Search

CN-114117403-B - Abnormal account detection method, electronic device and storage medium

CN114117403BCN 114117403 BCN114117403 BCN 114117403BCN-114117403-B

Abstract

The disclosure relates to an abnormal account detection method, electronic equipment and a storage medium. The abnormal account detection method comprises the steps of responding to the detection of an account detection trigger event, obtaining application data matched with an account to be detected, determining target detection conditions corresponding to the application data in a plurality of preset account detection conditions, judging whether the application data accords with the target detection conditions, and determining that the account to be detected is an abnormal account if the application data accords with the target detection conditions, wherein the abnormal account is an account for obtaining resources from a target platform in a cheating mode. According to the embodiment of the disclosure, the safety of the target platform can be improved.

Inventors

  • Cao Bohua
  • LIU LITONG
  • CONG YIMING

Assignees

  • 北京得间科技有限公司
  • 掌阅科技股份有限公司

Dates

Publication Date
20260512
Application Date
20211122

Claims (20)

  1. 1. An abnormal account detection method, comprising: Responding to the monitored account detection triggering event, and acquiring application data matched with an account to be detected; Determining target detection conditions corresponding to the application data in a plurality of preset account detection conditions; Judging whether the application data accords with the target detection condition or not; If the application data accords with the target detection condition, determining that the account to be detected is an abnormal account, wherein the abnormal account is an account for acquiring resources from a target platform in a cheating mode; the obtaining application data matched with the account to be detected comprises the following steps: Acquiring an account logic tree of the account to be detected, wherein a registration invitation relationship exists between accounts corresponding to parent-child nodes of the account logic tree; Determining respective characteristic values of a plurality of cheating evaluation dimensions of the account logic tree, wherein the characteristic values comprise at least one of a first characteristic value corresponding to an account name of each node in the account logic tree, a second characteristic value corresponding to the layer number of the account logic tree, a third characteristic value corresponding to the total number of nodes of the account logic tree, a fourth characteristic value corresponding to the number of nodes of each subtree in the account logic tree and a fifth characteristic value corresponding to an account name extracted by resources of each node in the account logic tree; determining a fraud risk value of the account logic tree based on the characteristic value, wherein the determining the fraud risk value of the account logic tree based on the characteristic value comprises the steps of carrying out weighted summation on a plurality of characteristic values to obtain the fraud risk value of the account logic tree; determining target detection conditions corresponding to the fraud risk values in a plurality of preset account detection conditions; judging whether the fraud risk value accords with the target detection condition or not, wherein the target detection condition comprises that the fraud risk value is larger than a preset risk threshold value; And if the fraud risk value accords with the target detection condition, determining that the account to be detected is an abnormal account.
  2. 2. The method of claim 1, wherein the application data comprises a plurality of touch locations within a first duration; before the acquiring the application data matched with the account to be detected, the method further comprises: Monitoring whether a page acquisition request of a user to which an account to be detected belongs is received or not, wherein the page acquisition request is used for requesting to open a content browsing page; If the page acquisition request is received, determining that the account detection triggering event is monitored; The obtaining the application data matched with the account to be detected comprises the following steps: and acquiring the plurality of touch positions sent by the client, wherein the plurality of touch positions are acquired in the touch monitoring process of the client on the content browsing page.
  3. 3. The method of claim 2, wherein the target detection condition comprises: The plurality of touch positions are located in the same preset area and/or, And the plurality of touch positions have a position change rule.
  4. 4. The method of claim 2, wherein after the determining that the account to be detected is an anomalous account, the method further comprises: control display information is sent to a client, wherein the control display information is used for controlling the client to display a target display page, the target display page is a content browsing page in which target controls are displayed in a superimposed manner in a target display area, the target controls are used for interrupting the user to be detected to acquire resources from the content browsing page, The target display area is determined according to the touch areas of the plurality of touch positions and/or the change rule of the plurality of touch positions.
  5. 5. The method of claim 1, wherein the application data comprises touch operation data obtained during a touch monitoring process of a content browsing page with a target control displayed; before the acquiring the application data matched with the account to be detected, the method further comprises: Receiving a plurality of touch positions in a first duration sent by a client, wherein the touch positions are obtained in a touch monitoring process of the client on a content browsing page; judging whether the touch positions accord with a position change rule or not; transmitting control display information to a client under the condition that the touch positions do not accord with the position change rule, wherein the control display information is used for controlling the client to display a target display page, and the target display page is a content browsing page overlapped with a target control; monitoring whether interface triggering information for the target display page is received, If the interface trigger information is received, determining that the account detection trigger event is monitored; the obtaining application data matched with the account to be detected comprises the following steps: and acquiring the touch operation data.
  6. 6. The method of claim 5, wherein the target detection condition includes the touch operation data conforming to a robot touch characteristic.
  7. 7. The method of claim 1, wherein the application data comprises resource redemption data for the user to be detected; before the acquiring the application data matched with the account to be detected, the method further comprises: Monitoring whether a resource exchange request of a user to be detected for a target resource is received or not; If the resource exchange request is received, determining that the account detection triggering event is monitored; The obtaining the application data matched with the account to be detected comprises the following steps: And acquiring the resource exchange data.
  8. 8. The method of claim 7, wherein the step of determining the position of the probe is performed, The resource exchange data comprises the resource exchange amount of the user to be detected in the second time period, the target detection condition comprises that the resource exchange amount is larger than a preset resource exchange threshold value, and/or, The resource exchange data comprises a target exchange time interval of the user to be detected, the detection condition comprises that the target time interval is smaller than a preset duration threshold, and the target time interval is the time interval between the current resource exchange and the last resource exchange of the user to be detected.
  9. 9. The method of claim 1, wherein the application data includes a bound account number of resource extraction accounts; before the acquiring the application data matched with the account to be detected, the method further comprises: Monitoring whether an account binding request of a user to which an account to be detected belongs is received or not, wherein the account binding request is used for requesting to establish a binding relationship between the account to be detected and the resource extraction account; If the account binding request is received, determining that the account detection triggering event is monitored; The obtaining the application data matched with the account to be detected comprises the following steps: And acquiring the number of the bound accounts of the resource extraction account.
