CN104050178A - Internet monitoring anti-spamming method and device - Google Patents
Internet monitoring anti-spamming method and device Download PDFInfo
- Publication number
- CN104050178A CN104050178A CN201310079359.8A CN201310079359A CN104050178A CN 104050178 A CN104050178 A CN 104050178A CN 201310079359 A CN201310079359 A CN 201310079359A CN 104050178 A CN104050178 A CN 104050178A
- Authority
- CN
- China
- Prior art keywords
- matching
- monitoring data
- network behavior
- fields
- groups
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an internet monitoring anti-spamming method and an internet monitoring anti-spamming device and relates to the technical field of computer networks. In order to more accurately recognize the abnormity of click rate or page views of network activities and detect the spamming behaviors of internet activities, the method comprises the following steps of performing data collection on single network activity by utilizing various monitoring schemes to obtain a plurality of groups of independent monitoring data; matching the independent monitoring data, judging whether the independent monitoring data belong to the same network behavior or not, and summarizing all monitoring data judged to belong to the same network behavior into a log record of the network behavior; performing spamming flow analysis on the log record of each network behavior to obtain an analysis result. The method and the device can be applied to the anti-spamming monitoring process of the internet behaviors, such as anti-spamming monitoring of internet advertisement putting, network research and other types of network activities.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to an internet monitoring anti-cheating method and device.
Background
In the internet advertisement putting activity, the total amount of behaviors of all users participating in the advertisement activity, such as the total browsing number, the total clicks and the like, is a basic index for measuring the advertisement putting effect. These metrics are widely used by media and advertisers for cost settlement of advertising campaigns. The media can provide indexes such as maximum browsing amount, maximum click rate and the like, and the ability of the media for putting advertisements is directly reflected. In actual delivery, some media may improve the exposure number, click number and other indexes monitored by the advertiser by adopting a mode of counterfeiting unreal traffic, so as to achieve the purposes of acquiring additional income from the advertiser or exaggerating the advertisement delivery capacity of the advertiser. On the other hand, these spurious false flows have a detrimental effect on the advertiser's interest. For example, when advertisers and media settle on the number of exposures to an advertisement, the advertiser must spend additional budget for false exposures without any advertising effects.
False traffic that is not true can be generated in a number of ways. For example: the method comprises the following steps of utilizing malicious means such as viruses/trojans to invade common internet computers and control the computers to browse and click additional advertisements; simulating the behavior of a normal user for accessing the website by using scripts and software; inserting hidden codes invisible to the browser in the website to generate extra traffic due to emptiness, etc. For these cheating methods, the existing anti-cheating method mainly identifies abnormal traffic by monitoring context information when network behaviors such as browsing and clicking occur. For example, if the same IP address is browsed/clicked very frequently in a short time, which is far beyond the internet access frequency of normal users, it can be determined that the IP address is suspected of cheating. For another example, a common cheating method is to play a high-priced advertisement on a low-priced advertisement spot, which should not be placed on the low-priced advertisement spot, and thus benefit by disguising the exposure of the low-priced advertisement spot as the exposure of the high-priced advertisement spot. For the cheating mode, the anti-cheating system monitors the URL (Uniform Resource Locator) of the advertisement during exposure and compares the URL with the Resource information of the advertisement position purchased in the delivery plan.
However, when the cheater learns the anti-cheating technique implementation of a particular rule, it can modify the cheating pattern accordingly such that the cheating action is difficult to identify. For example, when a cheater knows that the anti-cheating method uses URL comparison to perform cheating detection, the cheater can disguise the URL monitored by the anti-cheating system as a normal URL manipulation by technical means to avoid the cheating behavior being captured by the anti-cheating system. At this time, the anti-cheating system also needs to adjust the technical means of the own party accordingly to re-identify the cheater. Thus, in practice, a gaming relationship exists between the anti-cheater and the cheater. At present, an anti-cheating system mainly collects behavior data of a user in the internet surfing process through monitoring codes, monitoring scripts or a client, and then cheating detection is carried out by utilizing the data. The data acquisition mode of a common anti-cheating system is relatively fixed, and the collected data are relatively single and limited. After a long period of use, the method may be targeted by the cheater, resulting in a decrease in anti-cheating capabilities.
Disclosure of Invention
The invention provides an internet monitoring anti-cheating method and device, which aim to more accurately identify the abnormality of the click rate or browsing number of network activities and detect the cheating behavior of the internet network activities.
In order to solve the technical problem, the invention provides an internet monitoring anti-cheating method, which comprises the following steps:
A. carrying out data collection on single network activity by using various monitoring schemes to obtain multiple groups of independent monitoring data;
B. matching the multiple groups of independent monitoring data, judging whether the multiple groups of independent monitoring data belong to the same network behavior, and summarizing all the monitoring data judged to belong to the same network behavior into a log record of the network behavior;
C. and carrying out cheating flow analysis on the log records of each network behavior to obtain an analysis result.
Further, the monitoring schemes include directly embedding codes in a webpage frame where the network behavior occurs, embedding codes in Flash animation or JavaScript scripts in an access page, and installing browser plug-ins or client software on a user machine.
Further, the step of matching the multiple independent sets of monitoring data and determining whether the multiple independent sets of monitoring data belong to the same network behavior includes:
b1, dividing the field of the monitoring data into one or more exact match fields, or dividing the field of the monitoring data into one or more exact match fields and one or more fuzzy match fields;
b2, comparing the independent monitoring data in pairs according to fields;
when the accurate matching fields are compared, when one or more accurate matching fields of two groups of independent monitoring data are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when fuzzy matching fields are compared, when one or more differences of the fuzzy matching fields of two groups of independent monitoring data are larger than a fuzzy threshold value of the field, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when all the accurate matching fields are the same and the difference of all the fuzzy matching fields is smaller than the fuzzy threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
Or
b1, dividing the field of the monitoring data into one or more exact match fields, or dividing the field of the monitoring data into one or more exact match fields and one or more fuzzy match fields;
b2, comparing the independent monitoring data in pairs;
when comparing the accurate matching fields, setting the matching degree of the fields to be 1 when the accurate matching fields of the two groups of independent monitoring data are the same, and setting the matching degree of the fields to be 0 when the accurate matching fields of the two groups of independent monitoring data are different;
when fuzzy matching fields are compared, setting the matching degree of the fields to be a numerical value from 0 to 1 according to the difference of the fuzzy matching fields; adding the matching degrees of all the fuzzy matching fields to obtain a total matching degree;
when one or more matching degrees of the accurate matching fields of the two groups of independent monitoring data are 0, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the total matching degree of the fuzzy matching field is smaller than the matching threshold, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when the matching degrees of the precise matching fields of the two groups of independent monitoring data are both 1 and the total matching degree of the fuzzy matching fields is greater than the matching threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
Further, the exact match field includes an identity ID of the user machine where the network behavior occurs, the fuzzy match field includes a uniform resource locator URL, a Time when the network behavior occurs, a protocol address IP of the user machine sent by the network behavior, a Browser of the user machine where the network behavior occurs, and an operating system OS of the user machine where the network behavior occurs.
