Search

CN-122001660-A - Risk identification method and system for verification request

CN122001660ACN 122001660 ACN122001660 ACN 122001660ACN-122001660-A

Abstract

The application provides a risk identification method and a risk identification system for verification requests, and relates to the technical field of request management. In the method, after a target verification request of a login account is triggered on a first software platform, a risk assessment end analyzes historical verification request parameters of the login account on a plurality of different software platforms, and cross-platform behavior characteristics are generated for the login account. And comparing the request parameters of the target verification request with the request rules to determine the risk level of the target verification request. And determining whether to send the verification code or not by the first background service end based on the risk level. The core of the method is that whether the request parameters of the current verification request are consistent with the cross-platform behavior characteristics is not limited by only relying on single dimensions such as internet protocol addresses. In the method, no matter how an attacker changes the internet protocol address, the verification request can be effectively identified, so that the victim is effectively defended against frequent short message bombing, and meanwhile, the consumption of enterprise short message resources is reduced.

Inventors

  • HE JINGJIE

Assignees

  • 长城汽车股份有限公司

Dates

Publication Date
20260508
Application Date
20260212

Claims (10)

  1. 1. A risk identification method for verifying a request, the method being performed by a first background server of a first software platform, the method comprising: Responding to a target verification request of a login account on a first software platform, sending the target verification request to a risk assessment terminal, wherein the target verification request is used for requesting a verification code for the login account, and the risk assessment terminal is used for performing risk assessment on the target verification request; Receiving a risk level of the target verification request sent by the risk assessment terminal, wherein the risk level is obtained based on request parameters of the target verification request and characteristic information corresponding to the login account, the characteristic information is obtained based on request parameters of a plurality of verification requests triggered by the login account on at least one software platform in a history period, and the characteristic information is used for describing rules of the corresponding verification requests on sending equipment and sending time; and determining whether to send a verification code to the first software platform based on the risk level.
  2. 2. The method of claim 1, wherein the determining whether to send a verification code to the first software platform based on the risk level comprises: Determining not to send a verification code to the first software platform if the risk level is a high risk level or a medium risk level; sending the login account to an operation server under the condition that the risk level is a low risk level; receiving a target network address corresponding to the login account sent by the operation server, wherein the target network address is a network address distributed by the operation server for base station equipment, and the current sending equipment of the target verification request accesses a network through the base station equipment; And determining whether to send a verification code to the first software platform based on the network address of the current sending device and the target network address.
  3. 3. The method of claim 2, wherein the determining whether to send a validation code to the first software platform based on the network address of the current sending device and the target network address comprises: Determining to send a verification code to the first software platform when the network address is the same as the target network address; And under the condition that the network address is different from the target network address, determining that the verification code is not sent to the first software platform.
  4. 4. The method according to claim 1 or 2, wherein before the sending the target verification request to the risk assessment end, the method further comprises: Receiving a random prime number sent by the risk assessment terminal, generating a first private key based on the random prime number, and encrypting the login account based on the first private key to obtain a first encryption result; the first encryption result is sent to a second background server side of a second software platform, the second background server side is used for encrypting the first encryption result based on a second private key to obtain a second encryption result, and the second private key is obtained by the second background server side based on the random prime number; Receiving the second encryption result sent by the second background server; and the sending the target verification request to the risk assessment end comprises the following steps: And sending the second encryption result and the target verification request to the risk assessment terminal so that the risk assessment terminal replaces the login account through the second encryption result, and determining corresponding characteristic information based on the target verification request and the multiple verification requests.
  5. 5. A risk identification method for verifying a request, the method being performed by a risk assessment terminal, the method comprising: Receiving a target verification request sent by a first background server side of a first software platform, wherein the target verification request is triggered after a login account is input on the first software platform, and the target verification request is used for requesting a verification code for the login account; Determining a risk level of the target verification request based on request parameters of the target verification request and characteristic information corresponding to the login account, wherein the characteristic information is obtained based on request parameters of a plurality of verification requests triggered by the login account on at least one software platform in a historical period, and the characteristic information is used for describing rules of the corresponding verification requests on transmitting equipment and transmitting time; and sending the risk level to the first background server side so that the first background server side determines whether to send a verification code to the first software platform based on the risk level.
  6. 6. The method according to claim 5, wherein the request parameters include a transmission time, a network address of a transmitting device, and an identifier, and the determining method of the characteristic information corresponding to the login account includes: determining a distribution rule of verification requests of the login account in the characteristic information on the basis of the transmission time of the verification requests; Determining a common network address corresponding to the verification request in the characteristic information based on the network addresses of the sending equipment corresponding to the verification requests; and determining the common sending equipment of the verification requests in the characteristic information based on the identifiers of the sending equipment corresponding to the verification requests.
  7. 7. The method according to claim 5, wherein determining the risk level of the target authentication request based on the request parameter of the target authentication request and the feature information corresponding to the login account includes: Determining a first score based on the current sending time of the target verification request in the request parameter and the distribution rule of the sending time corresponding to the login account in the characteristic information, wherein the first score is used for reflecting the matching degree of the current sending time and the distribution rule; Determining a second score based on an identifier of the current sending device and a common sending device of the verification request of the login account in the characteristic information, wherein the second score is used for reflecting whether the current sending device is the common sending device; Determining a third score based on the network address of the current transmitting device and the common network address of the common transmitting device, wherein the third score is used for reflecting whether the network address is the common network address; The risk level is determined based on the first score, the second score, and the third score.
  8. 8. The method of claim 7, wherein the characteristic information further comprises concurrency rules of multiple authentication requests of the login account at respective transmission times, the method further comprising: Acquiring actual concurrency states of the target verification requests on a plurality of software platforms at the current sending time, and determining a fourth score based on the actual concurrency states and the concurrency rules, wherein the fourth score is used for reflecting the matching degree of the actual concurrency states and the concurrency rules; And determining the risk level based on the first score, the second score, and the third score, comprising: The risk level is determined based on the first score, the second score, the third score, and the fourth score.
  9. 9. The method of claim 7, wherein the determining the risk level based on the first score, the second score, and the third score comprises: Weighting and fusing the first score, the second score and the third score based on a first weight, a second weight and a third weight to obtain a fifth score, wherein the first weight is used for indicating the contribution degree of sending time when the fifth score is determined, the second weight is used for indicating the contribution degree of sending equipment when the fifth score is determined, and the third weight is used for indicating the contribution degree of a network address when the fifth score is determined; And determining the risk level based on a score range in which the fifth score is located.
  10. 10. The risk identification system for the verification request is characterized by comprising a first background service end and a risk assessment end of a first software platform: The first background server is used for responding to a target verification request of a login account on the first software platform, sending the target verification request to the risk assessment terminal, wherein the target verification request is used for requesting a verification code for the login account, and the risk assessment terminal is used for performing risk assessment on the target verification request; the risk assessment end is used for: receiving the target verification request sent by the first background server; Determining a risk level of the target verification request based on request parameters of the target verification request and characteristic information corresponding to the login account, wherein the characteristic information is obtained based on request parameters of a plurality of verification requests triggered by the login account on at least one software platform in a historical period, and the characteristic information is used for describing rules of the corresponding verification requests on transmitting equipment and transmitting time; the risk level is sent to the first background server side; the first background server is further configured to: receiving the risk grade sent by the risk assessment terminal; and determining whether to send a verification code to the first software platform based on the risk level.

Description

Risk identification method and system for verification request Technical Field The present application relates to the field of request management technologies, and more particularly, to a risk identification method and system for verifying a request in the field of request management technologies. Background The short message service is widely applied in the Internet age and becomes an indispensable jigsaw in the Internet ecology nowadays. However, in the field of network security, an attacker often carries out short message attack on a user by means of a service related to an identifying code, which causes great loss to enterprises and even users. For example, for a user, an attacker simulates the behavior of a victim and requests a verification code from an operation server. This can lead to frequent message bombings of the victim in case of frequent simulation by the attacker. For an enterprise, frequent simulation of the operating behavior of a victim on a software platform developed by the enterprise by an attacker can result in frequent receipt by the victim of verification codes requested by the software platform, which can cause the victim to question the security capabilities of the enterprise. Currently, there is a certain defense means for the above-mentioned attacker, specifically, limiting the number of short messages that can be sent by the same internet protocol (Internet Protocol, IP) address in a short time to avoid frequent authentication requests. But the attacker bypasses the number limitation for the same IP address in a corresponding way, and uses the IP proxy pool technique to implement the attack using a large number of non-duplicate IP addresses. Therefore, there is a need for a risk identification method for verifying a request to effectively defend victims from frequent short message bombing. Disclosure of Invention The application provides a risk identification method and a system for verification requests, and the method can effectively defend victims from frequent short message bombing. In a first aspect, a risk identification method of a verification request is provided, the method is executed by a first background server side of a first software platform, the method comprises the steps of responding to a target verification request of a login account on the first software platform, sending the target verification request to a risk assessment end, wherein the target verification request is used for requesting a verification code for the login account, the risk assessment end is used for carrying out risk assessment on the target verification request, receiving a risk level of the target verification request sent by the risk assessment end, the risk level is obtained based on request parameters of the target verification request and characteristic information corresponding to the login account, the characteristic information is obtained based on request parameters of a plurality of verification requests triggered by the login account on at least one software platform in a historical period, the characteristic information is used for describing rules of the corresponding verification request on sending equipment and sending time, and determining whether to send the verification code to the first software platform or not based on the risk level. In the technical scheme, after the target verification request of the login account is triggered on the first software platform, the first background server side sends the target verification request to the risk assessment side, and the risk assessment side performs multidimensional analysis, so that the centralization and specialization of the risk identification capability can be realized. In the multidimensional analysis process, the risk assessment terminal determines feature information corresponding to the login account based on request parameters of a plurality of verification requests triggered by the same login account on a plurality of software platforms in a history period. That is, the risk assessment end collects and analyzes historical verification request parameters of the same login account on a plurality of different software platforms, and generates cross-platform behavior characteristics for the login account based on the historical verification request parameters, so as to describe normal request rules. And comparing the request parameters of the target verification request with the request rules to determine the risk level of the target verification request. Further, the first background service end determines whether to send the verification code based on the risk level. The core of the scheme is that whether the request parameters of the current verification request are consistent with the cross-platform behavior characteristics is not limited by only relying on a single dimension such as an internet protocol address. In the scheme, no matter how an attacker changes the internet protocol address, the authentication