Viewing the application of large data in Internet wind Control: reducing the risk of payment through the analysis of equipment behavior
Since 2012, the topic of large data in China's Internet and various industries began to hot, it is said that 2013 has been the foreign media called "Big data year." In addition to the most conventional user mining, advertising value promotion, big data are used to produce hot TV dramas, building medical institutions, and even to help Obama re-election and other myths have emerged. But one of the most basic tasks of the Internet-security work-seems to have nothing to do with the trend.
Many people's impression, Internet security is nothing more than a anti-virus software, online payment is best to get a hardware shield (U shield) in the heart can be practical point. A problem, that the Internet has always been more than the traditional world of unsafe conclusions, it is necessary. We do Internet security, there is no technical content? Here is a simple introduction to the online payment to control the risk of a sharp weapon-it is now everyone hot big data.
Traditional security authentication methods and their problems
Before someone said, "on the internet, no one knows you are a dog", this "identity uncertainty" for Internet financial Services, is an eternal risk. Phishing, Trojan transmission, account theft and other embezzlement and fraud are the direct manifestation of this risk.
So, there are some of the most familiar security authentication means: First, users know things, such as passwords, and the second is the user has things, such as digital certificates, Hardware shield. Their essence is that when the payment service receives the payment request, in order to reduce the risk of payment, the server must first confirm the identity of the originator of the payment is legal.
But the above two methods will encounter some obstacles, such as easy to forget the password, some people all use the same password, the password may also have the risk of leakage. This, at the end of 2011, the CSDN Password disclosure incident gave everyone a warning.
The problem with digital certificates and hardware shields is that after replacing a computer or reloading the system, the computer does not have a digital certificate, the user will not be able to pay, and the hardware shield may be lost or damaged, this situation, the user will not be able to pay. This is why so many users have not chosen these security products.
The third type of security authentication that is now widely used is cell phone inspection code. After the user has reserved the handset in the E-commerce website, the Internet bank or the third party payment website, can receive the dynamic authentication code when needs to confirm the identity. Mobile phone has a good portability, privacy, SMS reach the rate can reach more than 90%. Therefore, the mobile phone short message dynamic verification code by electronic banks and third parties to pay a lot of use.
In the mobile phone message verification code is heavily used, the outlaws also began targeted offensive. Phishing website, the way of the telephone fraud verification code even become a black industrial chain, e-commerce Environment caused a great negative impact.
To give a real case, Alipay in order to prevent criminals posing as a staff to deceive the user phone check code, has been sent in the SMS check code in the text message clearly written to "Taobao or Alipay staff will not ask you for a short message check code." Once, a user received a fake customer service phone, fake customer service to help her deal with the transaction for her to obtain the check code, the user and fake customer service said, "the message inside said the staff will not ask me for a text check code." "Fake customer service may also be brainwave, replied," I am not Taobao and Alipay, I am the seller. "The user told the checkout code to fake customer service. To this end, Alipay had to change the text of the SMS Check code, clearly stated that "Any request for SMS check code is the behavior of fraud." ”
Even so, the user is cheated by the message check code is still not extinct. Because of this type of illegal fraud authentication code is a lot of the implementation of the Organization, coupled with the victim's sense of prevention is relatively weak, the probability of successful fraud is always there. Electronic banking and third-party payments want to be well controlled by this illegal behavior, there is a lot of difficulty.
Advantages of device Behavior analysis: You can be easy, but your behavioral characteristics are difficult to change
In order to reduce the risk of payment introduced the identity authentication, but the identity authentication process itself is also the possibility of being attacked. So, can reduce the network behavior in the "Identity Authentication" link?
The answer is yes. Outlaws may be in various ways to master your password, cheat your checkout code, but he wants to completely make his behavior characteristics similar to you, it will be more difficult. It's as easy as plastic surgery, but it's hard to change your behavior. It is the advantage of Internet to do security that can control the risk through the means of data and technology.
In fact, through the user's habit of payment behavior analysis of the data to authenticate, can be a good reduction in the process of payment of identity authentication to the user's interruption.
The behavior of the user on the network will leave "information", such as when to pay, the amount of shopping, the use of what kind of network.
Behavior is formed in a period of time, just as someone is used to writing with the left hand. By analyzing this behavior habit, you can know the true identity of the user.
Network behavior generally contains 5 factors: At what time, what equipment, account number, login website, what to do.
On the network, a person can obtain the equipment is limited, usually is the office computer, the home computer, the handset and so on. If you log on to the system on a "trusted" device, the current behavior is more trustworthy. Then equipment is the key point in behavioral analysis.
We can give each device a "credibility", the user's behavior and equipment associated with each user's behavior can dynamically change the "credibility."
A credible, legitimate act increases credibility, and an untrusted, illegal act reduces credibility. and the increase and reduction of "degree" is through a set of complex models, the use of machine learning methods to obtain. This creates a closed loop around the device, "input-process-output-feedback".
In addition to changing the credibility of the device directly used by the user, you can even change the reliability of the device dynamically through the connection between "device" and "device". For example, user A uses mobile a, using sound waves to pay User B's cell phone b transfer 1000, so in addition to the credibility of mobile A to improve, the credibility of mobile B can also be upgraded accordingly. Analyzing the direct relationship of a device can also create a complex set of models.
Because the user network behavior is mapped to the operation behavior of the device, it is possible to know how risky the behavior is by analyzing the reliability of the device. And this process, users do not need to actively install digital certificates or hardware shields, do not need to receive parity code, the user experience will be significantly improved.
With the rise of mobile internet, geographical location, acceleration induction, etc. become the standard configuration of the mainstream smartphone. Sensors on smart devices, like the human facial features, constantly collect information about the environment, which provides richer data for the analysis of device behavior. These intelligent devices walk in every corner of the world, producing and transmitting information in minutes and minutes; The challenge in the future is not enough data for analysis, but the ability to store and analyze such a large amount of data.
Through the way of equipment behavior analysis to control risk, it is a kind of risk control by means of large data. PayPal in foreign countries do not have digital certificates, hardware shields such as security products, is to rely on the analysis of user and equipment behavior to control risk. China's environment, the user's security requirements are higher, the security is also worse, before the domestic leading third-party payment companies to take more security products, check code these users can clearly perceive the security authentication method. But the new approach to device behavior analysis is starting to start.
Or that sentence, there is no absolute sense of security in the world, the Internet is also the case. However, whether to reduce the risk of the rate itself, or to improve the wind control process of user experience and efficiency, the way the Internet, large data is better than the traditional way, this is the inevitable progress of the times. You should see both the problem and the more positive side.
(Responsible editor: Lu Guang)