Further, the cheating traffic analysis comprises: and monitoring the degree of mismatching of the same monitoring parameter in a plurality of groups of monitoring data in the network behavior log record to identify forged data.
Further, the analysis result of step C includes the percentage of the cheating traffic in all log records and the data source of the cheating traffic.
In order to solve the above technical problem, the present invention further provides an internet monitoring anti-cheating device, comprising: a plurality of data acquisition modules, a matching module and an analysis module,
the data acquisition module is used for collecting data of single network activity by using a monitoring scheme to obtain monitoring data;
the matching module is used for matching a plurality of groups of independent monitoring data, judging whether the plurality of groups of independent monitoring data belong to the same network behavior or not, and summarizing all the monitoring data judged to belong to the same network behavior into a log record;
and the analysis module is used for carrying out cheating flow analysis on the log records to obtain an analysis result.
Further, the matching module comprises an accurate matching module, a fuzzy matching module and a judging module;
the accurate matching module is used for comparing accurate matching fields of two groups of independent monitoring data and obtaining an accurate comparison result;
the fuzzy matching module is used for comparing fuzzy matching fields of two groups of independent monitoring data and obtaining a fuzzy comparison result;
and the judging module is used for judging whether the multiple groups of independent monitoring data belong to the same network behavior according to the accurate comparison result and the fuzzy comparison result.
Further, the judgment basis of the judgment module is as follows:
when one or more accurate comparison results are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the difference of one or more fuzzy matching fields is larger than the fuzzy threshold of the field, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when all the accurate matching fields are the same and the difference of all the fuzzy matching fields is smaller than a fuzzy threshold, judging that the two groups of independent monitoring data belong to the same network behavior;
or,
when one or more accurate comparison results are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the total matching degree of the fuzzy comparison result is smaller than a matching threshold value, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when all the accurate matching fields are the same and the total matching degree of the fuzzy comparison result is greater than the matching threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
Compared with the prior art, the invention obtains a plurality of independent monitoring data by simultaneously carrying out a plurality of data collections on a single network activity. And independent monitoring data in a plurality of data sources are matched and compared to obtain a group of log records of single internet network activities, and the network activities related to cheating are identified more accurately by comparing the records to identify the abnormity of the network activity behaviors.
Drawings
Fig. 1 is a schematic structural diagram of an internet monitoring anti-cheating device according to an embodiment of the present invention;
FIG. 2 is a flowchart of an Internet monitoring anti-cheating method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an internet monitoring anti-cheating process according to a first embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The embodiment of the invention provides an internet monitoring anti-cheating method, which comprises the following steps:
A. carrying out data collection on single network activity by using various monitoring schemes to obtain multiple groups of independent monitoring data;
B. matching the multiple groups of independent monitoring data, judging whether the multiple groups of independent monitoring data belong to the same network behavior, and summarizing all the monitoring data judged to belong to the same network behavior into a log record;
C. and carrying out cheating flow analysis on the log records to obtain an analysis result.
The embodiment of the invention provides an internet monitoring anti-cheating device, which is characterized by comprising the following steps: a plurality of data acquisition modules, a matching module and an analysis module,
the data acquisition module is used for collecting data of single network activity by using a monitoring scheme to obtain monitoring data; the monitoring schemes of the data acquisition modules can be the same or different;
the matching module is used for matching a plurality of groups of independent monitoring data, judging whether the plurality of groups of independent monitoring data belong to the same network behavior or not, and summarizing all the monitoring data judged to belong to the same network behavior into a log record;
and the analysis module is used for carrying out cheating flow analysis on the log records to obtain an analysis result.
For each network behavior (such as browse/click) of an internet user, a plurality of data collection modules are used for collecting information of the network behavior. At present, there are many monitoring schemes for monitoring network behavior, including embedding codes in a web page frame where the network behavior occurs, embedding codes in Flash animation or Javascript script in an access page, installing a browser plug-in or a client on a user machine, and the like. Different monitoring schemes differ in authority and responsibility, and therefore, monitoring data that can be collected by different data acquisition modules also differs. Each monitoring generates a group of monitoring data recording the information related to the current network behavior, and the monitoring data comprises one or more information fields, such as: uniform user machine ID, behavior time, visited URL, etc. And after the monitoring data are obtained, transmitting the monitoring data to a server through a network for storage.
The invention can be applied to the anti-cheating monitoring process of the internet network activities, such as the anti-cheating monitoring of internet advertisement putting and the anti-cheating monitoring of network research, and can also be the anti-cheating monitoring of other types of network activities.
The anti-cheating method and the anti-cheating device adopt various different monitoring schemes to collect data simultaneously, and can also obtain more data from other monitoring data providers. It should be noted that the fields that can be obtained by different monitoring schemes are not exactly the same, for example, the URL address of the web page browsed by the user may not be obtained in the monitoring scheme with lower authority (for example, the scheme of embedding codes in Flash). In addition, there may be differences between the same field of different data sources. For example: when a user accesses a webpage, the running time of different monitoring codes at different positions of the webpage may be different, so that the behavior time recorded in different data acquisition modules may also be different.
Typically, a data provider maintains a unique user machine ID for each internet user to identify multiple different network behaviors from the same user. In order to identify the association between data of different suppliers, in the multi-data-source anti-cheating system, besides the own user machine ID of the supplier, a uniform user machine ID needs to be provided for each supplier. This unified user machine ID can be achieved by having the data provider read the user information from a fixed location in the Cookie (browser Cookie or Flash Cookie). In order to ensure consistency between the Cookie IDs acquired by all the providers, uniform Cookie IDs are uniformly distributed and managed by a third-party server.
The uniform Cookie ID enables different data providers to store data without adopting the same batch of servers, and each provider can store own monitoring data by adopting an independent technical scheme.
After each data acquisition module collects respective monitoring data, the monitoring data stored in each data acquisition module is summarized to a server to carry out data summarization of multiple data sources:
the data transmission between the data acquisition module and the summary server can be realized by adopting various technical schemes. One mode is that after each data acquisition module collects a certain amount of monitoring data, the monitoring data are uniformly transmitted to a summary server through the internet or other ways; the other mode is that when each data acquisition module acquires any piece of monitoring data, the data acquisition module directly and synchronously pushes the piece of monitoring data to the summary server.
