[go: up one dir, main page]

CN116112258A - Login authentication method, login authentication device, electronic equipment and computer readable storage medium - Google Patents

Login authentication method, login authentication device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN116112258A
CN116112258A CN202310103553.9A CN202310103553A CN116112258A CN 116112258 A CN116112258 A CN 116112258A CN 202310103553 A CN202310103553 A CN 202310103553A CN 116112258 A CN116112258 A CN 116112258A
Authority
CN
China
Prior art keywords
login
information
authentication
accounts
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310103553.9A
Other languages
Chinese (zh)
Inventor
张凯淋
于星杰
于洪达
刘振超
赵子恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310103553.9A priority Critical patent/CN116112258A/en
Publication of CN116112258A publication Critical patent/CN116112258A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本申请属于通信技术领域,公开了登录认证的方法、装置、电子设备及计算机可读存储介质,该方法包括,获取登录请求用户的登录信息;确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的;采用登录检测模型,基于登录信息进行登录异常检测,获得异常值;采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。这样,就可以减少登录限制以及耗费的时间成本。

Figure 202310103553

This application belongs to the field of communication technology, and discloses a login authentication method, device, electronic equipment, and computer-readable storage medium. The method includes: acquiring login information of a login requesting user; determining a login detection model set corresponding to a login account in the login information ;The login detection model is obtained based on the confrontation model training; the login detection model is used to detect the login anomaly based on the login information, and the abnormal value is obtained; the login authentication process is set corresponding to the abnormal value, and the login request user is authenticated; different abnormal values The login restrictions and time-consuming of the corresponding login authentication process are different. In this way, login restrictions and time-consuming costs can be reduced.

Figure 202310103553

Description

登录认证的方法、装置、电子设备及计算机可读存储介质Method, device, electronic device, and computer-readable storage medium for login authentication

技术领域technical field

本申请涉及通信技术领域,具体而言,涉及登录认证的方法、装置、电子设备及计算机可读存储介质。The present application relates to the technical field of communications, and in particular, to a login authentication method, device, electronic equipment, and computer-readable storage medium.

背景技术Background technique

在一些安全性要求较高的访问场景中,通常采用多因子登录认证的方式进行登录认证。其中,多因子认证方式是指联合多种认证方式进行登录认证,以提高登录认证的安全性。例如,堡垒机是运维人员访问核心资产的专用主机。所有对资产的网络和服务器资源访问都要通过堡垒机进行。为提高资产访问的安全性,通常采用多因子登录认证的方式,对登录请求用户进行登录认证。In some access scenarios with high security requirements, multi-factor login authentication is usually used for login authentication. Wherein, the multi-factor authentication mode refers to combining multiple authentication modes for login authentication, so as to improve the security of login authentication. For example, a bastion host is a dedicated host for operation and maintenance personnel to access core assets. All network and server resource access to assets must be performed through the bastion host. In order to improve the security of asset access, multi-factor login authentication is usually used to authenticate login request users.

但是,采用这种方式,虽然保证了安全性,但是,登录限制较多,且会耗费大量时间成本。However, using this method, although the security is guaranteed, there are many restrictions on login, and it will consume a lot of time and cost.

发明内容Contents of the invention

本申请实施例的目的在于提供登录认证的方法、装置、电子设备及计算机可读存储介质,用以减少登录限制以及耗费的时间成本。The purpose of the embodiments of the present application is to provide a login authentication method, device, electronic device, and computer-readable storage medium, so as to reduce login restrictions and time-consuming costs.

一方面,提供一种登录认证的方法,包括:On the one hand, a method for login authentication is provided, including:

获取登录请求用户的登录信息;Obtain the login information of the login requesting user;

确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的;Determine the login detection model corresponding to the login account in the login information; the login detection model is obtained based on the training of the confrontation model;

采用登录检测模型,基于登录信息进行登录异常检测,获得异常值;Use the login detection model to detect login anomalies based on login information and obtain abnormal values;

采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。Use the login authentication process set corresponding to the abnormal value to perform login authentication on the login requesting user; the login authentication process corresponding to different abnormal values has different login restrictions and time-consuming.

一种实施方式中,在采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证之前,方法还包括:In one embodiment, before using the login authentication process set corresponding to the abnormal value, before performing login authentication on the login requesting user, the method further includes:

将所有的异常值进行划分,获得多个异常值区间;Divide all outliers to obtain multiple outlier intervals;

基于多种认证方式,配置多个登录认证流程;登录认证流程中包含至少一种认证方式;Based on multiple authentication methods, configure multiple login authentication processes; the login authentication process includes at least one authentication method;

建立异常值区间与登录认证流程之间的关联关系。Establish an association between the outlier interval and the login authentication process.

一种实施方式中,登录检测模型是采用以下步骤训练获得的:In an implementation manner, the login detection model is obtained through training through the following steps:

获取多个登录账号分别对应的训练数据集合;Obtain training data sets corresponding to multiple login accounts;

基于各登录账号分别对应的训练数据集合,对登录检测初始模型,分别进行训练,获得各登录账号分别对应的训练好的登录检测模型;登录检测初始模型是基于对抗模型训练获得的。Based on the training data sets corresponding to each login account, the initial login detection model is trained separately to obtain the trained login detection model corresponding to each login account; the initial login detection model is obtained based on the confrontation model training.

一种实施方式中,获取多个登录账号分别对应的训练数据集合,包括:In one embodiment, obtaining training data sets corresponding to multiple login accounts respectively includes:

获取多个登录成功信息,以及多个登录失败信息;Obtain multiple login success information and multiple login failure information;

对各登录成功信息以及各登录失败信息分别进行解析,获得多个登录信息及其对应的登录结果;登录结果包括登录成功和登录失败;Analyze each login success information and each login failure information separately, and obtain multiple login information and corresponding login results; the login results include login success and login failure;

根据登录结果以及登录账号,将登录成功的各登录信息进行划分,获得各登录账号分别对应的正样本集合;正样本集合中包括多个登录信息及其对应的登录结果;According to the login result and the login account, the login information of successful login is divided, and the positive sample set corresponding to each login account is obtained; the positive sample set includes multiple login information and corresponding login results;

根据登录结果以及登录账号,将登录失败的各登录信息进行划分,获得各登录账号分别对应的负样本集合;负样本集合中包括多个登录信息及其对应的登录结果;According to the login result and the login account, the login information of the login failure is divided, and the negative sample set corresponding to each login account is obtained; the negative sample set includes multiple login information and corresponding login results;

根据各登录账号分别对应的正样本集合,以及各登录账号分别对应的负样本集合,获得各登录账号分别对应的训练数据集合。According to the positive sample sets corresponding to the respective login accounts and the negative sample sets corresponding to the respective login accounts, the training data sets corresponding to the respective login accounts are obtained.

一种实施方式中,方法还包括:In one embodiment, the method also includes:

对各负样本集合中的负样本,进行过采样和/或添加噪声,获得更新后的各负样本集合。Perform oversampling and/or add noise to negative samples in each negative sample set to obtain updated negative sample sets.

一方面,提供一种登录认证的装置,包括:On the one hand, a device for login authentication is provided, including:

获取单元,用于获取登录请求用户的登录信息;An acquisition unit, configured to acquire the login information of the login requesting user;

确定单元,用于确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的;The determination unit is used to determine the login detection model corresponding to the login account in the login information; the login detection model is obtained based on the confrontation model training;

检测单元,用于采用登录检测模型,基于登录信息进行登录异常检测,获得异常值;The detection unit is configured to use a login detection model to perform login anomaly detection based on login information to obtain an abnormal value;

认证单元,用于采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。The authentication unit is configured to use the login authentication process set corresponding to the abnormal value to perform login authentication on the login requesting user; the login restriction and time-consuming of the login authentication process corresponding to different abnormal values are different.

一种实施方式中,认证单元还用于:In one embodiment, the authentication unit is also used for:

将所有的异常值进行划分,获得多个异常值区间;Divide all outliers to obtain multiple outlier intervals;

基于多种认证方式,配置多个登录认证流程;登录认证流程中包含至少一种认证方式;Based on multiple authentication methods, configure multiple login authentication processes; the login authentication process includes at least one authentication method;

建立异常值区间与登录认证流程之间的关联关系。Establish an association between the outlier interval and the login authentication process.

一种实施方式中,确定单元还用于:In one embodiment, the determining unit is also used for:

采用以下步骤训练获得登录检测模型:Use the following steps to train the login detection model:

获取多个登录账号分别对应的训练数据集合;Obtain training data sets corresponding to multiple login accounts;

基于各登录账号分别对应的训练数据集合,对登录检测初始模型,分别进行训练,获得各登录账号分别对应的训练好的登录检测模型;登录检测初始模型是基于对抗模型训练获得的。Based on the training data sets corresponding to each login account, the initial login detection model is trained separately to obtain the trained login detection model corresponding to each login account; the initial login detection model is obtained based on the confrontation model training.

一种实施方式中,确定单元还用于:In one embodiment, the determining unit is also used for:

获取多个登录成功信息,以及多个登录失败信息;Obtain multiple login success information and multiple login failure information;

对各登录成功信息以及各登录失败信息分别进行解析,获得多个登录信息及其对应的登录结果;登录结果包括登录成功和登录失败;Analyze each login success information and each login failure information separately, and obtain multiple login information and corresponding login results; the login results include login success and login failure;

根据登录结果以及登录账号,将登录成功的各登录信息进行划分,获得各登录账号分别对应的正样本集合;正样本集合中包括多个登录信息及其对应的登录结果;According to the login result and the login account, the login information of successful login is divided, and the positive sample set corresponding to each login account is obtained; the positive sample set includes multiple login information and corresponding login results;

根据登录结果以及登录账号,将登录失败的各登录信息进行划分,获得各登录账号分别对应的负样本集合;负样本集合中包括多个登录信息及其对应的登录结果;According to the login result and the login account, the login information of the login failure is divided, and the negative sample set corresponding to each login account is obtained; the negative sample set includes multiple login information and corresponding login results;

根据各登录账号分别对应的正样本集合,以及各登录账号分别对应的负样本集合,获得各登录账号分别对应的训练数据集合。According to the positive sample sets corresponding to the respective login accounts and the negative sample sets corresponding to the respective login accounts, the training data sets corresponding to the respective login accounts are obtained.

一种实施方式中,确定单元还用于:In one embodiment, the determining unit is also used for:

对各负样本集合中的负样本,进行过采样和/或添加噪声,获得更新后的各负样本集合。Perform oversampling and/or add noise to negative samples in each negative sample set to obtain updated negative sample sets.

一方面,提供了一种电子设备,包括处理器以及存储器,存储器存储有计算机可读取指令,当计算机可读取指令由处理器执行时,运行如上述任一种登录认证的各种可选实现方式中提供的方法的步骤。In one aspect, an electronic device is provided, including a processor and a memory, the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, various optional login authentication methods such as any of the above-mentioned ones are executed. Implement the steps of the method provided in the manner.

一方面,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时运行如上述任一种登录认证的各种可选实现方式中提供的方法的步骤。In one aspect, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the method provided in any of the above-mentioned optional implementation manners of login authentication are executed.

一方面,提供了一种计算机程序产品,计算机程序产品在计算机上运行时,使得计算机执行如上述任一种登录认证的各种可选实现方式中提供的方法的步骤。In one aspect, a computer program product is provided. When the computer program product runs on a computer, the computer executes the steps of the method provided in any of the above-mentioned optional implementation manners of login authentication.

本申请实施例提供的登录认证的方法、装置、电子设备及计算机可读存储介质中,获取登录请求用户的登录信息;确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的;采用登录检测模型,基于登录信息进行登录异常检测,获得异常值;采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。这样,就可以减少登录限制以及耗费的时间成本。In the login authentication method, device, electronic device, and computer-readable storage medium provided in the embodiments of the present application, the login information of the login requesting user is obtained; the login detection model corresponding to the login account in the login information is determined; the login detection model is based on Obtained by adversarial model training; use the login detection model to detect login anomalies based on login information, and obtain abnormal values; use the login authentication process set corresponding to the abnormal value to perform login authentication on the login requesting user; the login authentication process corresponding to different abnormal values Login restrictions and time-consuming vary. In this way, login restrictions and time-consuming costs can be reduced.

本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本申请而了解。本申请的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the application will be set forth in the description which follows, and, in part, will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明Description of drawings

为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本申请的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the accompanying drawings that need to be used in the embodiments of the present application will be briefly introduced below. It should be understood that the following drawings only show some embodiments of the present application, so It should not be regarded as a limitation on the scope, and those skilled in the art can also obtain other related drawings according to these drawings without creative work.

图1为本申请实施例提供的一种模型训练的方法的流程图;FIG. 1 is a flow chart of a method for model training provided by an embodiment of the present application;

图2为本申请实施例提供的一种登录认证的方法的流程图;FIG. 2 is a flow chart of a method for login authentication provided by an embodiment of the present application;

图3为本申请实施例提供的一种登录认证的装置的结构框图;FIG. 3 is a structural block diagram of a device for login authentication provided by an embodiment of the present application;

图4为本申请实施例提供的一种电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。通常在此处附图中描述和示出的本申请实施例的组件可以以各种不同的配置来布置和设计。因此,以下对在附图中提供的本申请的实施例的详细描述并非旨在限制要求保护的本申请的范围,而是仅仅表示本申请的选定实施例。基于本申请的实施例,本领域技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, not all of them. The components of the embodiments of the application generally described and illustrated in the figures herein may be arranged and designed in a variety of different configurations. Accordingly, the following detailed description of the embodiments of the application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely represents selected embodiments of the application. Based on the embodiments of the present application, all other embodiments obtained by those skilled in the art without making creative efforts belong to the scope of protection of the present application.

首先对本申请实施例中涉及的部分用语进行说明,以便于本领域技术人员理解。Firstly, some terms involved in the embodiments of the present application will be described to facilitate the understanding of those skilled in the art.

终端设备:可以是移动终端、固定终端或便携式终端,例如移动手机、站点、单元、设备、多媒体计算机、多媒体平板、互联网节点、通信器、台式计算机、膝上型计算机、笔记本计算机、上网本计算机、平板计算机、个人通信系统设备、个人导航设备、个人数字助理、音频/视频播放器、数码相机/摄像机、定位设备、电视接收器、无线电广播接收器、电子书设备、游戏设备或者其任意组合,包括这些设备的配件和外设或者其任意组合。还可预见到的是,终端设备能够支持任意类型的针对用户的接口(例如可穿戴设备)等。Terminal equipment: Can be a mobile terminal, stationary terminal or portable terminal, such as a mobile handset, station, unit, device, multimedia computer, multimedia tablet, Internet node, communicator, desktop computer, laptop computer, notebook computer, netbook computer, Tablet computers, personal communication system devices, personal navigation devices, personal digital assistants, audio/video players, digital cameras/camcorders, pointing devices, television receivers, radio broadcast receivers, e-book devices, gaming devices, or any combination thereof, Includes accessories and peripherals for these devices or any combination thereof. It is also foreseeable that the terminal device can support any type of user-oriented interface (such as a wearable device) or the like.

服务器:可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务以及大数据和人工智能平台等基础云计算服务的云服务器。Server: It can be an independent physical server, or a server cluster or distributed system composed of multiple physical servers, or it can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, Cloud servers for basic cloud computing services such as middleware services, domain name services, security services, and big data and artificial intelligence platforms.

为了在登录认证时,可以减少登录限制以及耗费的时间成本,本申请实施例提供了登录认证的方法、装置、电子设备及计算机可读存储介质。In order to reduce login restrictions and time-consuming costs during login authentication, embodiments of the present application provide a login authentication method, device, electronic device, and computer-readable storage medium.

本申请实施例中,包括模型训练的方法以及登录认证的方法,先通过模型训练的方法进行模型训练,获得训练好的各登录账号对应的登录检测模型,然后,在进行登录认证时,采用登录认证的方法,基于登录请求用户的登录账号对应的登录检测模型进行登录检测以及登录认证。In the embodiment of this application, the method of model training and the method of login authentication are included. Model training is carried out through the method of model training first, and the login detection models corresponding to the trained login accounts are obtained. Then, when performing login authentication, the login detection model is used. The authentication method is to perform login detection and login authentication based on the login detection model corresponding to the login account of the login requesting user.

本申请实施例中,上述登录认证的方法的执行主体可以为用于登录认证的电子设备(如,堡垒机),上述模型训练的方法的执行主体可以与上述登录认证的方法的执行主体为同一设备,也可以为其它电子设备(如,服务器)。电子设备可以为服务器,也可以为终端设备。In the embodiment of the present application, the execution subject of the above-mentioned login authentication method may be an electronic device (such as a bastion host) used for login authentication, and the execution subject of the above-mentioned model training method may be the same as the execution subject of the above-mentioned login authentication method The device may also be other electronic devices (eg, server). An electronic device may be a server or a terminal device.

下面结合图1对上述模型训练的方法进行说明,参阅图1所示,为本申请实施例提供的一种模型训练的方法的流程图,该方法的具体实施流程如下:The above-mentioned model training method is described below in conjunction with FIG. 1. Referring to FIG. 1, it is a flow chart of a model training method provided in the embodiment of the present application. The specific implementation process of the method is as follows:

步骤100:获取多个登录账号分别对应的训练数据集合。Step 100: Obtain training data sets respectively corresponding to multiple login accounts.

步骤101:基于各登录账号分别对应的训练数据集合,对登录检测初始模型,分别进行训练,获得各登录账号分别对应的训练好的登录检测模型;登录检测初始模型是基于对抗模型训练获得的。Step 101: Based on the training data sets corresponding to each login account, train the initial login detection model respectively to obtain the trained login detection model corresponding to each login account; the initial login detection model is obtained based on the adversarial model training.

为实现训练数据的采集,步骤100的实现过程可以包括:In order to realize the collection of training data, the realization process of step 100 may include:

S1001:获取多个登录成功信息,以及多个登录失败信息。S1001: Obtain multiple login success information and multiple login failure information.

一种实施方式中,用于登录认证的电子设备,可以称为登录认证设备,则多个用户在通过多个登录账号分别在登录认证设备进行登录以及使用一段时间后,从登录认证设备的日志信息中,提取出多个登录成功信息,以及多个登录失败信息。In one embodiment, the electronic device used for login authentication can be called a login authentication device. After multiple users log in to the login authentication device through multiple login accounts and use it for a period of time, they can log in from the log of the login authentication device. From the information, multiple login success messages and multiple login failure messages are extracted.

S1002:对各登录成功信息以及各登录失败信息分别进行解析,获得多个登录信息及其对应的登录结果;登录结果包括登录成功和登录失败。S1002: Analyze each piece of login success information and each piece of login failure information respectively to obtain a plurality of login information and corresponding login results; the login results include login success and login failure.

一种实施方式中,将各登录成功信息分别进行文本解析,并将解析信息进行数字特征向量编码,获得登录信息及其对应的登录结果(即登录成功)。将各登录失败信息分别进行文本解析,并将解析信息进行数字特征向量编码,获得登录信息及其对应的登录结果(即登录失败)。In one embodiment, text analysis is performed on each successful login information, and digital feature vector encoding is performed on the analyzed information to obtain the login information and its corresponding login result (ie, successful login). Each login failure information is analyzed in text, and the analyzed information is encoded with a digital feature vector to obtain the login information and its corresponding login result (ie, login failure).

其中,登录成功信息的解析信息可以至少包括登录账号、登录互联网协议(Internet Protocol,IP)以及登录频率。可选的,登录成功信息的解析信息还可以包括但不限于以下至少一个:登录时间、登录退出时间以及在线时长。Wherein, the analysis information of the successful login information may at least include the login account, the login Internet Protocol (Internet Protocol, IP) and the login frequency. Optionally, the parsing information of the successful login information may also include but not limited to at least one of the following: login time, login and logout time, and online duration.

其中,登录失败信息的解析信息可以至少包括登录账号、登录IP以及登录频率。可选的,基登录失败信息的解析信息还可以包括但不限于以下至少一个:登录时间以及登录错误信息。Wherein, the analysis information of the login failure information may at least include a login account, a login IP, and a login frequency. Optionally, the parsing information of the basic login failure information may also include but not limited to at least one of the following: login time and login error information.

S1003:根据登录结果以及登录账号,将登录成功的各登录信息进行划分,获得各登录账号分别对应的正样本集合;正样本集合中包括多个登录信息及其对应的登录结果。S1003: According to the login result and the login account, divide the login information that has successfully logged in, and obtain the positive sample set corresponding to each login account; the positive sample set includes multiple login information and corresponding login results.

这样,就可以将登录成功的各登录信息作为正样本,获得用于模型训练的正样本集合。In this way, each login information that has been successfully logged in can be used as a positive sample to obtain a set of positive samples for model training.

S1004:根据登录结果以及登录账号,将登录失败的各登录信息进行划分,获得各登录账号分别对应的负样本集合;负样本集合中包括多个登录信息及其对应的登录结果。S1004: According to the login result and the login account, divide each login information that fails to log in, and obtain a negative sample set corresponding to each login account; the negative sample set includes a plurality of login information and corresponding login results.

这样,就可以将登录失败的各登录信息作为负样本,获得用于模型训练的负样本集合。In this way, each failed login information can be used as a negative sample to obtain a set of negative samples for model training.

进一步的,由于登录失败事件通常属于偶发事件,因此,登录失败事件的数量通常远小于登录成功事件的数量,因此,还可以采用以下方式增多负样本数量:Furthermore, since login failure events are usually sporadic events, the number of login failure events is usually much smaller than the number of login success events. Therefore, the number of negative samples can also be increased in the following ways:

对各负样本集合中的负样本,进行过采样和/或添加噪声,获得更新后的各负样本集合。Perform oversampling and/or add noise to negative samples in each negative sample set to obtain updated negative sample sets.

其中,过采样是指对负样本进行重复采样,以提高负样本的数量。添加噪声是指对负样本中的部分信息进行随机更改,以获得新的负样本,进而提高负样本的数量。Among them, oversampling refers to repeated sampling of negative samples to increase the number of negative samples. Adding noise refers to randomly changing part of the information in the negative samples to obtain new negative samples, thereby increasing the number of negative samples.

可选的,可以采用手动或者自动的方式实现过采样和/或添加噪声,在此不作限制。Optionally, oversampling and/or adding noise may be implemented manually or automatically, which is not limited here.

这样,就可以维持负样本和正样本的数量均衡,使得两者的数量较为接近,进而可以使得后续训练获得的模型的性能更好,检测更加准确。In this way, the balance of the number of negative samples and positive samples can be maintained, so that the numbers of the two are relatively close, which in turn can make the performance of the model obtained by subsequent training better and the detection more accurate.

S1005:根据各登录账号分别对应的正样本集合,以及各登录账号分别对应的负样本集合,获得各登录账号分别对应的训练数据集合。S1005: Obtain a training data set corresponding to each login account according to the positive sample set corresponding to each login account and the negative sample set corresponding to each login account.

这样,就可以获得用于模型训练的训练数据集合。In this way, a training data set for model training can be obtained.

作为一个示例,通过多个登录账号登录访问堡垒机一段时间后,获取堡垒机中的登录日志,并从登录日志中抽取各登录账号分别对应的登录成功信息和登录失败信息。以及,将各登录成功信息进行文本解析,获得各登录信息,生成正样本集合,并将各登录失败信息进行文本解析,获得各登录信息,生成负样本集合。进一步的,对负样本集合中的各负样本进行过采样以及噪声添加,获得新的负样本集合。As an example, after logging in and accessing the bastion host through multiple login accounts for a period of time, the login log in the bastion host is obtained, and the login success information and login failure information respectively corresponding to each login account are extracted from the login log. And, perform text analysis on each login success information to obtain each login information, generate a positive sample set, perform text analysis on each login failure information, obtain each login information, and generate a negative sample set. Further, each negative sample in the negative sample set is oversampled and noise is added to obtain a new negative sample set.

为获得训练好的的登录检测模型,步骤101的实现过程可以包括:In order to obtain a trained login detection model, the implementation process of step 101 may include:

基于对抗模型,构建登录检测初始模型,并针对各登录账号中的目标登录账号,基于目标登录账号的训练数据集合对登录检测初始模型进行训练,获得目标登录账号对应的训练好的登录检测模型。Based on the confrontation model, an initial login detection model is constructed, and for the target login account in each login account, the initial login detection model is trained based on the training data set of the target login account, and a trained login detection model corresponding to the target login account is obtained.

一种实施方式中,基于目标登录账号的训练数据集合对登录检测初始模型进行训练,并根据模型输出结果,确定检测准确率以及召回率,以及根据检测准确率以及召回率,对模型参数进行调整,直至获得符合训练条件的登录检测模型,从而可以通过反复训练获得更全面性能更好的登录检测模型。In one embodiment, the initial login detection model is trained based on the training data set of the target login account, and the detection accuracy and recall rate are determined according to the model output results, and the model parameters are adjusted according to the detection accuracy rate and recall rate , until a login detection model that meets the training conditions is obtained, so that a more comprehensive and better performance login detection model can be obtained through repeated training.

这样,就可以获得不同登录账号分别对应的登录检测模型,并可以在后续步骤中,采用训练好的登录检测模型进行登录认证。In this way, login detection models corresponding to different login accounts can be obtained, and in subsequent steps, the trained login detection models can be used for login authentication.

下面结合图2对登录认证的方法进行说明,参阅图2所示,为本申请实施例提供的一种登录认证的方法的流程图,该方法的具体实施流程如下:The method for login authentication is described below in conjunction with FIG. 2. Referring to FIG. 2, it is a flow chart of a method for login authentication provided by the embodiment of the present application. The specific implementation process of the method is as follows:

步骤200:获取登录请求用户的登录信息。Step 200: Obtain the login information of the login requesting user.

一种实施方式中,确定接收到登录请求用户的登录请求消息时,获取该登录请求消息中的登录账号以及登录验证信息(如,密码以及验证码等),根据该登录验证信息,确定验证通过时,获取登录请求用户的登录信息。In one embodiment, when it is determined that a login request message from a login requesting user is received, the login account number and login verification information (such as password and verification code, etc.) in the login request message are obtained, and according to the login verification information, it is determined that the verification is passed , get the login information of the user who requested the login.

其中,该登录信息可以包括该次登录请求的登录账号、登录IP以及登录频率。可选的,还可以包括该次登录时间。Wherein, the login information may include the login account, login IP and login frequency of the login request. Optionally, the login time may also be included.

这样,就可以采用账号密码认证的方式先进行初步的登录认证,以获得登录账号。In this way, a preliminary login authentication can be performed first by means of account password authentication to obtain a login account.

步骤201:确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的。Step 201: Determine the login detection model set corresponding to the login account in the login information; the login detection model is obtained based on adversarial model training.

一种实施方式中,从多个训练好的登录检测模型中,选取登录信息中的登录账号对应设置的登录检测模型。In one embodiment, the login detection model set corresponding to the login account in the login information is selected from a plurality of trained login detection models.

步骤202:采用登录检测模型,基于登录信息进行登录异常检测,获得异常值。Step 202: Use the login detection model to detect login anomalies based on the login information, and obtain abnormal values.

一种实施方式中,将登录信息输入选取出的登录检测模型,获得输出的异常值。In one embodiment, the login information is input into the selected login detection model to obtain the output abnormal value.

需要说明的是,异常值越高,则说明该登录账号的安全隐患越大,越需要更加严格的登录认证,反之,安全性越高,不需要太多繁杂的登录认证操作。It should be noted that the higher the outlier value, the greater the security risk of the login account, and the more stringent login authentication is required. On the contrary, the higher the security, the less complicated login authentication operations are required.

步骤203:采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。Step 203: Use the login authentication process set corresponding to the abnormal value to perform login authentication on the login requesting user; the login authentication process corresponding to different abnormal values has different login restrictions and time consumption.

一种实施方式中,获取异常值所属的异常值区间,并获取基于预先建立的异常值区间与登录认证流程之间的关联关系,以及,基于该关联关系,获取该异常值区间对应的登录认证流程,并基于该登录认证流程,对登录请求用户进行登录认证。In one embodiment, the abnormal value interval to which the abnormal value belongs is obtained, and the association relationship between the abnormal value interval and the login authentication process based on the pre-established relationship is obtained, and the login authentication corresponding to the abnormal value interval is obtained based on the association relationship. process, and based on the login authentication process, perform login authentication on the login requesting user.

其中,基于该登录认证流程,对登录请求用户进行登录认证,可以采用以下任一方式:Among them, based on the login authentication process, the login authentication of the login requesting user can be performed in any of the following ways:

方式一:登录认证设备基于该登录认证流程,对登录请求用户进行登录认证。Method 1: The login authentication device performs login authentication on the login requesting user based on the login authentication process.

方式二:登录认证设备将该登录认证流程发送给登录请求用户的登录访问客户端。登录访问客户端基于接收的登录认证流程,对登录请求用户进行登录认证。Method 2: The login authentication device sends the login authentication process to the login access client of the login requesting user. The login access client performs login authentication on the login requesting user based on the received login authentication process.

进一步的,建立上述关联关系时,可以采用以下步骤:Further, when establishing the above association relationship, the following steps may be adopted:

S2031:将所有的异常值进行划分,获得多个异常值区间。S2031: Divide all outliers to obtain multiple outlier intervals.

例如,异常值的取值范围可以为0-10,或者0-100。For example, the value range of the outlier can be 0-10, or 0-100.

S2032:基于多种认证方式,配置多个登录认证流程;登录认证流程中包含至少一种认证方式。S2032: Configure multiple login authentication processes based on multiple authentication modes; the login authentication process includes at least one authentication mode.

其中,认证方式可以包括但不限于以下至少一种:Among them, the authentication method may include but not limited to at least one of the following:

账号密码认证,Radius认证、AD域认证、动态口令(One Time Password,OTP)认证、短信认证、证书认证、UKey认证以及人脸识别。Account password authentication, Radius authentication, AD domain authentication, dynamic password (One Time Password, OTP) authentication, SMS authentication, certificate authentication, UKey authentication and face recognition.

一种实施方式中,根据各认证方式的登录限制程度以及耗时,对各认证方式分别进行评分,获得各认证方式的认证分值。登录限制程度以及耗时越多,则认证分值越高,反之,认证分值越低。进一步的,根据各认证方式的认证分值,生成包含至少一个认证方式的登录认证流程。以及,可以根据各登录认证流程包含的认证方式的认证分值的和,获得各登录认证流程分别对应的流程分值。In one embodiment, each authentication method is scored according to the degree of login restriction and time-consuming of each authentication method, and the authentication score of each authentication method is obtained. The more restrictive and time-consuming the login, the higher the authentication score, and vice versa, the lower the authentication score. Further, a login authentication process including at least one authentication method is generated according to the authentication scores of each authentication method. And, the process score corresponding to each login authentication process can be obtained according to the sum of the authentication scores of the authentication modes included in each login authentication process.

其中,各登录认证流程的流程分值可以相同,也可以不同。即同一流程分值可以对应一个或多个登录认证流程。Wherein, the flow scores of each login authentication flow may be the same or different. That is, the same process score can correspond to one or more login authentication processes.

S2033:建立异常值区间与登录认证流程之间的关联关系。S2033: Establish an association relationship between the abnormal value interval and the login authentication process.

一种实施方式中,可以针对各异常值区间分别配置对应的流程分值,并根据各异常值区间对应的流程分值,以及各流程分值对应的登录认证流程,建立异常值区间、流程分值以及登录认证流程三者之间的关联关系。In one embodiment, corresponding process scores can be configured for each abnormal value interval, and the abnormal value interval and process score can be established according to the process score corresponding to each abnormal value interval and the login authentication process corresponding to each process score. The relationship between the value and the login authentication process.

需要说明的是,由于异常值区间可以对应一个或多个流程分值,且同一流程分值可以对应一个或多个登录认证流程,因此,同一异常值区间可以对应一个或多个登录认证流程。It should be noted that since an abnormal value interval can correspond to one or more process scores, and the same process score can correspond to one or more login authentication processes, therefore, the same abnormal value interval can correspond to one or more login authentication processes.

需要说明的,不同异常值对应的登录认证流程的登录限制以及耗时不同。异常值越大,对应的流程分值越大,进而对应的登录认证流程的登录限制以及耗时越多,反之,对应的流程分值越小,进而对应的登录认证流程的登录限制以及耗时越少。It should be noted that the login restrictions and time-consuming of the login authentication process corresponding to different outliers are different. The larger the outlier value, the greater the corresponding process score, and the more login restrictions and time-consuming of the corresponding login authentication process. On the contrary, the smaller the corresponding process score, and the corresponding login restrictions and time-consuming of the login authentication process. less.

进一步的,若确定登录成功,则可以获取登录成功信息,并基于该登录成功信息,对登录检测模型进行再次训练,获得更新后的登录检测模型。若确定登录失败,则获取登录失败信息,并基于该登录失败信息,对登录检测模型进行再次训练,获得更新后的登录检测模型,以及,生成登录失败告警日志,以便管理人员(如,审计人员)可以追溯。Further, if it is determined that the login is successful, the login success information may be obtained, and based on the login success information, the login detection model may be retrained to obtain an updated login detection model. If it is determined that the login fails, the login failure information is obtained, and based on the login failure information, the login detection model is retrained to obtain an updated login detection model, and a login failure alarm log is generated for management personnel (such as auditors) ) can be traced back.

本申请实施例中,可以分别针对不通过的登录账号训练不同的登录检测模型,并可以通过当前的登录账号的登录检测模型检测该次登录的异常值,以及可以选取该异常值匹配的等可以认证流程进行登录认证,从而可以提高登录异常检测的准确度,并可以根据登录异常的风险程度,动态调整用于登录认证的登录认证流程,不需要采用统一的登录限制以及耗时均较多的登录认证流程进行所有的登录认证,提高了登录认证的灵活性,减少了登录认证的繁琐限制以及耗费的时间成本,提高了登录认证效率。In the embodiment of this application, different login detection models can be trained for failed login accounts, and the abnormal value of this login can be detected through the login detection model of the current login account, and the abnormal value can be selected to match. The authentication process performs login authentication, which can improve the accuracy of login anomaly detection, and dynamically adjust the login authentication process for login authentication according to the risk level of login anomalies, without adopting unified login restrictions and time-consuming The login authentication process performs all login authentication, which improves the flexibility of login authentication, reduces the cumbersome restrictions and time-consuming cost of login authentication, and improves the efficiency of login authentication.

基于同一发明构思,本申请实施例中还提供了一种登录认证的装置,由于上述装置及设备解决问题的原理与一种登录认证的方法相似,因此,上述装置的实施可以参见方法的实施,重复之处不再赘述。Based on the same inventive concept, the embodiment of the present application also provides a device for login authentication. Since the problem-solving principle of the above-mentioned device and equipment is similar to a method for login authentication, the implementation of the above-mentioned device can refer to the implementation of the method. Repeated points will not be repeated.

如图3所示,其为本申请实施例提供的一种登录认证的装置的结构示意图,包括:As shown in Figure 3, it is a schematic structural diagram of a login authentication device provided in the embodiment of the present application, including:

获取单元301,用于获取登录请求用户的登录信息;An acquisition unit 301, configured to acquire login information of a login requesting user;

确定单元302,用于确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的;A determining unit 302, configured to determine a login detection model set corresponding to the login account in the login information; the login detection model is obtained based on confrontation model training;

检测单元303,用于采用登录检测模型,基于登录信息进行登录异常检测,获得异常值;The detection unit 303 is configured to use a login detection model to perform login anomaly detection based on login information to obtain an abnormal value;

认证单元304,用于采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。The authentication unit 304 is configured to use the login authentication process set corresponding to the abnormal value to perform login authentication on the login requesting user; the login authentication process corresponding to different abnormal values has different login restrictions and time consumption.

一种实施方式中,认证单元304还用于:In one embodiment, the authentication unit 304 is also used to:

将所有的异常值进行划分,获得多个异常值区间;Divide all outliers to obtain multiple outlier intervals;

基于多种认证方式,配置多个登录认证流程;登录认证流程中包含至少一种认证方式;Based on multiple authentication methods, configure multiple login authentication processes; the login authentication process includes at least one authentication method;

建立异常值区间与登录认证流程之间的关联关系。Establish an association between the outlier interval and the login authentication process.

一种实施方式中,确定单元302还用于:In one implementation manner, the determining unit 302 is also used to:

采用以下步骤训练获得登录检测模型:Use the following steps to train the login detection model:

获取多个登录账号分别对应的训练数据集合;Obtain training data sets corresponding to multiple login accounts;

基于各登录账号分别对应的训练数据集合,对登录检测初始模型,分别进行训练,获得各登录账号分别对应的训练好的登录检测模型;登录检测初始模型是基于对抗模型训练获得的。Based on the training data sets corresponding to each login account, the initial login detection model is trained separately to obtain the trained login detection model corresponding to each login account; the initial login detection model is obtained based on the confrontation model training.

一种实施方式中,确定单元302还用于:In one implementation manner, the determining unit 302 is also used to:

获取多个登录成功信息,以及多个登录失败信息;Obtain multiple login success information and multiple login failure information;

对各登录成功信息以及各登录失败信息分别进行解析,获得多个登录信息及其对应的登录结果;登录结果包括登录成功和登录失败;Analyze each login success information and each login failure information separately, and obtain multiple login information and corresponding login results; the login results include login success and login failure;

根据登录结果以及登录账号,将登录成功的各登录信息进行划分,获得各登录账号分别对应的正样本集合;正样本集合中包括多个登录信息及其对应的登录结果;According to the login result and the login account, the login information of successful login is divided, and the positive sample set corresponding to each login account is obtained; the positive sample set includes multiple login information and corresponding login results;

根据登录结果以及登录账号,将登录失败的各登录信息进行划分,获得各登录账号分别对应的负样本集合;负样本集合中包括多个登录信息及其对应的登录结果;According to the login result and the login account, the login information of the login failure is divided, and the negative sample set corresponding to each login account is obtained; the negative sample set includes multiple login information and corresponding login results;

根据各登录账号分别对应的正样本集合,以及各登录账号分别对应的负样本集合,获得各登录账号分别对应的训练数据集合。According to the positive sample sets corresponding to the respective login accounts and the negative sample sets corresponding to the respective login accounts, the training data sets corresponding to the respective login accounts are obtained.

一种实施方式中,确定单元302还用于:In one implementation manner, the determining unit 302 is also used to:

对各负样本集合中的负样本,进行过采样和/或添加噪声,获得更新后的各负样本集合。Perform oversampling and/or add noise to negative samples in each negative sample set to obtain updated negative sample sets.

本申请实施例提供的登录认证的方法、装置、电子设备及计算机可读存储介质中,获取登录请求用户的登录信息;确定登录信息中的登录账号对应设置的登录检测模型;登录检测模型是基于对抗模型训练获得的;采用登录检测模型,基于登录信息进行登录异常检测,获得异常值;采用异常值对应设置的登录认证流程,对登录请求用户进行登录认证;不同异常值对应的登录认证流程的登录限制以及耗时不同。这样,就可以减少登录限制以及耗费的时间成本。In the login authentication method, device, electronic device, and computer-readable storage medium provided in the embodiments of the present application, the login information of the login requesting user is obtained; the login detection model corresponding to the login account in the login information is determined; the login detection model is based on Obtained by adversarial model training; use the login detection model to detect login anomalies based on login information, and obtain abnormal values; use the login authentication process set corresponding to the abnormal value to perform login authentication on the login requesting user; the login authentication process corresponding to different abnormal values Login restrictions and time-consuming vary. In this way, login restrictions and time-consuming costs can be reduced.

图4示出了一种电子设备4000的结构示意图。参阅图4所示,电子设备4000包括:处理器4010以及存储器4020,可选的,还可以包括电源4030、显示单元4040、输入单元4050。FIG. 4 shows a schematic structural diagram of an electronic device 4000 . Referring to FIG. 4 , the electronic device 4000 includes: a processor 4010 and a memory 4020 , and optionally, a power supply 4030 , a display unit 4040 , and an input unit 4050 .

处理器4010是电子设备4000的控制中心,利用各种接口和线路连接各个部件,通过运行或执行存储在存储器4020内的软件程序和/或数据,执行电子设备4000的各种功能,从而对电子设备4000进行整体监控。The processor 4010 is the control center of the electronic device 4000. It uses various interfaces and lines to connect various components, and executes various functions of the electronic device 4000 by running or executing software programs and/or data stored in the memory 4020. The device 4000 performs overall monitoring.

本申请实施例中,处理器4010调用存储器4020中存储的计算机程序时执行上述实施例中的各个步骤。In the embodiment of the present application, when the processor 4010 invokes the computer program stored in the memory 4020, various steps in the foregoing embodiments are executed.

可选的,处理器4010可包括一个或多个处理单元;优选的,处理器4010可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器4010中。在一些实施例中,处理器、存储器、可以在单一芯片上实现,在一些实施例中,它们也可以在独立的芯片上分别实现。Optionally, the processor 4010 may include one or more processing units; preferably, the processor 4010 may integrate an application processor and a modem processor, wherein the application processor mainly processes operating systems, user interfaces, applications, etc., The modem processor primarily handles wireless communications. It can be understood that the foregoing modem processor may not be integrated into the processor 4010 . In some embodiments, the processor and memory can be implemented on a single chip, and in some embodiments, they can also be implemented on independent chips.

存储器4020可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、各种应用等;存储数据区可存储根据电子设备4000的使用所创建的数据等。此外,存储器4020可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件等。The memory 4020 can mainly include a program storage area and a data storage area, wherein the program storage area can store operating systems, various applications, etc.; the data storage area can store data created according to the use of the electronic device 4000 , etc. In addition, the memory 4020 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage devices.

电子设备4000还包括给各个部件供电的电源4030(比如电池),电源可以通过电源管理系统与处理器4010逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗等功能。The electronic device 4000 also includes a power supply 4030 (such as a battery) for supplying power to various components. The power supply can be logically connected to the processor 4010 through the power management system, so that functions such as charging, discharging, and power consumption can be managed through the power management system.

显示单元4040可用于显示由用户输入的信息或提供给用户的信息以及电子设备4000的各种菜单等,本发明实施例中主要用于显示电子设备4000中各应用的显示界面以及显示界面中显示的文本、图片等对象。显示单元4040可以包括显示面板4041。显示面板4041可以采用液晶显示屏(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置。The display unit 4040 can be used to display information input by the user or provided to the user and various menus of the electronic device 4000, etc., and in the embodiment of the present invention, it is mainly used to display the display interface of each application in the electronic device 4000 and the display interface. Objects such as text and pictures. The display unit 4040 may include a display panel 4041 . The display panel 4041 may be configured in the form of a liquid crystal display (Liquid Crystal Display, LCD), an organic light-emitting diode (Organic Light-Emitting Diode, OLED), and the like.

输入单元4050可用于接收用户输入的数字或字符等信息。输入单元4050可包括触控面板4051以及其他输入设备4052。其中,触控面板4051,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触摸笔等任何适合的物体或附件在触控面板4051上或在触控面板4051附近的操作)。The input unit 4050 can be used to receive information such as numbers or characters input by the user. The input unit 4050 may include a touch panel 4051 and other input devices 4052 . Wherein, the touch panel 4051, also referred to as a touch screen, can collect touch operations of the user on or near it (for example, the user uses any suitable object or accessory such as a finger, a touch pen, etc. on the touch panel 4051 or on the touch panel 4051 nearby operations).

具体的,触控面板4051可以检测用户的触摸操作,并检测触摸操作带来的信号,将这些信号转换成触点坐标,发送给处理器4010,并接收处理器4010发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板4051。其他输入设备4052可以包括但不限于物理键盘、功能键(比如音量控制按键、开关机按键等)、轨迹球、鼠标、操作杆等中的一种或多种。Specifically, the touch panel 4051 can detect the user's touch operation, detect the signals brought by the touch operation, convert these signals into contact coordinates, send them to the processor 4010, and receive and execute the commands sent by the processor 4010 . In addition, the touch panel 4051 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. Other input devices 4052 may include, but are not limited to, one or more of physical keyboards, function keys (such as volume control buttons, power-on/off buttons, etc.), trackballs, mice, joysticks, and the like.

当然,触控面板4051可覆盖显示面板4041,当触控面板4051检测到在其上或附近的触摸操作后,传送给处理器4010以确定触摸事件的类型,随后处理器4010根据触摸事件的类型在显示面板4041上提供相应的视觉输出。虽然在图4中,触控面板4051与显示面板4041是作为两个独立的部件来实现电子设备4000的输入和输出功能,但是在某些实施例中,可以将触控面板4051与显示面板4041集成而实现电子设备4000的输入和输出功能。Of course, the touch panel 4051 can cover the display panel 4041. When the touch panel 4051 detects a touch operation on or near it, it sends it to the processor 4010 to determine the type of the touch event. A corresponding visual output is provided on the display panel 4041 . Although in FIG. 4, the touch panel 4051 and the display panel 4041 are used as two independent components to realize the input and output functions of the electronic device 4000, in some embodiments, the touch panel 4051 and the display panel 4041 can be The input and output functions of the electronic device 4000 are realized by integration.

电子设备4000还可包括一个或多个传感器,例如压力传感器、重力加速度传感器、接近光传感器等。当然,根据具体应用中的需要,上述电子设备4000还可以包括摄像头等其它部件,由于这些部件不是本申请实施例中重点使用的部件,因此,在图4中没有示出,且不再详述。The electronic device 4000 may also include one or more sensors, such as a pressure sensor, an acceleration of gravity sensor, a proximity light sensor, and the like. Of course, according to the needs of specific applications, the above-mentioned electronic device 4000 may also include other components such as a camera. Since these components are not the key components used in the embodiment of this application, they are not shown in FIG. 4 and will not be described in detail .

本领域技术人员可以理解,图4仅仅是电子设备的举例,并不构成对电子设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件。Those skilled in the art can understand that FIG. 4 is only an example of the electronic device, and does not constitute a limitation to the electronic device. It may include more or less components than those shown in the figure, or combine certain components, or different components.

本申请实施例中,一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时,使得通信设备可以执行上述实施例中的各个步骤。In the embodiment of the present application, a computer-readable storage medium stores a computer program on it, and when the computer program is executed by a processor, the communication device can execute the steps in the foregoing embodiments.

为了描述的方便,以上各部分按照功能划分为各模块(或单元)分别描述。当然,在实施本申请时可以把各模块(或单元)的功能在同一个或多个软件或硬件中实现。For the convenience of description, the above parts are divided into modules (or units) according to their functions and described separately. Of course, the functions of each module (or unit) can be implemented in one or more pieces of software or hardware when implementing the present application.

本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

尽管已描述了本申请的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。While preferred embodiments of the present application have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, the appended claims are intended to be construed to cover the preferred embodiment and all changes and modifications which fall within the scope of the application.

显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (12)

1. A method of login authentication, comprising:
acquiring login information of a login request user;
determining a login detection model correspondingly set by a login account in the login information; the login detection model is obtained based on countermeasure model training;
adopting the login detection model, and carrying out login abnormality detection based on the login information to obtain an abnormal value;
adopting a login authentication flow set corresponding to the abnormal value to perform login authentication on the login request user; the login restriction and time consumption of the login authentication flow corresponding to different outliers are different.
2. The method of claim 1, wherein prior to performing login authentication for the login-requesting user using the login authentication procedure set in correspondence with the outlier, the method further comprises:
dividing all abnormal values to obtain a plurality of abnormal value intervals;
configuring a plurality of login authentication flows based on a plurality of authentication modes; the login authentication flow comprises at least one authentication mode;
and establishing an association relation between the abnormal value interval and the login authentication flow.
3. The method of claim 1, wherein the login detection model is trained using the steps of:
acquiring training data sets respectively corresponding to a plurality of login accounts;
training the login detection initial model based on training data sets corresponding to the login account numbers respectively, and obtaining trained login detection models corresponding to the login account numbers respectively; the login detection initial model is obtained based on challenge model training.
4. The method of claim 3, wherein the obtaining training data sets respectively corresponding to the plurality of login accounts comprises:
acquiring a plurality of login success information and a plurality of login failure information;
analyzing each login success information and each login failure information respectively to obtain a plurality of login information and a corresponding login result; the login result comprises login success and login failure;
dividing each login information which is successfully logged in according to login results and login accounts to obtain positive sample sets respectively corresponding to each login account; the positive sample set comprises a plurality of login information and corresponding login results;
dividing each piece of login information failing to login according to login results and login accounts to obtain negative sample sets corresponding to each login account respectively; the negative sample set comprises a plurality of login information and corresponding login results;
and obtaining training data sets corresponding to the login accounts respectively according to the positive sample sets corresponding to the login accounts respectively and the negative sample sets corresponding to the login accounts respectively.
5. The method of claim 4, wherein the method further comprises:
and (3) carrying out oversampling and/or noise adding on the negative samples in each negative sample set to obtain each updated negative sample set.
6. A device for login authentication, comprising:
the acquisition unit is used for acquiring login information of a login request user;
the determining unit is used for determining a login detection model correspondingly set by a login account in the login information; the login detection model is obtained based on countermeasure model training;
the detection unit is used for detecting login abnormality based on the login information by adopting the login detection model to obtain an abnormal value;
an authentication unit, configured to perform login authentication on the login request user by using a login authentication procedure set corresponding to the abnormal value; the login restriction and time consumption of the login authentication flow corresponding to different outliers are different.
7. The apparatus of claim 6, wherein the authentication unit is further to:
dividing all abnormal values to obtain a plurality of abnormal value intervals;
configuring a plurality of login authentication flows based on a plurality of authentication modes; the login authentication flow comprises at least one authentication mode;
and establishing an association relation between the abnormal value interval and the login authentication flow.
8. The apparatus of claim 6, wherein the determining unit is further to:
the login detection model is obtained through training by the following steps:
acquiring training data sets respectively corresponding to a plurality of login accounts;
training the login detection initial model based on training data sets corresponding to the login account numbers respectively, and obtaining trained login detection models corresponding to the login account numbers respectively; the login detection initial model is obtained based on challenge model training.
9. The apparatus of claim 8, wherein the determining unit is further to:
acquiring a plurality of login success information and a plurality of login failure information;
analyzing each login success information and each login failure information respectively to obtain a plurality of login information and a corresponding login result; the login result comprises login success and login failure;
dividing each login information which is successfully logged in according to login results and login accounts to obtain positive sample sets respectively corresponding to each login account; the positive sample set comprises a plurality of login information and corresponding login results;
dividing each piece of login information failing to login according to login results and login accounts to obtain negative sample sets corresponding to each login account respectively; the negative sample set comprises a plurality of login information and corresponding login results;
and obtaining training data sets corresponding to the login accounts respectively according to the positive sample sets corresponding to the login accounts respectively and the negative sample sets corresponding to the login accounts respectively.
10. The apparatus of claim 9, wherein the determining unit is further to:
and (3) carrying out oversampling and/or noise adding on the negative samples in each negative sample set to obtain each updated negative sample set.
11. An electronic device comprising a processor and a memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-5.
12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, performs the method according to any of claims 1-5.
CN202310103553.9A 2023-01-30 2023-01-30 Login authentication method, login authentication device, electronic equipment and computer readable storage medium Pending CN116112258A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310103553.9A CN116112258A (en) 2023-01-30 2023-01-30 Login authentication method, login authentication device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310103553.9A CN116112258A (en) 2023-01-30 2023-01-30 Login authentication method, login authentication device, electronic equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN116112258A true CN116112258A (en) 2023-05-12

Family

ID=86261341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310103553.9A Pending CN116112258A (en) 2023-01-30 2023-01-30 Login authentication method, login authentication device, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN116112258A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113468510A (en) * 2021-07-15 2021-10-01 中国银行股份有限公司 Abnormal login behavior data detection method and device
CN114065187A (en) * 2022-01-18 2022-02-18 中诚华隆计算机技术有限公司 Abnormal login detection method and device, computing equipment and storage medium
CN115529142A (en) * 2022-10-09 2022-12-27 阳光电源股份有限公司 Login management method, device, equipment and medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113468510A (en) * 2021-07-15 2021-10-01 中国银行股份有限公司 Abnormal login behavior data detection method and device
CN114065187A (en) * 2022-01-18 2022-02-18 中诚华隆计算机技术有限公司 Abnormal login detection method and device, computing equipment and storage medium
CN115529142A (en) * 2022-10-09 2022-12-27 阳光电源股份有限公司 Login management method, device, equipment and medium

Similar Documents

Publication Publication Date Title
US12137091B2 (en) Single sign-on enabled with OAuth token
US10530790B2 (en) Privileged session analytics
US20200128002A1 (en) Securing user sessions
US20220051264A1 (en) Detecting fraudulent user accounts using graphs
US11750590B2 (en) Single sign-on (SSO) user techniques using client side encryption and decryption
CN106650490B (en) The login method and device of cloud account
CN106357807B (en) A kind of data processing method, device and system
CN108475304A (en) A kind of method, apparatus and mobile terminal of affiliate application and biological characteristic
CN114389802B (en) Information decryption method and device, electronic equipment and readable storage medium
US20180218134A1 (en) Determining computer ownership
US11303672B2 (en) Detecting replay attacks using action windows
CN106656985A (en) Backup account login method, device and system
EP4512038A1 (en) Framework for configurable per-service security settings in a forward proxy
CN113726612B (en) Method and device for acquiring test data, electronic equipment and storage medium
CN114050931A (en) Data transmission method and device, electronic equipment and readable storage medium
WO2024233116A1 (en) Malicious service provider activity detection
WO2025016301A1 (en) Security authentication
US20240330445A1 (en) Malicious activity detection for cloud computing platforms
CN116112258A (en) Login authentication method, login authentication device, electronic equipment and computer readable storage medium
CN115913782A (en) Message filtering configuration method and device, electronic equipment and medium
CN115098845A (en) Password-free login method, device, electronic device and storage medium
CN115664686A (en) A login method, device, computer equipment and storage medium
US20250245308A1 (en) Stylus-based authentication and user experience customization
US11328041B2 (en) Computing system virtualization continuous authentication system
CN115712889A (en) System, method, apparatus, electronic device, and medium for device authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination