[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109657148B - Abnormal operation identification method, device, server and medium for reported POI - Google Patents

Abnormal operation identification method, device, server and medium for reported POI Download PDF

Info

Publication number
CN109657148B
CN109657148B CN201811582770.6A CN201811582770A CN109657148B CN 109657148 B CN109657148 B CN 109657148B CN 201811582770 A CN201811582770 A CN 201811582770A CN 109657148 B CN109657148 B CN 109657148B
Authority
CN
China
Prior art keywords
poi
target user
reported
user
abnormal operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811582770.6A
Other languages
Chinese (zh)
Other versions
CN109657148A (en
Inventor
何守伟
刘复新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201811582770.6A priority Critical patent/CN109657148B/en
Publication of CN109657148A publication Critical patent/CN109657148A/en
Application granted granted Critical
Publication of CN109657148B publication Critical patent/CN109657148B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Alarm Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention discloses a method, a device, a server and a medium for identifying abnormal operation of a reported POI, wherein the method comprises the following steps: extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user; identifying whether the target user is a candidate abnormal user or not according to the characteristic parameters; and if the target user is a candidate abnormal user, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules. The embodiment of the invention solves the problems that the identification precision of the abnormal operation aiming at the reported POI is lower and the type of the abnormal operation can not be identified in the prior art, improves the identification precision aiming at the abnormal operation and can accurately identify the type of the abnormal operation.

Description

Abnormal operation identification method, device, server and medium for reported POI
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a method, a device, a server and a medium for identifying abnormal operation of a reported POI.
Background
The Point of Interest (POI) includes information such as name, category, longitude and latitude, and hotel or shop nearby, and can be used for applications such as map navigation. The POI data is a basis of Online Offline/Online To Offline (O2O) services, and directly provides comprehensive and intuitive demand information for a large number of users.
In a real-life scene, a large number of POIs exist, and for the acquisition of POI data, except for the self acquisition and labeling of an application developer, the data is generally acquired in a way reported by a user. For example, POI-UGC (UGC, User Generated Content, refers to original Content of a User), i.e., an important channel for free labeling of map POI data. However, the quality of the POI data reported by the user is uneven, and even some users report falsely or incorrectly for illegal purposes, so that in the scenario of reporting the POI by the user, the application developer faces a severe data abnormal operation problem, such as data cheating.
Disclosure of Invention
The embodiment of the invention provides a method, a device, a server and a medium for identifying abnormal operation of a reported POI (point of interest), so as to improve the identification precision of the abnormal operation of the reported POI and accurately identify the type of the abnormal operation.
In a first aspect, an embodiment of the present invention provides a method for identifying abnormal operations of a reported POI, where the method includes:
extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user;
identifying whether the target user is a candidate abnormal user or not according to the characteristic parameters;
and if the target user is a candidate abnormal user, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rule.
In a second aspect, an embodiment of the present invention further provides an apparatus for identifying abnormal operations for a reported POI, where the apparatus includes:
the characteristic parameter extraction module is used for extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user;
the candidate abnormal user identification module is used for identifying whether the target user is a candidate abnormal user according to the characteristic parameters;
and the abnormal operation type identification module is used for identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules if the target user is a candidate abnormal user.
In a third aspect, an embodiment of the present invention further provides a server, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for identifying abnormal operations for reporting POIs according to any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for identifying abnormal operation for reporting a POI according to any embodiment of the present invention.
According to the embodiment of the invention, whether a target user is a candidate abnormal user is identified according to characteristic parameters extracted from historical reported data of the target user; if the target user is a candidate abnormal user, the abnormal operation type of the target user is identified according to the characteristic parameters and the preset rules, so that the problems that the identification precision of the abnormal operation aiming at the reported POI is low and the abnormal operation type cannot be identified in the prior art are solved, the identification precision aiming at the abnormal operation is improved, and the effect of accurately identifying the abnormal operation type is achieved.
Drawings
Fig. 1 is a flowchart of an abnormal operation identification method for a reported POI according to an embodiment of the present invention;
fig. 2 is a flowchart of an abnormal operation identification method for a reported POI according to a second embodiment of the present invention;
fig. 3 is a flowchart of an abnormal operation identification method for a reported POI according to a third embodiment of the present invention;
fig. 4 is a flowchart of an abnormal operation identification method for a reported POI according to a fourth embodiment of the present invention;
fig. 5 is a flowchart of an abnormal operation identification method for a reported POI according to the fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an abnormal operation recognition apparatus for reporting a POI according to a sixth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a server according to a seventh embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of an abnormal operation identification method for a reporting POI according to an embodiment of the present invention, where the method is applicable to a case where an abnormal operation of the reporting POI is identified, and the method may be executed by an abnormal operation identification device for the reporting POI, and the device may be implemented in a software and/or hardware manner and may be integrated on a server.
As shown in fig. 1, the method for identifying abnormal operation for reporting a POI according to this embodiment may include:
s110, extracting characteristic parameters from historical reported data of the target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user.
The target user in this embodiment may be any user that performs the reporting of the POI behavior. Before extracting the characteristic parameters, the server identifies a User account by extracting UID (User Identification) information of a work order of a target User, further acquires historical reported data of the target User based on the User account, and extracts the characteristic parameters related to POI (point of interest) reported historically from the historical reported data.
Optionally, the characteristic parameters include, but are not limited to: POI name, user coordinate, POI telephone, type of work order reported and total number of work orders reported. The work order types include new addition, error correction and offline. Compared with the prior art that the characteristic parameters considered in the abnormal operation identification process are single, for example, only the type of the reported work order and the total number of the reported work orders are considered, in the embodiment, other characteristic parameters are also considered at the same time, so that the accuracy of the abnormal operation identification can be ensured, and the identification accidental injury rate is reduced.
And S120, identifying whether the target user is a candidate abnormal user or not according to the characteristic parameters.
Illustratively, if the extracted feature parameters have feature parameters which do not meet the requirements of preset parameters, the target user is determined as a candidate abnormal user. The preset parameter requirement may be a reference standard set for one or more characteristic parameters based on an existing abnormal operation identification experience, and is used to preliminarily identify whether a behavior of the POI reported by the user belongs to an abnormal operation.
And S130, if the target user is a candidate abnormal user, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rule.
Wherein the preset rule defines a condition that is satisfied by the characteristic parameter corresponding to the specific abnormal operation type. Different abnormal operation types correspond to different characteristic parameter conditions. If the target user is preliminarily determined to be a candidate abnormal user according to the characteristic parameters, whether the user is a real abnormal user is further judged based on the characteristic parameters, and the type of the abnormal operation of the target user is distinguished based on characteristic parameter conditions corresponding to different abnormal operation types.
Optionally, the abnormal operation types include, but are not limited to: agent reporting, malicious competitive product reporting and malicious reporting diversion. The agent reporting means that some illegal POI are entrusted to an intermediate agent to realize the data reporting behavior; the malicious competitive product reporting refers to the behavior that the interests of the competitors are damaged through the reporting of illegal POI (point of interest) among commercial competitors; the malicious reporting diversion means the behavior of a user who makes a reservation by using a communication telephone corresponding to a plurality of POIs based on the false reporting of the place. The above-listed abnormal operation types are exemplary illustrations of the scheme of the present embodiment, and should not be taken as limitations of the present embodiment.
According to the technical scheme of the embodiment, whether the target user is a candidate abnormal user is identified according to the characteristic parameters extracted from the historical reported data of the target user; if the target user is a candidate abnormal user, the abnormal operation type of the target user is identified according to the characteristic parameters and the preset rules, so that the problems that the identification precision of the abnormal operation aiming at the reported POI is low and the abnormal operation type cannot be identified in the prior art are solved, the identification precision aiming at the abnormal operation is improved, the effect of accurately identifying the abnormal operation type is realized, and the identification accidental injury rate is reduced; and further, data support is provided for an abnormal operating system of the POI-UGC, and the risk controllability in the POI-UGC integral data processing flow is ensured.
Example two
Fig. 2 is a flowchart of an abnormal operation identification method for a reported POI according to a second embodiment of the present invention, which is further optimized based on the foregoing embodiments. As shown in fig. 2, the method may include:
s210, extracting characteristic parameters from historical reported data of the target user.
And S220, judging according to the total number of the reported work orders of the target user in the characteristic parameters and a first preset threshold, and if the total number of the reported work orders is higher than the first preset threshold, taking the target user as a candidate abnormal user.
The more the total number of the reported work orders of the target user is, the higher the possibility that the target user is an abnormal user is.
The first preset threshold value can be set according to actual conditions. For example, the first preset threshold is set to 10, if the total number of reported work orders of the target user in the extracted feature parameters exceeds 10, the target user is determined as a candidate abnormal user, and if the total number of reported work orders of the target user does not exceed 10, the classification analysis of the anti-abnormal operation is ended, so as to ensure the accuracy of the identification of the anti-abnormal operation.
And S230, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules.
Optionally, the method further includes:
and if the abnormal operation type of the target user is identified to be any one of agent reporting, malicious bid reporting or malicious diversion reporting, determining that the target user is an abnormal user and pulling the abnormal user into a blacklist. By automatically pulling the abnormal users into the blacklist and blocking POI data reported by the abnormal users, bad POI marked on the map is reduced, and public interests are maintained.
According to the technical scheme of the embodiment, the target user is identified as the candidate abnormal user according to the relation between the total number of the reported work orders of the target user in the characteristic parameters and the first preset threshold, and then the abnormal operation type of the target user is identified continuously according to the characteristic parameters and the preset rules, so that the problems that the identification precision of the abnormal operation aiming at the reported POI is low and the abnormal operation type cannot be identified in the prior art are solved, the identification precision aiming at the abnormal operation is improved, the effect of accurately identifying the abnormal operation type is achieved, and the identification accidental injury rate is reduced.
EXAMPLE III
Fig. 3 is a flowchart of an abnormal operation identification method for a reporting POI according to a third embodiment of the present invention, which is further optimized based on the foregoing embodiments, and is exemplarily illustrated by taking an abnormal operation type of a target user as proxy reporting. As shown in fig. 3, the method may include:
s310, extracting characteristic parameters from historical reported data of the target user.
S320, judging according to the total number of the reported work orders of the target users in the characteristic parameters and a first preset threshold value, and if the total number of the reported work orders is higher than the first preset threshold value, taking the target users as candidate abnormal users.
S330, clustering POI coordinates and user coordinates in historical reported data of the target user respectively.
Illustratively, the POI coordinates and the user coordinates are clustered by using an existing clustering algorithm, such as a density-based clustering algorithm (db-scan algorithm), to obtain a POI coordinate cluster and a user coordinate cluster. The radius parameter in the cluster calculation process may be set to different values according to the accuracy requirement of the coordinate cluster calculation, for example, the interval of the city is roughly estimated, and the radius parameter may be set to R1 100000 m.
S340, aiming at the clustering result, if the user coordinates are clustered into one cluster, the POI coordinates are clustered into a plurality of POI coordinate clusters, and the number of the POI coordinate clusters reaches a second preset threshold value, identifying the abnormal operation type of the target user as agent reporting.
The user coordinates in the clustering result are clustered into a cluster, namely the position of the user is almost unchanged when the user reports the POI; the POI coordinates are gathered into a plurality of clusters, namely, the POI positions reported by the user comprise a plurality of different positions. For example, the target user reports 20 work orders altogether, and the POI coordinates can be clustered into 15 coordinate clusters, wherein at least 10 POI coordinate clusters correspond to the same user coordinate, and if the second preset threshold is set to be half of the number of the work orders, that is, the second preset threshold is 10, the reporting behavior of the target user conforms to the characteristic reported by the agent, and the abnormal operation type of the target user is identified as agent reporting.
According to the technical scheme of the embodiment, firstly, a target user is identified as a candidate abnormal user according to the relation between the total number of reported work orders of the target user and a first preset threshold value; and then, the abnormal operation type of the target user is identified as proxy report by clustering and analyzing the POI coordinates and the user coordinates reported by the target user, so that the problems that the identification precision of the abnormal operation aiming at the reported POI is low and the abnormal operation type cannot be identified in the prior art are solved, the identification precision aiming at the abnormal operation is improved, the effect of accurately identifying the abnormal operation type is realized, and the identification accidental injury rate is reduced.
Example four
Fig. 4 is a flowchart of an abnormal operation identification method for a reporting POI according to a fourth embodiment of the present invention, which is further optimized based on the foregoing embodiments, and is exemplarily illustrated by taking an abnormal operation type of a target user as a malicious bid report. As shown in fig. 4, the method may include:
and S410, extracting characteristic parameters from historical reported data of the target user.
And S420, judging according to the total number of the reported work orders of the target user in the characteristic parameters and a first preset threshold value, and if the total number of the reported work orders is higher than the first preset threshold value, taking the target user as a candidate abnormal user.
And S430, clustering the POI names and the POI coordinates in the historical reported data of the target user respectively to obtain a plurality of POI name clusters and a plurality of POI coordinate clusters.
Illustratively, the industry aggregation condition of the POI names is calculated by using an existing similarity calculation method, such as the Jaccard similarity calculation method, so as to obtain a plurality of POI name clusters; and clustering the reported POI coordinates by using a db-scan algorithm to obtain a plurality of POI coordinate clusters, wherein the radius parameter in the clustering calculation process can be set to be R2-200 m.
S440, if the following rules are met, identifying that the abnormal operation type of the target user is a malicious competitive product report: the method comprises the steps that name clusters with the number of POI names reaching a third preset threshold exist in a plurality of POI name clusters; the cluster number of the POI coordinate clusters reaches a fourth preset threshold value; and the proportion of the number of the work orders with the reported work order types of error correction and/or offline in the historical reported data of the target user to the total number of the reported work orders reaches a fifth preset threshold value.
The third preset threshold, the fourth preset threshold and the fifth preset threshold may be flexibly set according to actual needs, may be set to the same value, and may also be set to different values. If the POI name included in one POI name cluster exceeds a third preset threshold value, the POI name cluster indicates that a target user reports a large number of POIs belonging to the same type of industry; and if the cluster number of the obtained POI coordinate clusters reaches a fourth preset threshold value, indicating that the target user reports POIs of a plurality of places.
Illustratively, the third preset threshold and the fourth preset threshold are set to 50% of the total number of the reported work orders of the target user, and the fifth preset threshold is set to 80% of the total number of the reported work orders of the target user. Assuming that the total number of work orders reported by a target user is 20, obtaining 10 POI name clusters and 10 POI coordinate clusters through clustering analysis, wherein one POI name cluster comprises 11 POI names belonging to the same industry, and the visible POI name clusters and the POI coordinate clusters both meet the requirements of a third preset threshold value and a fourth preset threshold value. If the number of the work orders belonging to the error correction type in the work order types reported by the user is judged to be at least 16 continuously, or the number of the work orders belonging to the offline type in the reported work order types is at least 16, or the total number of the work orders belonging to the error correction type and the offline type in the reported work order types is at least 16, namely the total number of the work orders reported by the user is 80% under the three conditions. And if the reporting behavior of the target user accords with the characteristics of the report of the malicious competitive products, the abnormal operation type is identified to be the report of the malicious competitive products.
It should be noted that, when identifying whether the abnormal operation type is a malicious competitive product report, none of the three identification conditions in the above rule is available, and when any one identification condition is not met, the abnormal operation type of the target user cannot be determined as the malicious competitive product report, otherwise, the phenomenon of identification error damage occurs, which results in the accuracy of abnormal operation type identification decreasing. For example, a certain property broker reports newly added shops in every city, and the number of names in a POI name cluster and the number of clusters in a POI coordinate cluster obtained by clustering characteristic parameters of reported data of the property broker meet a third preset threshold and a fourth preset threshold respectively, but the reported work order type of the property broker is newly added, not corrected and off-line, so that the reported POI behavior of the property broker does not belong to malicious competitive product reporting.
According to the technical scheme of the embodiment, firstly, a target user is identified as a candidate abnormal user according to the relation between the total number of reported work orders of the target user and a first preset threshold value; and then respectively clustering the reported POI name and POI coordinate of the target user, and simultaneously identifying the abnormal operation type of the target user as malicious competitive product reporting based on the clustering result and the reported work order type of the target user, thereby solving the problems that the identification precision of the abnormal operation aiming at the reported POI is low and the abnormal operation type can not be identified in the prior art, realizing the effects of improving the identification precision aiming at the abnormal operation, accurately identifying the abnormal operation type and reducing the identification accidental injury rate.
EXAMPLE five
Fig. 5 is a flowchart of an abnormal operation identification method for a reporting POI according to the fifth embodiment of the present invention, which is further optimized based on the foregoing embodiments, and is exemplarily illustrated by taking an abnormal operation type of a target user as a malicious reporting flow guide. As shown in fig. 5, the method may include:
s510, extracting characteristic parameters from historical reported data of the target user.
S520, judging according to the total number of the reported work orders of the target user in the characteristic parameters and a first preset threshold value, and if the total number of the reported work orders is higher than the first preset threshold value, taking the target user as a candidate abnormal user.
S530, clustering POI names in historical reported data of the target user to obtain a plurality of POI name clusters.
Illustratively, the industry aggregation condition of the POI names is calculated by using an existing similarity calculation method, such as the Jaccard similarity calculation method, to obtain a plurality of POI name clusters.
S540, if the following rules are met, identifying that the abnormal operation type of the target user is malicious reporting diversion: the method comprises the following steps that name clusters with the number of POI names reaching a sixth preset threshold exist in a plurality of POI name clusters; the proportion of the work orders with the POI telephones in all the work orders reported by the target user to the total number of the reported work orders reaches a seventh preset threshold value; and the reporting work order type in the historical reporting data of the target user is that the proportion of the newly increased work order number to the total number of the reported work orders reaches an eighth preset threshold value.
The sixth preset threshold, the seventh preset threshold and the eighth preset threshold may be flexibly set according to actual needs. Illustratively, the sixth preset threshold is set to 50% of the total number of the reported work orders of the target user, the seventh preset threshold is set to 90% of the total number of the reported work orders of the target user, and the eighth preset threshold is set to 80% of the total number of the reported work orders of the target user. Assuming that the total number of work orders reported by a target user is 20, 10 POI name clusters are obtained through clustering analysis, wherein one POI name cluster comprises 11 POI names belonging to the same industry, the work order quantity of POI telephones in all the reported work orders is at least 18, the number of the work orders is at least 16 when the work order types are newly increased, and the abnormal operation type is identified as malicious reporting flow guidance when the reporting behavior of the target user accords with the characteristics of malicious reporting flow guidance. For the situation, for example, in a dense traffic area such as a station, a bad merchant usually reports false addresses of a plurality of hotels to a map server at the same time, so that the hotels are labeled near the station, each reported POI corresponds to a POI phone, when a message of a room reserved by a traveler is received, the POI phone is used for communicating and docking with the traveler, and the behavior of the merchant belongs to malicious reporting diversion.
It should be noted that, when identifying whether the abnormal operation type is malicious reporting diversion, none of the three identification conditions in the rule is available, and when any one of the identification conditions is not met, the abnormal operation type of the target user cannot be determined as malicious reporting diversion, otherwise, the phenomenon of identification accidental injury occurs, which causes the accuracy of identifying the abnormal operation type to decrease.
According to the technical scheme of the embodiment, firstly, a target user is identified as a candidate abnormal user according to the relation between the total number of reported work orders of the target user and a first preset threshold value; and then clustering the POI names reported by the target users, and identifying the abnormal operation types of the target users as malicious reporting diversion based on the clustering result, the reported work order types of the target users and the reported work order quantity with the POI telephones, thereby solving the problems that the identification precision of the abnormal operation aiming at the reported POI is low and the abnormal operation types can not be identified in the prior art, realizing the effects of improving the identification precision aiming at the abnormal operation, accurately identifying the abnormal operation types and reducing the identification accidental injury rate.
EXAMPLE six
Fig. 6 is a schematic structural diagram of an abnormal operation recognition apparatus for a reporting POI according to a sixth embodiment of the present invention, which is applicable to a case of recognizing an abnormal operation of a reporting POI. The device can be realized in a software and/or hardware mode and can be integrated on a server.
As shown in fig. 6, the abnormal operation identification apparatus for reporting a POI according to this embodiment may include a feature parameter extraction module 610, a candidate abnormal user identification module 620, and an abnormal operation type identification module 630, where:
the feature parameter extraction module 610 is configured to extract feature parameters from historical reported data of a target user, where the feature parameters are used to describe attribute information of a historical POI reported by the target user;
a candidate abnormal user identification module 620, configured to identify whether the target user is a candidate abnormal user according to the characteristic parameter;
and an abnormal operation type identification module 630, configured to identify, if the target user is a candidate abnormal user, an abnormal operation type of the target user according to the characteristic parameter and a preset rule.
Optionally, the characteristic parameters at least include: POI name, user coordinate, POI telephone, type of work order reported and total number of work orders reported.
Optionally, the candidate abnormal user identification module 620 is configured to:
and judging according to the total number of the reported work orders of the target user and a first preset threshold, and if the total number of the reported work orders is higher than the first preset threshold, taking the target user as a candidate abnormal user.
Optionally, the abnormal operation types at least include: agent reporting, malicious competitive product reporting and malicious reporting diversion.
Optionally, the abnormal operation type identifying module 630 includes:
the first clustering unit is used for respectively clustering POI coordinates and user coordinates in historical reported data of the target user if the target user is a candidate abnormal user;
and the first abnormal operation type determining unit is used for identifying the abnormal operation type of the target user as proxy report if the user coordinates are gathered into one cluster, the POI coordinates are gathered into a plurality of POI coordinate clusters and the number of the POI coordinate clusters reaches a second preset threshold value aiming at the clustering result.