  10. 10. The method of claim 9, wherein the target detection condition includes the bound account number being greater than a preset number threshold.
  11. 11. An electronic device comprising a processor and a memory for storing executable instructions, the executable instructions cause the processor to: Responding to the monitored account detection triggering event, and acquiring application data matched with an account to be detected; Determining target detection conditions corresponding to the application data in a plurality of preset account detection conditions; Judging whether the application data accords with the target detection condition or not; If the application data accords with the target detection condition, determining that the account to be detected is an abnormal account, wherein the abnormal account is an account for acquiring resources from a target platform in a cheating mode; the obtaining application data matched with the account to be detected comprises the following steps: Acquiring an account logic tree of the account to be detected, wherein a registration invitation relationship exists between accounts corresponding to parent-child nodes of the account logic tree; Determining respective characteristic values of a plurality of cheating evaluation dimensions of the account logic tree, wherein the characteristic values comprise at least one of a first characteristic value corresponding to an account name of each node in the account logic tree, a second characteristic value corresponding to the layer number of the account logic tree, a third characteristic value corresponding to the total number of nodes of the account logic tree, a fourth characteristic value corresponding to the number of nodes of each subtree in the account logic tree and a fifth characteristic value corresponding to an account name extracted by resources of each node in the account logic tree; determining a fraud risk value of the account logic tree based on the characteristic value, wherein the determining the fraud risk value of the account logic tree based on the characteristic value comprises the steps of carrying out weighted summation on a plurality of characteristic values to obtain the fraud risk value of the account logic tree; determining target detection conditions corresponding to the fraud risk values in a plurality of preset account detection conditions; judging whether the fraud risk value accords with the target detection condition or not, wherein the target detection condition comprises that the fraud risk value is larger than a preset risk threshold value; And if the fraud risk value accords with the target detection condition, determining that the account to be detected is an abnormal account.
  12. 12. The electronic device of claim 11, wherein the application data comprises a plurality of touch locations within a first duration; Before the application data matched with the account to be detected is acquired, the method further comprises the following steps: Monitoring whether a page acquisition request of a user to which an account to be detected belongs is received or not, wherein the page acquisition request is used for requesting to open a content browsing page; If the page acquisition request is received, determining that the account detection triggering event is monitored; The obtaining the application data matched with the account to be detected comprises the following steps: and acquiring the plurality of touch positions sent by the client, wherein the plurality of touch positions are acquired in the touch monitoring process of the client on the content browsing page.
  13. 13. The electronic device of claim 12, wherein the target detection condition comprises: The plurality of touch positions are located in the same preset area and/or, And the plurality of touch positions have a position change rule.
  14. 14. The electronic device of claim 12, wherein after the determining that the account to be detected is an anomalous account, the method further comprises: control display information is sent to a client, wherein the control display information is used for controlling the client to display a target display page, the target display page is a content browsing page in which target controls are displayed in a superimposed manner in a target display area, the target controls are used for interrupting the user to be detected to acquire resources from the content browsing page, The target display area is determined according to the touch areas of the plurality of touch positions and/or the change rule of the plurality of touch positions.
  15. 15. The electronic device of claim 11, wherein the application data includes touch operation data obtained during a touch monitoring of a content browsing page on which the target control is displayed; Before the application data matched with the account to be detected is acquired, the method further comprises the following steps: Receiving a plurality of touch positions in a first duration sent by a client, wherein the touch positions are obtained in a touch monitoring process of the client on a content browsing page; judging whether the touch positions accord with a position change rule or not; transmitting control display information to a client under the condition that the touch positions do not accord with the position change rule, wherein the control display information is used for controlling the client to display a target display page, and the target display page is a content browsing page overlapped with a target control; monitoring whether interface triggering information for the target display page is received, If the interface trigger information is received, determining that the account detection trigger event is monitored; the obtaining application data matched with the account to be detected comprises the following steps: and acquiring the touch operation data.
  16. 16. The electronic device of claim 15, wherein the electronic device comprises a memory device, The target detection condition comprises that the touch operation data accords with the touch characteristics of the robot.
  17. 17. The electronic device of claim 11, wherein the application data comprises resource redemption data for the user to be detected; Before the application data matched with the account to be detected is acquired, the method further comprises the following steps: Monitoring whether a resource exchange request of a user to be detected for a target resource is received or not; If the resource exchange request is received, determining that the account detection triggering event is monitored; The obtaining the application data matched with the account to be detected comprises the following steps: And acquiring the resource exchange data.
  18. 18. The electronic device of claim 17, wherein the electronic device comprises a memory device, The resource exchange data comprises the resource exchange amount of the user to be detected in a second time period, the target detection condition comprises that the resource exchange amount is larger than a preset resource exchange threshold value, and/or, The resource exchange data comprises a target exchange time interval of the user to be detected, the target detection condition comprises that the target time interval is smaller than a preset duration threshold, and the target time interval is the time interval between the current resource exchange and the last resource exchange of the user to be detected.
  19. 19. The electronic device of claim 11, wherein the application data includes a bound account number of resource extraction accounts; Before the application data matched with the account to be detected is acquired, the method further comprises the following steps: Monitoring whether an account binding request of a user to which an account to be detected belongs is received or not, wherein the account binding request is used for requesting to establish a binding relationship between the account to be detected and the resource extraction account; If the account binding request is received, determining that the account detection triggering event is monitored; The obtaining the application data matched with the account to be detected comprises the following steps: And acquiring the number of the bound accounts of the resource extraction account.
  20. 20. The electronic device of claim 19, wherein the target detection condition comprises the number of bound accounts being greater than a preset number threshold.

Description

Abnormal account detection method, electronic device and storage medium Technical Field The disclosure relates to the field of computer technology, and in particular, to an abnormal account detection method, electronic equipment and a storage medium. Background With the progressive development of computer related functions and related requirements, users can acquire resources from a target platform through platform accounts. For example, some reading platforms that provide electronic reading services for readers generally provide corresponding rewards for users in order to promote the user's reading and to increase the retention rate. However, some users often use vulnerabilities of the target platform to obtain resources from the target platform in a cheating manner, which affects the security of the target platform. Therefore, it is of great importance how to identify an anomalous account that is getting resources from the target platform in a cheating way. Disclosure of Invention In order to solve the technical problems described above or at least partially solve the technical problems described above, the present disclosure provides an abnormal account detection method, an electronic device, and a storage medium. In a first aspect, the present disclosure provides an abnormal account detection method, including: Responding to the monitored account detection triggering event, and acquiring application data matched with an account to be detected; Determining target detection conditions corresponding to application data in a plurality of preset account detection conditions; Judging whether the application data accords with the target detection condition or not; if the application data accords with the target detection condition, determining that the account to be detected is an abnormal account, wherein the abnormal account is an account for acquiring resources from the target platform in a cheating mode. In a second aspect, the present disclosure provides an electronic device comprising a processor and a memory for storing executable instructions that cause the processor to: Responding to the monitored account detection triggering event, and acquiring application data matched with an account to be detected; Determining target detection conditions corresponding to application data in a plurality of preset account detection conditions; Judging whether the application data accords with the target detection condition or not; if the application data accords with the target detection condition, determining that the account to be detected is an abnormal account, wherein the abnormal account is an account for acquiring resources from the target platform in a cheating mode. In a third aspect, the present disclosure provides a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to implement the method of detecting an abnormal account of the first aspect. Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: According to the abnormal account detection method, the electronic device and the storage medium, when the account detection triggering event is monitored, application data matched with an account to be detected can be obtained, and the target detection condition corresponding to the application data is flexibly selected from a plurality of preset account detection conditions to judge whether the account to be detected is an abnormal account for obtaining resources from a target platform in a cheating mode. According to the embodiment of the disclosure, the abnormal account can be accurately detected by flexibly selecting the proper detection conditions, so that the safety of the target platform is improved. Drawings The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale. Fig. 1 shows a flow chart of an abnormal account detection method provided in an embodiment of the present disclosure; FIG. 2 is a flow chart illustrating another method for detecting an abnormal account according to an embodiment of the present disclosure; FIG. 3 is a flow chart illustrating an alternative method for detecting an abnormal account according to an embodiment of the present disclosure; fig. 4 shows a schematic diagram of an exemplary touch location provided by an embodiment of the present disclosure. FIG. 5 illustrates a schematic diagram of an exemplary target control provided by an embodiment of the present disclosure; FIG. 6 is a flow chart illustrating yet another method for detecting an