用户登陆风险评估
参考 https://zhuanli.tianyancha.com/796c88e9c3d67d3a9c59716558818e22
检查出⾮⽤户登录,或者账号被盗窃等潜在⻛险挖掘。通过对⽤户登录⾏为进⾏分析,提⾼了预测的准确性;可以应⽤于互联⽹⾦融⻛控技术中,也可应⽤于普通⽹站的⽤户恶意登录识别技术中。
- 异地登录认定有⻛险(不在⽤户经常登陆地)
- 登录的位移速度超过正常值,认定有⻛险
- 更换设备,认定有⻛险
- 登录时段-习惯,出现了异常,存在⻛险
- 每天的累计登录次数超过上限,认定有⻛险
- 密码输⼊错误或者输⼊差异性较⼤,认定⻛险
- 如果⽤户的输⼊特征(输⼊每个控件所需时⻓ ms)发⽣变化
算法实现
概述
⼀种基于⽤户登录⾏为分析的⻛控⽅法,其特征在于:所述的⽅法包括 ⽤户按键⻛险识别
、 ⽤户登录地⻛险识别
、 密码重试⻛险识别
、设备来源⻛险识别
、 ⽤户登录习惯⻛险识别
、累计登录多次⻛险识别
、 ⽤户登录的瞬时位移速度⻛险识别
七种模型;本系统仅仅负责根据⽤户的登录数据产⽣⻛险评估报告。报告的格式为:
用户信息 | 用户唯一标识 | 登陆地区 | 经纬度 | 登录序列号 | 评估时间 | 输入特征 | 地区 | 速度 | 设备 | 习惯 | 次数 | 密码 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
zhangsan | Beijing | 116.20,39.56 | UUID | 2020-03-31 10:10:00 |
True | False | True | False | True | False | True |
并不负责对⽤户的登录做出定性的分析,仅仅当系统发送⽤户登录数据过来,由⼤数据评估系统对⽤户数据进⾏评估,然后产⽣评估报告。由业务系统⾃⾏根据评估报告,需⽤⽤户采取相关的奖惩措施。介于以上评估报告系统需要⽤户发送以下数据格式,以辅助系统完成验证:
需要评估登录数据:⽤于本次登录前产⽣评估报告的数据,系统拿到评估报告以后,再去做抉择是否升级登录。该数据需要获取⽤户的 历史登录成功的数据集合
完成评估!
INFO 2020-03-31 10:12:00 QQ EVALUATE [张三] 6ebaf4ac780f40f486359f3ea6934620 "12355421" Beijing "116.4,39.5" [1200,15000,2100] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
登录成功产⽣数据:登录成功的数据 ⽤来作为下⼀次评估登录时的历史数据,系统留存最近的⼀些历史登录数据集,作为下⼀次登录评估的标准。
INFO 2020-03-31 10:12:00 QQ SUCCESS [张三] 6ebaf4ac780f40f486359f3ea6934620 "12355421" Beijing "116.4,39.5" [1200,15000,2100] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
数据提取
借助:https://regex101.com
INFO 2020-03-31 10:12:00 Q1Q应⽤1 success [张三] 6ebaf4ac780f40f486359f3ea6934620 "123456" Beijing "116.4,39.5" [1200,15000,2100] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
import java.util.regex.Matcher;
import java.util.regex.Pattern;
final String regex = "^INFO\\s(\\d{
4}-\\d{
2}-\\d{
2}\\s\\d{
2}:\\d{
2}:\\d{
2})\\s([a-z0-
9\\u4e00-\\u9fa5]*)\\s(EVALUATE|SUCCESS)\\s\\[([a-z0-9\\u4e00-\\u9fa5]*)\\]\\s([a-z0-
9]{
32})\\s\\\"([a-z0-9\\.\\-\\,]{
6,12})\\\"\\s([a-z\\u4e00-\\u9fa5]*)\\s\\\"([0-
9\\.\\,]*)\\\"\\s\\[([0-9\\,\\.]*)\\]\\s\\\"(.*)\\\"";
final String string = "INFO 2020-03-31 10:12:00 Q1Q应⽤1 success [张三]
6ebaf4ac780f40f486359f3ea6934620 \"123456\" Beijing \"116.4,39.5\" [1200,15000,2100]
\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/80.0.3987.149 Safari/537.36\"";
final Pattern pattern = Pattern.compile(regex, Pattern.CASE_INSENSITIVE |
Pattern.UNICODE_CASE);
final Matcher matcher = pattern.matcher(string);
if (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
Full match: INFO 2020-03-31 10:12:00 QQ SUCCESS [张三] 6ebaf4ac780f40f486359f3ea6934620
"123456" Beijing "116.4,39.5" [1200,15000,2100] "Mozilla/5.0 (Macintosh; Intel Mac OS
X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
Group 1: 2020-03-31 10:12:00
Group 2: QQ
Group 3: SUCCESS
Group 4: 张三
Group 5: 6ebaf4ac780f40f486359f3ea6934620
Group 6: 123456
Group 7: Beijing
Group 8: 116.4,39.5
Group 9: 1200,15000,2100
Group 10: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/80.0.3987.149 Safari/537.36
评估因子实现
风险评估工具类
/**
* 风险评估工具类
*/
public class EvaluateUtil {
public static final String LEGAL_REGEX = "^INFO\\s(\\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2})\\s([a-z0-9\\u4e00-\\u9fa5]*)\\s(EVALUATE|SUCCESS)\\s\\[([a-z0-9\\u4e00-\\u9fa5]*)\\]\\s([a-z0-9]{32})\\s\\\"([a-z0-9\\.\\-\\,]{6,12})\\\"\\s([a-z\\u4e00-\\u9fa5]*)\\s\\\"([0-9\\.\\,]*)\\\"\\s\\[([0-9\\,\\.]*)\\]\\s\\\"(.*)\\\"";
public static final String EVALUATE_REGEX = "^INFO\\s(\\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2})\\s([a-z0-9\\u4e00-\\u9fa5]*)\\s(EVALUATE)\\s\\[([a-z0-9\\u4e00-\\u9fa5]*)\\]\\s([a-z0-9]{32})\\s\\\"([a-z0-9\\.\\-\\,]{6,12})\\\"\\s([a-z\\u4e00-\\u9fa5]*)\\s\\\"([0-9\\.\\,]*)\\\"\\s\\[([0-9\\,\\.]*)\\]\\s\\\"(.*)\\\"";
public static final String SUCCESS_REGEX = "^INFO\\s(\\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2})\\s([a-z0-9\\u4e00-\\u9fa5]*)\\s(SUCCESS)\\s\\[([a-z0-9\\u4e00-\\u9fa5]*)\\]\\s([a-z0-9]{32})\\s\\\"([a-z0-9\\.\\-\\,]{6,12})\\\"\\s([a-z\\u4e00-\\u9fa5]*)\\s\\\"([0-9\\.\\,]*)\\\"\\s\\[([0-9\\,\\.]*)\\]\\s\\\"(.*)\\\"";
public static final Pattern LEGAL_PATTERN = Pattern.compile(LEGAL_REGEX, Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE);
public static final Pattern EVALUATE_PATTERN = Pattern.compile(EVALUATE_REGEX, Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE);
public static final Pattern SUCCESS_PATTERN = Pattern.compile(SUCCESS_REGEX, Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE);
public static Boolean isLegal(String input) {
Matcher matcher = LEGAL_PATTERN.matcher(input);
return matcher.matches();
}
public static Boolean isEvaluate(String input) {
Matcher matcher = EVALUATE_PATTERN.matcher(input);
return matcher.matches();
}
public static Boolean isLoginSuccess(String input) {
Matcher matcher = SUCCESS_PATTERN.matcher(input);
return matcher.matches();
}
public EvaluateData parseEvaluateData(String input) {
return null;
}
public LoginSuccessData parseLoginSuccessData(String input) {
return null;
}
}
评估因子实体类
①
/**
* 评估状态记录
*/
//INFO 2020-03-31 10:12:00 QQ EVALUATE [张三] 6ebaf4ac780f40f486359f3ea6934620 "12355421" Beijing "116.4,39.5"
//[1200,15000,2100] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
@Data
@AllArgsConstructor
@NoArgsConstructor
public class EvaluateData implements Serializable {
private long evaluateTime;
private String applicationName;
private String userIdentify;
private String loginSequence;
private String ordernessPassword;
private String cityName;
private GeoPoint geoPoint;
private Double[] inputFeatures;
private String deviceInformation;
}
②
/**
* 评估报告
*/
public class EvaluateReport implements Serializable {
private String applicationName;
private String userIdentify;
private String loginSequence;
private long evaluateTime;
private String cityName;
private GeoPoint getPoint;
private Map<RiskFactor, Boolean> metrics = new HashMap<>();
public void signReport(RiskFactor riskFactor, boolean flag) {
metrics.