Optionally, the abnormal operation type identifying module 630 includes:
the second clustering unit is used for respectively clustering the POI names and the POI coordinates in the historical reported data of the target user to obtain a plurality of POI name clusters and a plurality of POI coordinate clusters if the target user is a candidate abnormal user;
a second abnormal operation type determining unit, configured to identify that the abnormal operation type of the target user is a malicious bid report if the following rules are met simultaneously:
the method comprises the steps that name clusters with the number of POI names reaching a third preset threshold exist in a plurality of POI name clusters; and
the cluster number of the POI coordinate clusters reaches a fourth preset threshold value; and
and the ratio of the number of the work orders with the reported work order types of error correction and/or offline in the historical reported data of the target user to the total number of the reported work orders reaches a fifth preset threshold value.
Optionally, the abnormal operation type identifying module 630 includes:
the third clustering unit is used for clustering POI names in historical reported data of the target user to obtain a plurality of POI name clusters if the target user is a candidate abnormal user;
a third abnormal operation type determining unit, configured to identify that the abnormal operation type of the target user is a malicious reporting diversion if the following rules are met simultaneously:
the method comprises the following steps that name clusters with the number of POI names reaching a sixth preset threshold exist in a plurality of POI name clusters; and
the proportion of the work orders with the POI telephones in all the work orders reported by the target user to the total number of the reported work orders reaches a seventh preset threshold value; and
and the reporting work order type in the historical reporting data of the target user is that the proportion of the newly increased work order number to the total number of the reported work orders reaches an eighth preset threshold value.
Optionally, the apparatus further comprises:
and the blacklist determining module is used for determining that the target user is an abnormal user and pulling the abnormal user into the blacklist if the abnormal operation type of the target user is identified to be any one of agent reporting, malicious competitive product reporting or malicious diversion reporting.
The abnormal operation identification device for the reported POI provided by the embodiment of the invention can execute the abnormal operation identification method for the reported POI provided by any embodiment of the invention, and has the corresponding functional modules and the beneficial effects of the execution method. The technical details not elaborated in this embodiment can be explained with reference to the content of any method embodiment of the invention.
EXAMPLE seven
Fig. 7 is a schematic structural diagram of a server according to a seventh embodiment of the present invention. FIG. 7 illustrates a block diagram of an exemplary server 712 suitable for use to implement embodiments of the present invention. The server 712 shown in fig. 7 is only an example and should not bring any limitations to the function and scope of use of the embodiments of the present invention.
As shown in fig. 7, server 712 is embodied in the form of a general-purpose server. Components of server 712 may include, but are not limited to: one or more processors 716, a storage device 728, and a bus 718 that couples the various system components (including the storage device 728 and the processors 716).
Bus 718 represents one or more of any of several types of bus structures, including a memory device bus or memory device controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Server 712 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by server 712 and includes both volatile and nonvolatile media, removable and non-removable media.
Storage 728 may include computer system readable media in the form of volatile Memory, such as Random Access Memory (RAM) 730 and/or cache Memory 732. The server 712 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 734 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 7, commonly referred to as a "hard drive"). Although not shown in FIG. 7, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk such as a Compact disk Read-Only Memory (CD-ROM), Digital Video disk Read-Only Memory (DVD-ROM) or other optical media may be provided. In these cases, each drive may be connected to the bus 718 by one or more data media interfaces. Storage 728 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
Program/utility 740 having a set (at least one) of program modules 742 may be stored, for instance, in storage 728, such program modules 742 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may include an implementation of a network environment. Program modules 742 generally perform the functions and/or methodologies of embodiments of the invention as described herein.
The server 712 may also communicate with one or more external devices 714 (e.g., keyboard, pointing terminal, display 724, etc.), with one or more terminals that enable a user to interact with the server 712, and/or with any terminals (e.g., network card, modem, etc.) that enable the server 712 to communicate with one or more other computing terminals. Such communication may occur through input/output (I/O) interfaces 722. Further, server 712 may communicate with one or more networks (e.g., a Local Area Network (LAN), Wide Area Network (WAN), and/or a public Network such as the Internet) via Network adapter 720. As shown in FIG. 7, network adapter 720 communicates with the other modules of server 712 via bus 718. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with server 712, including but not limited to: microcode, end drives, Redundant processors, external disk drive Arrays, RAID (Redundant Arrays of Independent Disks) systems, tape drives, and data backup storage systems, among others.
The processor 716 executes various functional applications and data processing by running programs stored in the storage device 728, for example, implementing an abnormal operation identification method for a reported POI according to any embodiment of the present invention, where the method includes:
extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user;
identifying whether the target user is a candidate abnormal user or not according to the characteristic parameters;
and if the target user is a candidate abnormal user, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules.
Example eight
An eighth embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored thereon, and when the computer program is executed by a processor, the method for identifying abnormal operations of a reported POI according to any embodiment of the present invention is implemented, where the method includes:
extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user;
identifying whether the target user is a candidate abnormal user or not according to the characteristic parameters;
and if the target user is a candidate abnormal user, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or terminal. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (16)

1. An abnormal operation identification method for a reported POI is characterized by comprising the following steps:
extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user; wherein the characteristic parameters at least include: user coordinates and POI coordinates;
identifying whether the target user is a candidate abnormal user or not according to the characteristic parameters;
if the target user is a candidate abnormal user, identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules;
identifying the abnormal operation type of the target user according to the characteristic parameters and preset rules, wherein the method comprises the following steps:
respectively clustering POI coordinates and user coordinates in historical reported data of a target user;
and aiming at the clustering result, if the user coordinates are clustered into one cluster, the POI coordinates are clustered into a plurality of POI coordinate clusters, and the number of the POI coordinate clusters reaches a second preset threshold value, identifying the abnormal operation type of the target user as proxy reporting.
2. The method according to claim 1, characterized in that said characteristic parameters further comprise at least: POI name, POI telephone, type of work order reported and total number of work orders reported.
3. The method of claim 2, wherein identifying whether the target user is a candidate abnormal user according to the feature parameters comprises:
and judging according to the total number of the reported work orders of the target user and a first preset threshold value, and if the total number of the reported work orders is higher than the first preset threshold value, taking the target user as a candidate abnormal user.
4. The method of claim 2, wherein the abnormal operation type further comprises at least: and (4) malicious competitive product reporting and malicious reporting diversion.
5. The method of claim 4, wherein identifying the abnormal operation type of the target user according to the characteristic parameters and preset rules comprises:
clustering POI names and POI coordinates in historical reported data of a target user respectively to obtain a plurality of POI name clusters and a plurality of POI coordinate clusters;
if the following rules are met, the abnormal operation type of the target user is identified to be the malicious competitive product report:
the method comprises the steps that name clusters with the number of POI names reaching a third preset threshold exist in the POI name clusters; and
the cluster number of the POI coordinate clusters reaches a fourth preset threshold value; and
and the ratio of the number of the work orders with the reported work order types of error correction and/or offline in the historical reported data of the target user to the total number of the reported work orders reaches a fifth preset threshold value.
6. The method of claim 4, wherein identifying the abnormal operation type of the target user according to the characteristic parameters and preset rules comprises:
clustering POI names in historical reported data of a target user to obtain a plurality of POI name clusters;
if the following rules are met, identifying that the abnormal operation type of the target user is malicious reporting diversion:
the name clusters with the number of POI names reaching a sixth preset threshold exist in the POI name clusters; and
the proportion of the work orders with the POI telephones in all the work orders reported by the target user to the total number of the reported work orders reaches a seventh preset threshold value; and
and the reporting work order type in the historical reporting data of the target user is that the proportion of the newly increased work order number to the total number of the reported work orders reaches an eighth preset threshold value.
7. The method of claim 1, further comprising:
and if the abnormal operation type of the target user is identified to be any one of agent reporting, malicious bid reporting or malicious diversion reporting, determining that the target user is an abnormal user and pulling the abnormal user into a blacklist.
8. An abnormal operation recognition apparatus for reporting a POI, comprising:
the characteristic parameter extraction module is used for extracting characteristic parameters from historical reported data of a target user, wherein the characteristic parameters are used for describing attribute information of historical POI reported by the target user; wherein the characteristic parameters at least include: user coordinates and POI coordinates;
the candidate abnormal user identification module is used for identifying whether the target user is a candidate abnormal user according to the characteristic parameters;
the abnormal operation type identification module is used for identifying the abnormal operation type of the target user according to the characteristic parameters and the preset rules if the target user is a candidate abnormal user;
wherein the abnormal operation type identifying module comprises:
the first clustering unit is used for respectively clustering POI coordinates and user coordinates in historical reported data of the target user if the target user is a candidate abnormal user;
and the first abnormal operation type determining unit is used for identifying the abnormal operation type of the target user as proxy report if the user coordinates are gathered into one cluster, the POI coordinates are gathered into a plurality of POI coordinate clusters and the number of the POI coordinate clusters reaches a second preset threshold value aiming at the clustering result.
9. The apparatus of claim 8, wherein the characteristic parameters further comprise at least: POI name, POI telephone, type of work order reported and total number of work orders reported.
10. The apparatus of claim 9, wherein the candidate abnormal subscriber identity module is configured to:
and judging according to the total number of the reported work orders of the target user and a first preset threshold value, and if the total number of the reported work orders is higher than the first preset threshold value, taking the target user as a candidate abnormal user.
11. The apparatus of claim 9, wherein the abnormal operation type further comprises at least: and (4) malicious competitive product reporting and malicious reporting diversion.
12. The apparatus of claim 11, wherein the abnormal operation type identification module comprises:
the second clustering unit is used for respectively clustering the POI names and the POI coordinates in the historical reported data of the target user to obtain a plurality of POI name clusters and a plurality of POI coordinate clusters if the target user is a candidate abnormal user;
a second abnormal operation type determining unit, configured to identify that the abnormal operation type of the target user is a malicious bid report if the following rules are met simultaneously:
the method comprises the steps that name clusters with the number of POI names reaching a third preset threshold exist in the POI name clusters; and
the cluster number of the POI coordinate clusters reaches a fourth preset threshold value; and
and the ratio of the number of the work orders with the reported work order types of error correction and/or offline in the historical reported data of the target user to the total number of the reported work orders reaches a fifth preset threshold value.
13. The apparatus of claim 11, wherein the abnormal operation type identification module comprises:
the third clustering unit is used for clustering POI names in historical reported data of the target user to obtain a plurality of POI name clusters if the target user is a candidate abnormal user;
a third abnormal operation type determining unit, configured to identify that the abnormal operation type of the target user is a malicious reporting diversion if the following rules are met simultaneously:
the name clusters with the number of POI names reaching a sixth preset threshold exist in the POI name clusters; and
the proportion of the work orders with the POI telephones in all the work orders reported by the target user to the total number of the reported work orders reaches a seventh preset threshold value; and
and the reporting work order type in the historical reporting data of the target user is that the proportion of the newly increased work order number to the total number of the reported work orders reaches an eighth preset threshold value.
14. The apparatus of claim 8, further comprising:
and the blacklist determining module is used for determining that the target user is an abnormal user and pulling the abnormal user into the blacklist if the abnormal operation type of the target user is identified to be any one of agent reporting, malicious competitive product reporting or malicious diversion reporting.
15. A server, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1 to 7 for identifying abnormal operation of a reporting POI.
16. A computer-readable storage medium, on which a computer program is stored, the program, when executed by a processor, implementing the method for identifying abnormal operation of a reporting POI according to any one of claims 1 to 7.
CN201811582770.6A 2018-12-24 2018-12-24 Abnormal operation identification method, device, server and medium for reported POI Active CN109657148B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811582770.6A CN109657148B (en) 2018-12-24 2018-12-24 Abnormal operation identification method, device, server and medium for reported POI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811582770.6A CN109657148B (en) 2018-12-24 2018-12-24 Abnormal operation identification method, device, server and medium for reported POI

Publications (2)

Publication Number Publication Date
CN109657148A CN109657148A (en) 2019-04-19
CN109657148B true CN109657148B (en) 2020-10-13

Family

ID=66115007

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811582770.6A Active CN109657148B (en) 2018-12-24 2018-12-24 Abnormal operation identification method, device, server and medium for reported POI

Country Status (1)

Country Link
CN (1) CN109657148B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110347973B (en) * 2019-07-15 2023-07-14 北京百度网讯科技有限公司 Method and device for generating information
CN111625817B (en) * 2020-05-12 2023-05-02 咪咕文化科技有限公司 Abnormal user identification method, device, electronic equipment and storage medium
CN112579907B (en) * 2020-12-25 2023-08-11 北京百度网讯科技有限公司 Abnormal task detection method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101467003A (en) * 2006-06-30 2009-06-24 电子地图北美公司 Method and system for collecting user update requests regarding geographic data to support automated analysis, processing and geographic data updates
CN105528535A (en) * 2015-12-25 2016-04-27 北京奇虎科技有限公司 Log information based user behavior analysis method and apparatus
CN105608153A (en) * 2015-12-18 2016-05-25 晶赞广告(上海)有限公司 Universal POI information association method
CN106453357A (en) * 2016-11-01 2017-02-22 北京红马传媒文化发展有限公司 Network ticket buying abnormal behavior recognition method and system and equipment
CN107888602A (en) * 2017-11-23 2018-04-06 北京白山耘科技有限公司 A kind of method and device for detecting abnormal user
CN108156146A (en) * 2017-12-19 2018-06-12 北京盖娅互娱网络科技股份有限公司 A kind of method and apparatus for being used to identify abnormal user operation

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104080054B (en) * 2014-07-18 2018-11-09 百度在线网络技术(北京)有限公司 A kind of acquisition methods and device of exception point of interest
US9432944B1 (en) * 2015-06-13 2016-08-30 KeepTrax, Inc. Determining whether a mobile device user is substantially stationary within a geo-fence
CN108345611B (en) * 2017-01-24 2022-12-13 北京搜狗信息服务有限公司 Operation monitoring method and device for map search and electronic equipment
CN107729368A (en) * 2017-09-08 2018-02-23 百度在线网络技术(北京)有限公司 A kind of method and apparatus for POI data verification

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101467003A (en) * 2006-06-30 2009-06-24 电子地图北美公司 Method and system for collecting user update requests regarding geographic data to support automated analysis, processing and geographic data updates
CN105608153A (en) * 2015-12-18 2016-05-25 晶赞广告(上海)有限公司 Universal POI information association method
CN105528535A (en) * 2015-12-25 2016-04-27 北京奇虎科技有限公司 Log information based user behavior analysis method and apparatus
CN106453357A (en) * 2016-11-01 2017-02-22 北京红马传媒文化发展有限公司 Network ticket buying abnormal behavior recognition method and system and equipment
CN107888602A (en) * 2017-11-23 2018-04-06 北京白山耘科技有限公司 A kind of method and device for detecting abnormal user
CN108156146A (en) * 2017-12-19 2018-06-12 北京盖娅互娱网络科技股份有限公司 A kind of method and apparatus for being used to identify abnormal user operation

Also Published As

Publication number Publication date
CN109657148A (en) 2019-04-19

Similar Documents

Publication Publication Date Title
CN107273531B (en) Telephone number classification identification method, device, equipment and storage medium
CN104080054B (en) A kind of acquisition methods and device of exception point of interest
CN109657148B (en) Abnormal operation identification method, device, server and medium for reported POI
CN109714636B (en) User identification method, device, equipment and medium
CN110135912B (en) Information pushing method and device, server and storage medium
CN112860993B (en) Method, device, equipment, storage medium and program product for classifying points of interest
CN111666346A (en) Information merging method, transaction query method, device, computer and storage medium
CN108614895B (en) Abnormal data access behavior identification method and data processing device
CN113379469A (en) Abnormal flow detection method, device, equipment and storage medium
CN110688434B (en) Method, device, equipment and medium for processing interest points
CN112016855B (en) User industry identification method and device based on relational network matching and electronic equipment
CN111598713B (en) Cluster recognition method and device based on similarity weight updating and electronic equipment
CN111400695B (en) Equipment fingerprint generation method, device, equipment and medium
CN115512146A (en) POI information mining method, device, equipment and storage medium
CN113904943B (en) Account detection method and device, electronic equipment and storage medium
CN110647595B (en) Method, device, equipment and medium for determining newly-added interest points
CN113225325B (en) IP (Internet protocol) blacklist determining method, device, equipment and storage medium
CN111125272B (en) Regional characteristic acquisition method, regional characteristic acquisition device, computer equipment and medium
CN115456691A (en) Recommendation method and device for offline advertisement space, electronic equipment and storage medium
CN110457705B (en) Method, device, equipment and storage medium for processing point of interest data
CN111598714A (en) Two-stage unsupervised group partner identification method and device and electronic equipment
CN113591787A (en) Method, device, equipment and storage medium for identifying optical fiber link component
CN112261484B (en) Target user identification method and device, electronic equipment and storage medium
CN116051287B (en) Data analysis method and device, electronic equipment and storage medium
CN112417310B (en) Method for establishing intelligent service index and recommending intelligent service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant