown in fig. 4, the electronic device includes a memory 41, a processor 42, a bus 43, and a computer program stored on the memory 41 and executable on the processor 42, where the processor 42 implements the steps of the behavior monitoring method when executing the computer program.
Specifically, the memory 41 and the processor 42 can be general memories and processors, which are not specifically limited herein, and when the processor 42 runs a computer program stored in the memory 41, the behavior monitoring method can be executed, so that the technical problems that in the prior art, embedded point codes are embedded into an application system of a client to monitor operation behaviors of a user, once the client is updated, the embedded point codes need to be updated correspondingly, a system developer needs to update the embedded point codes in a matching manner, requirements on the developer are high, the operation is complex, and the practicability is poor are solved, and the effects of automatically judging whether the operation behaviors of the user need to be monitored, not embedding points in the client and a service system, further not needing the cooperation of the developer, being simple to operate, and being high in practicability are achieved.
Corresponding to the behavior monitoring method in fig. 1, an embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the behavior monitoring method.
Specifically, the storage medium can be a general storage medium, such as a mobile disk, a hard disk, and the like, and when a computer program on the storage medium is run, the behavior monitoring method can be executed, so that the technical problems that in the prior art, a point code is embedded into an application system of a client to monitor the operation behavior of a user are solved, once the client is updated, the point code is required to be correspondingly updated, a system developer is required to update the point code, the requirement on the developer is high, the operation is complex, and the practicability is poor are solved, and whether the operation behavior of the user needs to be monitored or not is automatically judged, and the point is not required to be embedded in the client and a service system, so that the cooperation of the developer is not required, the operation is simple, and the practicability is high.
The behavior monitoring method and the computer program product of the apparatus provided in the embodiments of the present application include a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementations may refer to the method embodiments and are not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the exemplary embodiments of the present application, and are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of behavioral monitoring, comprising:
acquiring a service operation request of a user; the service operation request comprises operation behavior information and identity identification information of the user;
determining whether the operation behavior information is target monitoring information or not based on a preset regular expression;
and monitoring the business operation behavior corresponding to the business operation request of the user based on the identity identification information under the condition that the operation behavior information is the target monitoring information.
2. The method according to claim 1, wherein the monitoring the service operation behavior corresponding to the service operation request of the user based on the identification information comprises:
determining the risk level of the business operation behavior according to the target monitoring information;
when the risk level is larger than the risk level threshold value, an identity authentication request is sent to a user;
and forwarding the service operation request to a server under the condition that the user identity authentication is passed.
3. The method of claim 1, comprising:
matching identity information corresponding to the identity information from a data pool by using the identity information;
and associating the identity information with the business operation behavior.
4. The method of claim 3, wherein forwarding the service operation request to a server if the user identity authentication is passed comprises:
generating target operation information based on the service operation request;
requesting target information corresponding to the target operation information from a server based on the target operation information and the identity information;
and receiving the target information fed back by the server.
5. The method of claim 4, further comprising: storing the target information and/or analyzing the target information.
6. A performance monitoring device, comprising:
the acquisition module is used for acquiring a service operation request of a user; the service operation request comprises operation behavior information and identity identification information of the user;
the determining module is used for determining whether the operation behavior information is target monitoring information or not based on a preset regular expression;
and the monitoring module is used for monitoring the business operation behavior corresponding to the business operation request of the user based on the identity identification information under the condition that the operation behavior information is the target monitoring information.
7. The apparatus according to claim 6, wherein the monitoring module is specifically configured to monitor a service operation behavior corresponding to the service operation request of the user based on the identification information by:
determining the risk level of the business operation behavior according to the target monitoring information;
when the risk level is larger than the risk level threshold value, an identity authentication request is sent to a user;
and forwarding the service operation request to a server under the condition that the user identity authentication is passed.
8. The apparatus of claim 6, further comprising an association module;
the association module is used for matching the identity information corresponding to the identity information from a data pool by using the identity information; and associating the identity information with the business operation behavior.
9. The apparatus according to claim 8, wherein the monitoring module is specifically configured to forward the service operation request to the server if the user identity authentication passes by:
generating target operation information based on the service operation request;
requesting target information corresponding to the target operation information from a server based on the target operation information and the identity information;
and receiving the target information fed back by the server.
10. The apparatus of claim 9, further comprising a storage analysis module;
the storage analysis module is specifically configured to store the target information and/or analyze the target information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811339201.9A CN109446030A (en) | 2018-11-12 | 2018-11-12 | A kind of behavior monitoring method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811339201.9A CN109446030A (en) | 2018-11-12 | 2018-11-12 | A kind of behavior monitoring method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109446030A true CN109446030A (en) | 2019-03-08 |
Family
ID=65551969
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811339201.9A Pending CN109446030A (en) | 2018-11-12 | 2018-11-12 | A kind of behavior monitoring method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109446030A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110443677A (en) * | 2019-07-05 | 2019-11-12 | 五八有限公司 | A kind of information processing method and device |
CN112398792A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110022214A1 (en) * | 2009-07-23 | 2011-01-27 | Bernhard Glomann | Method for Monitoring Operation Behaviour of a Component of an Industrial Plant |
CN103679031A (en) * | 2013-12-12 | 2014-03-26 | 北京奇虎科技有限公司 | File virus immunizing method and device |
CN103927253A (en) * | 2013-01-11 | 2014-07-16 | 阿里巴巴集团控股有限公司 | Multiple browser compatibility testing method and system |
CN105306204A (en) * | 2014-07-04 | 2016-02-03 | 腾讯科技(深圳)有限公司 | Security verification method, device and system |
CN105959180A (en) * | 2016-06-12 | 2016-09-21 | 乐视控股(北京)有限公司 | Data detection method and device |
CN108574605A (en) * | 2017-03-07 | 2018-09-25 | 中国移动通信有限公司研究院 | A kind of acquisition method and device of user behavior data |
-
2018
- 2018-11-12 CN CN201811339201.9A patent/CN109446030A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110022214A1 (en) * | 2009-07-23 | 2011-01-27 | Bernhard Glomann | Method for Monitoring Operation Behaviour of a Component of an Industrial Plant |
CN103927253A (en) * | 2013-01-11 | 2014-07-16 | 阿里巴巴集团控股有限公司 | Multiple browser compatibility testing method and system |
CN103679031A (en) * | 2013-12-12 | 2014-03-26 | 北京奇虎科技有限公司 | File virus immunizing method and device |
CN105306204A (en) * | 2014-07-04 | 2016-02-03 | 腾讯科技(深圳)有限公司 | Security verification method, device and system |
CN105959180A (en) * | 2016-06-12 | 2016-09-21 | 乐视控股(北京)有限公司 | Data detection method and device |
CN108574605A (en) * | 2017-03-07 | 2018-09-25 | 中国移动通信有限公司研究院 | A kind of acquisition method and device of user behavior data |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110443677A (en) * | 2019-07-05 | 2019-11-12 | 五八有限公司 | A kind of information processing method and device |
CN112398792A (en) * | 2019-08-15 | 2021-02-23 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
CN112398792B (en) * | 2019-08-15 | 2022-07-05 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108156237B (en) | Product information pushing method and device, storage medium and computer equipment | |
US10182051B1 (en) | Systems and methods for providing block chain-based multifactor personal identity verification | |
KR102151862B1 (en) | Service processing method and device | |
CN109614238B (en) | Target object identification method, device and system and readable storage medium | |
CN109871691A (en) | Process management method, system, equipment and readable storage medium storing program for executing based on permission | |
US10685347B1 (en) | Activating a transaction card | |
CN110442712B (en) | Risk determination method, risk determination device, server and text examination system | |
EP3256978B1 (en) | Method and apparatus for assigning device fingerprints to internet devices | |
CN108287823B (en) | Message data processing method and device, computer equipment and storage medium | |
CN110209925B (en) | Application pushing method, device, computer equipment and storage medium | |
TWI701932B (en) | Identity authentication method, server and client equipment | |
CN108763251B (en) | Personalized recommendation method and device for nuclear product and electronic equipment | |
US11899770B2 (en) | Verification method and apparatus, and computer readable storage medium | |
CN109446030A (en) | A kind of behavior monitoring method and device | |
CN112347457A (en) | Abnormal account detection method and device, computer equipment and storage medium | |
CN109325348B (en) | Application security analysis method and device, computing equipment and computer storage medium | |
CN106570685B (en) | Service processing method and device | |
CN113508371B (en) | System and method for improving computer identification | |
CN111784352A (en) | Authentication risk identification method and device and electronic equipment | |
CN112115836A (en) | Information verification method and device, computer readable storage medium and electronic equipment | |
US9996691B1 (en) | Using signals from developer clusters | |
CN117290827A (en) | Security verification method, security verification device, computer equipment and storage medium | |
CN116663003A (en) | Attack detection method, attack detection device, computer equipment and storage medium | |
CN117407420A (en) | Data construction method, device, computer equipment and storage medium | |
CN114756736A (en) | Content pushing method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |
|
RJ01 | Rejection of invention patent application after publication |