In consideration of the huge data volume brought by a plurality of data sources, the data on the summarizing server can be stored in a distributed mode to solve the problem of mass data storage. One possible solution is to perform distributed storage according to the monitoring data time: transmitting the monitoring data of all data sources in the same time period (for example, in the same day) to the same server for storage; and transmitting the monitoring data of different time periods to different servers for storage.
And matching the monitoring data formed by the same network behavior in different data acquisition modules, and restoring all relevant information of the network behavior as much as possible. Considering that the differences of the monitoring means may cause the monitoring data of different data acquisition modules to be different in the same field, in one embodiment of the present invention, the field of the monitoring data is divided into an exact match field and a fuzzy match field, in other embodiments, the exact match field is a field that must be included, and the fuzzy match field is an optional field, that is, the exact match field must be included in the monitoring data, and the fuzzy match field is not necessarily included.
The exact match field refers to: for one field, if this field of two pieces of monitored data is not the same, then the two pieces of monitored data are not considered to describe the same network behavior. For example, the unified ue ID, since all the data collection modules read a unique unified ue ID, when the unique IDs do not match, it can be directly assumed that two pieces of monitored data cannot be generated by the same network behavior. In addition to the uniform user machine ID, the exact match field may be other fields in other embodiments.
The fuzzy match field refers to: for a field, the monitored data on two matches may not be exactly the same on this field, e.g., the time of occurrence of the network behavior. Due to the time consumption of the webpage loading process and the delay of network transmission, the acquisition time of the same network behavior in different data acquisition modules may not be completely consistent. This is because different codes, scripts, and clients may be triggered at different times during the process from the opening to the loading of the web page, and the recorded network behaviors are not necessarily identical in time. For the situation, when the monitoring data is matched, the time recorded in the two matched monitoring data is not required to be completely consistent, and only the difference between the two times is required to be within a certain range. In addition to network behavior occurrence times, the fuzzy match field may be other fields in other embodiments.
When the accurate matching fields are compared, when one or more accurate matching fields of two groups of independent monitoring data are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when fuzzy matching fields are compared, when one or more differences of the fuzzy matching fields of two groups of independent monitoring data are larger than a fuzzy threshold, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when all the accurate matching fields are the same and the difference of all the fuzzy matching fields is smaller than the fuzzy threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
Or
When comparing accurate matching fields, when the accurate matching fields of two groups of independent monitoring data are the same, setting the matching degree of the field to be 1, and when the accurate matching fields of the two groups of independent monitoring data are different, setting the matching degree of the field to be 0;
when fuzzy matching fields are compared, setting the matching degree of the fields to be a numerical value from 0 to 1 according to the difference of the fuzzy matching fields; adding the matching degrees of all the fuzzy matching fields to obtain a total matching degree;
when one or more matching degrees of the accurate matching fields of the two groups of independent monitoring data are 0, judging that the two groups of independent monitoring data do not belong to the same network behavior; that is, as long as any one of the exact match fields is 0, the data will be judged to be different network behavior.
When the total matching degree of the fuzzy matching field is smaller than the matching threshold, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when the matching degrees of the precise matching fields of the two groups of independent monitoring data are both 1 and the total matching degree of the fuzzy matching fields is greater than the matching threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
In the actual application process, due to limitations such as network reasons and access rights of a specific monitoring scheme, not all data acquisition modules can acquire all relevant information of network behaviors. When the related information is not obtained, a situation that part of fields are empty exists in the monitoring data. For such a case that the field is empty, the fuzzy matching can be adopted to process.
The precise matching field comprises an identity ID of the user machine where the network behavior occurs, the fuzzy matching field comprises a Uniform Resource Locator (URL), a network behavior occurrence Time, a protocol address IP of the user machine sent by the network behavior, a Browser of the user machine of the network behavior, and an operating system OS of the user machine where the network behavior occurs.
The exact match field and the fuzzy match field may have more parameters and metrics, for example only.
And carrying out matching degree calculation on a plurality of different fields, and judging whether the matching is successful by using the final total matching degree. In the scheme of this embodiment, the fields shown in table 1 are used for matching:
TABLE 1
The threshold used by the above features, i.e. the specific numerical value of each score of the matching degree, can be modified according to actual conditions.
And for any two pieces of monitoring data, adding the matching degrees of the two pieces of monitoring data in each rule to obtain a total score of the matching degrees. And if the total score exceeds a preset matching threshold, the two pieces of monitoring data are considered as a pair of monitoring data which are matched successfully. Specifically, if the unified ue IDs of the two pieces of monitored data are different, the total score of the matching degree is directly set to 0. Therefore, the two matched uniform user machine ID requirements of the monitoring data must be completely consistent, and in this embodiment, only two logs of the same uniform user machine ID need to be matched with each other.
After the monitoring data are matched, all the monitoring data judged to belong to the same network behavior in all the data acquisition modules are combined into a log record. The log records may be stored in the server, wherein only one field (e.g., uniform user ID) that needs to be completely consistent among all data acquisition modules is reserved, and the other fields are stored by adding tags corresponding to the data acquisition modules.
The matched log records of a plurality of data acquisition modules have two advantages: firstly, various monitoring schemes can better restore the related information of the network behavior; secondly, the same field in the monitoring data of the multi-data acquisition module has a plurality of monitoring results for comparison. Based on the characteristics, the detection of cheating can be carried out by adopting richer rules than a single data source log.
The conventional cheating analysis rule mainly identifies cheating traffic by analyzing the frequency or periodicity of the network behavior of the same user, and the anti-cheating method of multiple data sources can also monitor unmatched fields to identify forged data.
The analysis results include the percentage of the cheating traffic in all log records and the data source of the cheating traffic.
The way of cheating traffic analysis includes: and monitoring the degree of mismatching of the same monitoring parameter in multiple groups of monitoring data of the same network behavior in the network behavior log record to identify fake data and/or monitoring the frequency or period of the same network behavior to identify fake data.
a. A cheating method of forging data is identified by checking fields that do not match. For example, when an ad publisher delivers an ad, its own monitoring system describes the delivery of the ad slot. One cheating method is to forge the browsing behavior of the advertisement space on other cheap advertisement spaces and shield or modify the URL address acquired by the monitoring system of the advertisement publisher by technical means. By utilizing the log with multiple data sources, the media side can know whether a cheating mode of deceiving the advertisement publisher by using a forged URL exists or not by only acquiring monitoring data which can be matched with the monitoring system of the advertisement publisher from other data sources and matching a real URL in the monitoring data with the advertisement space description.
b. A large number of different rules are designed and combined using rich fields of multiple data sources to overcome the rule limitations of a single data source. For example, if a user has only a few network behaviors in the data of most data sources, and a large number of network behaviors in the data of a specific data source, it indicates that the monitoring code of the data source is being used by a cheater to perform traffic cheating.
By utilizing the analysis result of the cheating flow, the monitoring data of each data acquisition module can be analyzed, and a data source which is possibly targeted by a cheater can be found out. For example, a cheater can effectively identify abnormal situations after comparing the same fields of other data sources when a large number of error fields appear in the data sources by adopting a disguise technical means or when a large number of blank fields appear in the fields by adopting a means of refusing access, and a corresponding technical scheme is adopted to overcome the means of cheating anti-cheating systems or directly communicate with the cheater to require the cheater to stop cheating and limiting a monitoring system.
Based on the above, the matching module in the anti-cheating device of the embodiment of the invention comprises an accurate matching module, a fuzzy matching module and a judging module;
the accurate matching module is used for comparing accurate matching fields of two groups of independent monitoring data and obtaining an accurate comparison result;
the fuzzy matching module is used for comparing fuzzy matching fields of two groups of independent monitoring data and obtaining a fuzzy comparison result;
and the judging module is used for judging whether the multiple groups of independent monitoring data belong to the same network behavior according to the accurate comparison result and the fuzzy comparison result.
The judgment basis of the judgment module is as follows:
when one or more accurate comparison results are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the difference of one or more fuzzy matching fields is larger than a fuzzy threshold, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when all the accurate matching fields are the same and the difference of all the fuzzy matching fields is smaller than a fuzzy threshold, judging that the two groups of independent monitoring data belong to the same network behavior;
or,
when one or more accurate comparison results are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the total matching degree of the fuzzy comparison result is greater than the matching threshold, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when all the accurate matching fields are the same and the total matching degree of the fuzzy comparison result is smaller than the matching threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
Compared with the existing anti-cheating method and device, the method has the advantages that:
(1) through the technical scheme of multiple data sources, more related information of network behaviors can be collected, so that the network behaviors related to cheating can be identified more accurately.
(2) The use of multiple data sources can effectively avoid being targeted by cheaters using means such as counterfeit data, and therefore a more stable effect can be obtained.
(3) By analyzing historical data of each data source, the anti-cheating method and system based on multiple data sources can detect the data sources which are possibly targeted by cheaters, and improve the anti-jamming capability of the data sources by improving a monitoring scheme.
The following description will be made by taking anti-cheating monitoring of internet advertisement delivery as an example with reference to fig. 1, 2 and 3:
the system comprises a plurality of Internet advertisement monitoring systems, a server and a server, wherein the Internet advertisement monitoring systems are used for storing, recording and extracting relevant information of each network behavior of a user machine represented by each visiting user object (namely Cookie);
for each network behavior of each visiting Cookie, the monitoring system records one or more information of the uniform unique Identification (ID), visiting time, visiting URL, browsing behavior and the like of the visiting Cookie. In actual operation, there may be differences in the fields recorded by different monitoring systems.
The information and/or browsing behavior of the Cookie client recorded by the single data collection module is shown in table 2.
TABLE 2
And summarizing the monitoring data of the plurality of internet advertisement data acquisition modules. Examples of the summarized data are shown in table 3.
TABLE 3
And the matching module is used for matching any two pieces of monitoring data in the data to be matched and finding out a plurality of logs belonging to the same network behavior. The matching results in each case are illustrated separately below.
TABLE 4
As shown in table 4, the unified ue IDs in the two pieces of monitoring data from different data acquisition modules are not consistent, so that the two pieces of monitoring data fail to match, and belong to different network behaviors.
TABLE 5
As shown in table 5, the uniform ue IDs in the two pieces of monitored data from different data acquisition modules are consistent, so that the fuzzy field matching calculation needs to be continued.
According to the formula shown in Table 1, the matching degree of the time of network behavior transmission is equal to
1/(the number of seconds +1 of the phase difference between the two times) ≈ 1/15993 ≈ 0;
the matching degree of the webpage URL of the network behavior is equal to 0.2;
the matching degree of the browsing behavior is equal to 0.
The total match of 3 ambiguous fields is therefore equal to 0.2.
In this embodiment, the preset threshold of the total matching degree is set to be 1, and then the total matching degree between the two pieces of monitoring data is smaller than the threshold, so that the two pieces of monitoring data do not belong to the same network behavior.
TABLE 6
As shown in table 6, the uniform ue IDs in the two pieces of monitored data from different data acquisition modules are consistent, and the total matching degree of the fuzzy field is further calculated.
According to the formula shown in Table 1, the matching degree of the time of network behavior transmission is equal to
1/(the number of seconds +1 of the phase difference between the two times) ≈ 1/3 ≈ 0.33;
the matching degree of the webpage URL of the network behavior is equal to 0.5;
the matching degree of the browsing behavior is equal to 0.2.
The total match of the ambiguous field is therefore equal to 1.03.
As described above, in this embodiment, the preset threshold of the total matching degree is set to be 1, and then the total matching degree between the two pieces of monitoring data is greater than the threshold, so that the two pieces of monitoring data belong to the same network behavior.
Through the matching process, a plurality of pieces of monitoring data of the same network behavior can be matched, and the monitoring data can be used as the log record of the network behavior.
And (4) cheating analysis, namely analyzing the matched logs to identify the cheating flow. The method of analyzing the log will be described with a method of checking the unmatched fields to identify falsified data as an example in the present embodiment.
TABLE 7
Table 7 shows two matched sets of monitored data from different data acquisition modules, for example, a female channel is placed in the customer-set ad campaign 1.
As seen from the monitoring data of the data acquisition module 1 that does not monitor the URL, the network behavior is not abnormal, but the actual URL of the network behavior can be found to be in the form of sports.bbb.com by analyzing the monitoring data of the data acquisition module 2 that is matched with the network behavior. According to the characteristics of the URL, the fact that the webpage accessed by the network behavior is a sports channel can be judged, and the advertisement activity 1 in the data acquisition module 1 should be launched by a female channel, so that the network behavior can be suspected to possibly relate to a cheating means of disguising the exposure of the advertisement space B by using the exposure of the advertisement space A.
In this embodiment, on the data collection module 1 with advertisement activity information, the advertisement publisher hides the URL of the exposure page so that the monitoring system cannot check the cheating means. The anti-cheating method of multiple data sources finds the exposed URL from another data acquisition module 2 and successfully identifies the cheating action.
In practice, the cheating traffic analysis has various modes, and the above example illustrates that a method in a single data source can be adopted on data of multiple data sources, and a method of cross-validation of multiple data sources can be used for more accurately identifying cheating means.
And (4) cheating result feedback, namely analyzing the results of all the data acquisition modules, and finding out the data source targeted by the cheater for improvement.
In this embodiment, the data collection module 1 is restricted from obtaining URLs by the advertisement publisher. If the situation is common on the data acquisition module 1, feedback can be carried out on the data acquisition module 1, and an advertisement putting person is required to cancel actions such as limitation on the data acquisition module 1, so that the monitoring quality of the data acquisition module 1 is improved.
The above embodiments are merely to illustrate the technical solutions of the present invention and not to limit the present invention, and the present invention has been described in detail with reference to the preferred embodiments. It will be understood by those skilled in the art that various modifications and equivalent arrangements may be made without departing from the spirit and scope of the present invention and it should be understood that the present invention is to be covered by the appended claims.
Claims (10)
1. An internet monitoring anti-cheating method is characterized by comprising the following steps:
A. carrying out data collection on single network activity by using various monitoring schemes to obtain multiple groups of independent monitoring data;
B. matching the multiple groups of independent monitoring data, judging whether the multiple groups of independent monitoring data belong to the same network behavior, and summarizing all the monitoring data judged to belong to the same network behavior into a log record of the network behavior;
C. and carrying out cheating flow analysis on the log records of each network behavior to obtain an analysis result.
2. The method of claim 1, wherein: the monitoring schemes comprise directly embedding codes in a webpage frame where the network behavior occurs, embedding codes in Flash animation or JavaScript scripts in an access page, and installing browser plug-ins or client software on a user machine.
3. The method of claim 1, wherein: the step of matching the multiple groups of independent monitoring data and judging whether the multiple groups of independent monitoring data belong to the same network behavior comprises the following steps:
b1, dividing the field of the monitoring data into one or more exact match fields, or dividing the field of the monitoring data into one or more exact match fields and one or more fuzzy match fields;
b2, comparing the independent monitoring data in pairs according to fields;
when the accurate matching fields are compared, when one or more accurate matching fields of two groups of independent monitoring data are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when fuzzy matching fields are compared, when one or more differences of the fuzzy matching fields of two groups of independent monitoring data are larger than a fuzzy threshold value of the field, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when all the accurate matching fields are the same and the difference of all the fuzzy matching fields is smaller than the fuzzy threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
4. The method of claim 1, wherein: the step of matching the multiple groups of independent monitoring data and judging whether the multiple groups of independent monitoring data belong to the same network behavior comprises the following steps:
b1, dividing the field of the monitoring data into one or more exact match fields, or dividing the field of the monitoring data into one or more exact match fields and one or more fuzzy match fields;
b2, comparing the independent monitoring data in pairs;
when comparing the accurate matching fields, setting the matching degree of the fields to be 1 when the accurate matching fields of the two groups of independent monitoring data are the same, and setting the matching degree of the fields to be 0 when the accurate matching fields of the two groups of independent monitoring data are different;
when fuzzy matching fields are compared, setting the matching degree of the fields to be a numerical value from 0 to 1 according to the difference of the fuzzy matching fields; adding the matching degrees of all the fuzzy matching fields to obtain a total matching degree;
when one or more matching degrees of the accurate matching fields of the two groups of independent monitoring data are 0, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the total matching degree of the fuzzy matching field is smaller than the matching threshold, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when the matching degrees of the precise matching fields of the two groups of independent monitoring data are both 1 and the total matching degree of the fuzzy matching fields is greater than the matching threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
5. The method of claim 3 or 4, wherein: the precise matching field comprises an identity ID of the user machine where the network behavior occurs, the fuzzy matching field comprises a Uniform Resource Locator (URL), a network behavior occurrence Time, a protocol address IP of the user machine sent by the network behavior, a Browser of the user machine where the network behavior occurs and an operating system OS of the user machine where the network behavior occurs.
6. The method of claim 1, wherein: the cheating traffic analysis comprises: and monitoring the degree of mismatching of the same monitoring parameter in a plurality of groups of monitoring data in the network behavior log record to identify forged data.
7. The method of claim 1, wherein: the analysis result of step C includes the percentage of the cheating traffic in all log records and the data source of the cheating traffic.
8. An internet monitoring anti-cheating device, comprising: a plurality of data acquisition modules, a matching module and an analysis module,
the data acquisition module is used for collecting data of single network activity by using a monitoring scheme to obtain monitoring data;
the matching module is used for matching a plurality of groups of independent monitoring data, judging whether the plurality of groups of independent monitoring data belong to the same network behavior or not, and summarizing all the monitoring data judged to belong to the same network behavior into a log record;
and the analysis module is used for carrying out cheating flow analysis on the log records to obtain an analysis result.
9. The apparatus of claim 8, wherein: the matching module comprises an accurate matching module, a fuzzy matching module and a judging module;
the accurate matching module is used for comparing accurate matching fields of two groups of independent monitoring data and obtaining an accurate comparison result;
the fuzzy matching module is used for comparing fuzzy matching fields of two groups of independent monitoring data and obtaining a fuzzy comparison result;
and the judging module is used for judging whether the multiple groups of independent monitoring data belong to the same network behavior according to the accurate comparison result and the fuzzy comparison result.
10. The apparatus of claim 9, wherein: the judgment basis of the judgment module is as follows:
when one or more accurate comparison results are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the difference of one or more fuzzy matching fields is larger than the fuzzy threshold of the field, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when all the accurate matching fields are the same and the difference of all the fuzzy matching fields is smaller than a fuzzy threshold, judging that the two groups of independent monitoring data belong to the same network behavior;
or,
when one or more accurate comparison results are different, judging that the two groups of independent monitoring data do not belong to the same network behavior;
when the total matching degree of the fuzzy comparison result is smaller than a matching threshold value, judging that the two groups of independent monitoring data do not belong to the same network behavior;
and when all the accurate matching fields are the same and the total matching degree of the fuzzy comparison result is greater than the matching threshold, judging that the two groups of independent monitoring data belong to the same network behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310079359.8A CN104050178B (en) | 2013-03-13 | 2013-03-13 | A kind of anti-cheat method of Internet surveillance and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310079359.8A CN104050178B (en) | 2013-03-13 | 2013-03-13 | A kind of anti-cheat method of Internet surveillance and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104050178A true CN104050178A (en) | 2014-09-17 |
| CN104050178B CN104050178B (en) | 2017-09-22 |
Family
ID=51503029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310079359.8A Active CN104050178B (en) | 2013-03-13 | 2013-03-13 | A kind of anti-cheat method of Internet surveillance and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104050178B (en) |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105183873A (en) * | 2015-09-18 | 2015-12-23 | 北京博雅立方科技有限公司 | Malicious clicking behavior detection method and device |
| CN105279674A (en) * | 2015-10-13 | 2016-01-27 | 精硕世纪科技(北京)有限公司 | Method and device for determining cheating behaviors of mobile advertisement delivering device |
| CN105653944A (en) * | 2015-12-25 | 2016-06-08 | 北京奇虎科技有限公司 | Detection method and device of cheating behaviors |
| CN105718462A (en) * | 2014-12-02 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Cheating detection method and apparatus for application operation |
| CN105824834A (en) * | 2015-01-06 | 2016-08-03 | 腾讯科技(深圳)有限公司 | Search traffic cheating behavior identification method and apparatus |
| CN105975379A (en) * | 2016-05-25 | 2016-09-28 | 北京比邻弘科科技有限公司 | False mobile device recognition method and system |
| CN106250761A (en) * | 2016-07-28 | 2016-12-21 | 广州爱九游信息技术有限公司 | A kind of unit identifying web automation tools and method |
| CN106301980A (en) * | 2015-05-28 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of brush amount tool detection method and apparatus |
| CN106294529A (en) * | 2015-06-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of identification user's abnormal operation method and apparatus |
| CN106355431A (en) * | 2016-08-18 | 2017-01-25 | 晶赞广告(上海)有限公司 | Detection method, device and terminal for cheating traffic |
| CN106372959A (en) * | 2016-08-22 | 2017-02-01 | 广州图灵科技有限公司 | Internet-based user access behavior digital marketing system and method |
| CN106384252A (en) * | 2016-09-26 | 2017-02-08 | 广州艾媒数聚信息咨询股份有限公司 | Mobile advertisement monitoring-based page visit theft-prevention method and system |
| CN106469383A (en) * | 2015-08-14 | 2017-03-01 | 北京国双科技有限公司 | The detection method of advertisement putting quality and device |
| CN106651475A (en) * | 2017-02-22 | 2017-05-10 | 广州万唯邑众信息科技有限公司 | Method and system for identifying false traffic of mobile video advertisement |
| CN107172127A (en) * | 2017-04-21 | 2017-09-15 | 北京理工大学 | Based on the information security technology contest course monitoring method acted on behalf of more |
| CN107229557A (en) * | 2017-06-26 | 2017-10-03 | 微鲸科技有限公司 | It is abnormal to click on detection method and device, click volume statistical method and device |
| CN107241347A (en) * | 2017-07-10 | 2017-10-10 | 上海精数信息科技有限公司 | The analysis method and device of ad traffic quality |
| CN107330718A (en) * | 2017-06-09 | 2017-11-07 | 晶赞广告(上海)有限公司 | A kind of anti-cheat method of media and device, storage medium, terminal |
| CN107491453A (en) * | 2016-06-13 | 2017-12-19 | 北京搜狗科技发展有限公司 | A kind of method and device for identifying cheating webpages |
| CN107622406A (en) * | 2016-07-14 | 2018-01-23 | 精硕科技(北京)股份有限公司 | Identify the method and system of virtual unit |
| CN108009844A (en) * | 2017-11-20 | 2018-05-08 | 北京智钥科技有限公司 | Determine the method, apparatus and Cloud Server of advertisement cheating |
| CN108093428A (en) * | 2017-11-06 | 2018-05-29 | 浙江每日互动网络科技股份有限公司 | For differentiating the server of real traffic |
| CN108536865A (en) * | 2018-04-23 | 2018-09-14 | 昆山融捷信息技术有限公司 | Cross-platform big data information intelligent acquisition method |
| CN108810947A (en) * | 2018-05-29 | 2018-11-13 | 浙江每日互动网络科技股份有限公司 | The IP address-based server for differentiating real traffic |
| CN108965950A (en) * | 2018-06-13 | 2018-12-07 | 广州欢网科技有限责任公司 | A kind of monitoring of the advertisement method and apparatus |
| CN109003137A (en) * | 2018-07-23 | 2018-12-14 | 广州至真信息科技有限公司 | A kind of anti-method and device practised fraud of advertisement |
| CN109429082A (en) * | 2017-08-31 | 2019-03-05 | 武汉斗鱼网络科技有限公司 | Popularity detection method, storage medium, electronic equipment and system is broadcast live |
| CN109872174A (en) * | 2017-12-05 | 2019-06-11 | 上海花事电子商务有限公司 | A kind of anti-cheating system of advertisement |
| CN110191119A (en) * | 2019-05-28 | 2019-08-30 | 秒针信息技术有限公司 | A kind of determination method and device for the APP generating abnormal flow |
| CN110213220A (en) * | 2018-12-26 | 2019-09-06 | 腾讯科技(深圳)有限公司 | Method, apparatus, electronic equipment and the computer storage medium of detection flows data |
| CN110401660A (en) * | 2019-07-26 | 2019-11-01 | 秒针信息技术有限公司 | Recognition methods, device, processing equipment and the storage medium of false flow |
| CN111079148A (en) * | 2019-12-24 | 2020-04-28 | 杭州安恒信息技术股份有限公司 | A detection method, device, device and storage medium for SQL injection attack |
| CN111091391A (en) * | 2018-10-24 | 2020-05-01 | 北京字节跳动网络技术有限公司 | Method and device for identifying cheating user and electronic equipment |
| CN111581079A (en) * | 2020-04-16 | 2020-08-25 | 微梦创科网络科技(中国)有限公司 | Third-party advertisement monitoring method and system based on asynchronous verification |
| CN111611520A (en) * | 2020-05-28 | 2020-09-01 | 北京学之途网络科技有限公司 | Monitoring method and device for flow cheating, electronic equipment and storage medium |
| CN114255059A (en) * | 2020-09-21 | 2022-03-29 | 北京鸿享技术服务有限公司 | Monitoring method, device and system for application advertisement putting and readable storage medium |
| CN115549997A (en) * | 2022-09-20 | 2022-12-30 | 智网安云(武汉)信息技术有限公司 | A method and system for processing alarm data of network security equipment |
| CN120074962A (en) * | 2025-04-28 | 2025-05-30 | 广州龙之音电子科技有限公司 | Network security monitoring system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101093510A (en) * | 2007-07-25 | 2007-12-26 | 北京搜狗科技发展有限公司 | Anti cheating method and system for aiming at cheat on web page |
| US20080162202A1 (en) * | 2006-12-29 | 2008-07-03 | Richendra Khanna | Detecting inappropriate activity by analysis of user interactions |
| CN101393629A (en) * | 2007-09-20 | 2009-03-25 | 阿里巴巴集团控股有限公司 | Implementing method and apparatus for network advertisement effect monitoring |
| CN102724182A (en) * | 2012-05-30 | 2012-10-10 | 北京像素软件科技股份有限公司 | Recognition method of abnormal client side |
| CN103390027A (en) * | 2013-06-25 | 2013-11-13 | 亿赞普(北京)科技有限公司 | Internet advertisement anti-spamming method and system |
-
2013
- 2013-03-13 CN CN201310079359.8A patent/CN104050178B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080162202A1 (en) * | 2006-12-29 | 2008-07-03 | Richendra Khanna | Detecting inappropriate activity by analysis of user interactions |
| CN101093510A (en) * | 2007-07-25 | 2007-12-26 | 北京搜狗科技发展有限公司 | Anti cheating method and system for aiming at cheat on web page |
| CN101393629A (en) * | 2007-09-20 | 2009-03-25 | 阿里巴巴集团控股有限公司 | Implementing method and apparatus for network advertisement effect monitoring |
| CN102724182A (en) * | 2012-05-30 | 2012-10-10 | 北京像素软件科技股份有限公司 | Recognition method of abnormal client side |
| CN103390027A (en) * | 2013-06-25 | 2013-11-13 | 亿赞普(北京)科技有限公司 | Internet advertisement anti-spamming method and system |
Cited By (56)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105718462B (en) * | 2014-12-02 | 2020-01-17 | 阿里巴巴集团控股有限公司 | Cheating detection method and device for application operation |
| CN105718462A (en) * | 2014-12-02 | 2016-06-29 | 阿里巴巴集团控股有限公司 | Cheating detection method and apparatus for application operation |
| CN105824834A (en) * | 2015-01-06 | 2016-08-03 | 腾讯科技(深圳)有限公司 | Search traffic cheating behavior identification method and apparatus |
| CN106301980A (en) * | 2015-05-28 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of brush amount tool detection method and apparatus |
| CN106301980B (en) * | 2015-05-28 | 2020-06-05 | 腾讯科技(深圳)有限公司 | Brushing amount tool detection method and device |
| CN106294529A (en) * | 2015-06-29 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of identification user's abnormal operation method and apparatus |
| CN106469383A (en) * | 2015-08-14 | 2017-03-01 | 北京国双科技有限公司 | The detection method of advertisement putting quality and device |
| CN105183873A (en) * | 2015-09-18 | 2015-12-23 | 北京博雅立方科技有限公司 | Malicious clicking behavior detection method and device |
| CN105279674A (en) * | 2015-10-13 | 2016-01-27 | 精硕世纪科技(北京)有限公司 | Method and device for determining cheating behaviors of mobile advertisement delivering device |
| CN105653944B (en) * | 2015-12-25 | 2018-06-12 | 北京奇虎科技有限公司 | Cheating detection method and device |
| CN105653944A (en) * | 2015-12-25 | 2016-06-08 | 北京奇虎科技有限公司 | Detection method and device of cheating behaviors |
| CN105975379A (en) * | 2016-05-25 | 2016-09-28 | 北京比邻弘科科技有限公司 | False mobile device recognition method and system |
| CN107491453B (en) * | 2016-06-13 | 2022-09-02 | 北京搜狗科技发展有限公司 | Method and device for identifying cheating web pages |
| CN107491453A (en) * | 2016-06-13 | 2017-12-19 | 北京搜狗科技发展有限公司 | A kind of method and device for identifying cheating webpages |
| CN107622406A (en) * | 2016-07-14 | 2018-01-23 | 精硕科技(北京)股份有限公司 | Identify the method and system of virtual unit |
| CN106250761A (en) * | 2016-07-28 | 2016-12-21 | 广州爱九游信息技术有限公司 | A kind of unit identifying web automation tools and method |
| CN106250761B (en) * | 2016-07-28 | 2019-12-20 | 广州爱九游信息技术有限公司 | Equipment, device and method for identifying web automation tool |
| CN106355431B (en) * | 2016-08-18 | 2020-01-07 | 晶赞广告(上海)有限公司 | Cheating flow detection method and device and terminal |
| CN106355431A (en) * | 2016-08-18 | 2017-01-25 | 晶赞广告(上海)有限公司 | Detection method, device and terminal for cheating traffic |
| CN106372959A (en) * | 2016-08-22 | 2017-02-01 | 广州图灵科技有限公司 | Internet-based user access behavior digital marketing system and method |
| CN106384252A (en) * | 2016-09-26 | 2017-02-08 | 广州艾媒数聚信息咨询股份有限公司 | Mobile advertisement monitoring-based page visit theft-prevention method and system |
| CN106651475A (en) * | 2017-02-22 | 2017-05-10 | 广州万唯邑众信息科技有限公司 | Method and system for identifying false traffic of mobile video advertisement |
| CN107172127A (en) * | 2017-04-21 | 2017-09-15 | 北京理工大学 | Based on the information security technology contest course monitoring method acted on behalf of more |
| CN107330718A (en) * | 2017-06-09 | 2017-11-07 | 晶赞广告(上海)有限公司 | A kind of anti-cheat method of media and device, storage medium, terminal |
| CN107229557B (en) * | 2017-06-26 | 2020-10-20 | 微鲸科技有限公司 | Abnormal click detection method and device, click statistics method and device |
| CN107229557A (en) * | 2017-06-26 | 2017-10-03 | 微鲸科技有限公司 | It is abnormal to click on detection method and device, click volume statistical method and device |
| CN107241347A (en) * | 2017-07-10 | 2017-10-10 | 上海精数信息科技有限公司 | The analysis method and device of ad traffic quality |
| CN109429082B (en) * | 2017-08-31 | 2020-10-16 | 武汉斗鱼网络科技有限公司 | Live broadcast popularity detection method, storage medium, electronic device and system |
| CN109429082A (en) * | 2017-08-31 | 2019-03-05 | 武汉斗鱼网络科技有限公司 | Popularity detection method, storage medium, electronic equipment and system is broadcast live |
| CN108093428B (en) * | 2017-11-06 | 2021-02-19 | 每日互动股份有限公司 | Server for authenticating real traffic |
| CN108093428A (en) * | 2017-11-06 | 2018-05-29 | 浙江每日互动网络科技股份有限公司 | For differentiating the server of real traffic |
| CN108009844A (en) * | 2017-11-20 | 2018-05-08 | 北京智钥科技有限公司 | Determine the method, apparatus and Cloud Server of advertisement cheating |
| CN109872174A (en) * | 2017-12-05 | 2019-06-11 | 上海花事电子商务有限公司 | A kind of anti-cheating system of advertisement |
| CN108536865A (en) * | 2018-04-23 | 2018-09-14 | 昆山融捷信息技术有限公司 | Cross-platform big data information intelligent acquisition method |
| CN108810947A (en) * | 2018-05-29 | 2018-11-13 | 浙江每日互动网络科技股份有限公司 | The IP address-based server for differentiating real traffic |
| CN108810947B (en) * | 2018-05-29 | 2021-05-11 | 每日互动股份有限公司 | Server for identifying real flow based on IP address |
| CN108965950B (en) * | 2018-06-13 | 2021-10-22 | 广州欢网科技有限责任公司 | Advertisement monitoring method and device |
| CN108965950A (en) * | 2018-06-13 | 2018-12-07 | 广州欢网科技有限责任公司 | A kind of monitoring of the advertisement method and apparatus |
| CN109003137A (en) * | 2018-07-23 | 2018-12-14 | 广州至真信息科技有限公司 | A kind of anti-method and device practised fraud of advertisement |
| CN111091391A (en) * | 2018-10-24 | 2020-05-01 | 北京字节跳动网络技术有限公司 | Method and device for identifying cheating user and electronic equipment |
| CN111091391B (en) * | 2018-10-24 | 2021-05-14 | 北京字节跳动网络技术有限公司 | Method, apparatus and electronic device for identifying cheating users |
| CN110213220B (en) * | 2018-12-26 | 2022-03-04 | 腾讯科技(深圳)有限公司 | Method and device for detecting flow data, electronic equipment and computer storage medium |
| CN110213220A (en) * | 2018-12-26 | 2019-09-06 | 腾讯科技(深圳)有限公司 | Method, apparatus, electronic equipment and the computer storage medium of detection flows data |
| CN110191119B (en) * | 2019-05-28 | 2021-09-10 | 秒针信息技术有限公司 | Method and device for determining APP (application) generating abnormal traffic |
| CN110191119A (en) * | 2019-05-28 | 2019-08-30 | 秒针信息技术有限公司 | A kind of determination method and device for the APP generating abnormal flow |
| CN110401660A (en) * | 2019-07-26 | 2019-11-01 | 秒针信息技术有限公司 | Recognition methods, device, processing equipment and the storage medium of false flow |
| CN110401660B (en) * | 2019-07-26 | 2022-03-01 | 秒针信息技术有限公司 | False flow identification method and device, processing equipment and storage medium |
| CN111079148A (en) * | 2019-12-24 | 2020-04-28 | 杭州安恒信息技术股份有限公司 | A detection method, device, device and storage medium for SQL injection attack |
| CN111079148B (en) * | 2019-12-24 | 2022-03-18 | 杭州安恒信息技术股份有限公司 | A detection method, device, device and storage medium for SQL injection attack |
| CN111581079A (en) * | 2020-04-16 | 2020-08-25 | 微梦创科网络科技(中国)有限公司 | Third-party advertisement monitoring method and system based on asynchronous verification |
| CN111611520A (en) * | 2020-05-28 | 2020-09-01 | 北京学之途网络科技有限公司 | Monitoring method and device for flow cheating, electronic equipment and storage medium |
| CN111611520B (en) * | 2020-05-28 | 2024-03-08 | 北京明略昭辉科技有限公司 | Flow cheating monitoring method and device, electronic equipment and storage medium |
| CN114255059A (en) * | 2020-09-21 | 2022-03-29 | 北京鸿享技术服务有限公司 | Monitoring method, device and system for application advertisement putting and readable storage medium |
| CN115549997A (en) * | 2022-09-20 | 2022-12-30 | 智网安云(武汉)信息技术有限公司 | A method and system for processing alarm data of network security equipment |
| CN120074962A (en) * | 2025-04-28 | 2025-05-30 | 广州龙之音电子科技有限公司 | Network security monitoring system |
| CN120074962B (en) * | 2025-04-28 | 2025-06-27 | 广州龙之音电子科技有限公司 | Network security monitoring system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104050178B (en) | 2017-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104050178B (en) | A kind of anti-cheat method of Internet surveillance and device | |
| US12015681B2 (en) | Methods and apparatus to determine media impressions using distributed demographic information | |
| Gugelmann et al. | An automated approach for complementing ad blockers’ blacklists | |
| Kotzias et al. | Measuring {PUP} Prevalence and {PUP} Distribution through {Pay-Per-Install} Services | |
| Kharraz et al. | Surveylance: Automatically detecting online survey scams | |
| Caballero et al. | Measuring {Pay-per-Install}: The commoditization of malware distribution | |
| US8321934B1 (en) | Anti-phishing early warning system based on end user data submission statistics | |
| Allen et al. | Mnemosyne: An effective and efficient postmortem watering hole attack investigation system | |
| Kumar et al. | A large-scale investigation into geodifferences in mobile apps | |
| KR20180088655A (en) | A method for detecting web tracking services | |
| Iqbal et al. | Protecting Internet users from becoming victimized attackers of click‐fraud | |
| Campobasso et al. | Know your cybercriminal: Evaluating attacker preferences by measuring profile sales on an active, leading criminal market for user impersonation at scale | |
| Nikiforakis et al. | On the workings and current practices of web-based device fingerprinting | |
| Englehardt | Automated discovery of privacy violations on the web | |
| US20190370856A1 (en) | Detection and estimation of fraudulent content attribution | |
| Liu et al. | Traffickstop: Detecting and measuring illicit traffic monetization through large-scale dns analysis | |
| Venugopalan et al. | Fp-inconsistent: Detecting evasive bots using browser fingerprint inconsistencies | |
| Acar et al. | Online Tracking Technologies and Web Privacy | |
| Le | Automated Filter Rule Generation for Adblocking | |
| CN118133255A (en) | Big data management method and system for Internet application | |
| Kim et al. | A Study on the Automatic Malware Collecting System Based on the Searching Keyword | |
| Falahrastegar | The Complex Third-Party Tracking Ecosystem: A Multi-Dimensional Perspective | |
| Wang | A Comprehensive Approach to Undermining Search Result Poisoning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100102 Beijing, Chaoyang District Fu Tong East Street, building 1, room 5, room 321008 Applicant after: The second hand information technology Co. Ltd. Address before: Beijing City, a small town east of Changping District road 102218 in No. 398 Coal Construction Group No. 1 building, 4 floor second hand system Applicant before: Beijing Sibotu Information Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201218 Address after: 200232 floor 29, 30, 31, 32, 701 Yunjin Road, Xuhui District, Shanghai Patentee after: Shanghai minglue artificial intelligence (Group) Co.,Ltd. Address before: 100102 room 321008, 5 building, 1 Tung Fu Street East, Chaoyang District, Beijing. Patentee before: MIAOZHEN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |