How does Big Data technology effectively block the internet black market?

Source: Internet
Author: User
Tags account security
Recently, "Network Security" incidents have occurred frequently in the Internet industry. In August alone, there were a number of cybercriminals ** incidents, including the globelmposter ransomware for many subsidiaries of an important communication company in China ***. About 0.5 billion pieces of data of the hotels of chinacache group were leaked. In the name of cooperation with the operator, the new third board company ruizhi Huasheng illegally stole 3 billion pieces of user data, involving nearly Internet companies such as BAT.

According to data, in 2017, the total number of global enterprises suffering from network attacks increased by 15% compared with last year, and the severity increased by 23%. Network security incidents not only infringe on user information security, but also damage the operation security of Internet enterprises. They are no longer limited to material and property losses in the traditional sense, it affects operation, manufacturing, and even personal safety.
What kind of network black market will app operation encounter ***?

APP operation is inseparable from users. However, if you are sitting at a work station, you do not know whether your users are real or virtual. According to reports from "BOT traffic report 2016" on the Internet, in 2016, robot traffic accounted for 51.8% of the total network traffic, exceeding human traffic, and malicious robot traffic accounted for 28.9% of the total network traffic.

Half of the users are robots. Think about it as a fear of people. what's even more terrible is what kind of damage will they bring to the operation of nearly three million malicious robot traffic? The following are the most common network risks in APP operation I have summarized.
1. Malicious clicks by competitors and undesirable text message agencies

Many app registration pages require users to enter real mobile phone numbers for registration, logon, password retrieval, and other operations. However, the page itself cannot determine whether the mobile phone number entered by the user is an individual's real mobile phone number, which also provides an opportunity for competitors and SMS agents of the application.
-- They will use tools related to the black market to randomly send text messages to a large number of mobile phone numbers, resulting in high text message fees and economic losses, it also caused harassment to common users who did not use the platform but received verification text messages.
2. Promotion Company clicks

Some apps will find special promotion companies to promote products in the early stages. Some poor promotion companies use automated tools for batch registration, resulting in the team paying a lot of promotion fees, but not attracting real users.
3. Water Injection and advertising parties ***

I believe that in the process of refreshing some content-based communities on a daily basis, we may occasionally encounter a large number of popular posts under the Water Army, and various accounts will take the opportunity to play ads. These water injection and advertising parties, after registering a small number, obtain a large number of accounts from the code receiving platform to log on to the app, and send a large number of spam ads or even illegal information for some marketing purposes, it seriously affected the normal operation of the platform and damaged the Community atmosphere.
4. econnoisseurs ***

During the promotion, the app will use cash rewards and other promotional activities to attract the first batch of users. However, when the product itself is profitable, the first attraction is econnoisseurs. Econnoisseurs make profits by exploiting loopholes during app operations, which greatly affects the quality and effect of the activities.

5. credential stuffing ***

Many Internet users set accounts on multiple platforms to the same password for ease of memory. * ** The user obtains the account and password leaked from some websites and apps through automated tools and tries to log on to other websites or apps, this is a major security risk for the user's account security. In the event of a major event, the app operator has an unshirkable responsibility.

Secrets: app protection + big data effectively hit the Internet black market
In fact, blocking attacks against cybercriminals by apps have been ongoing. blocking IP addresses, verification codes, and text message verification are common confrontation strategies. However, because the network black market is mixed with real users, app operations cannot precisely target them and are often passive in confrontation. With the development of big data technology, the concept of "precision" has also been introduced into the field of "risk control. Several leading big data service providers in the industry are actively exploring big data application practices in anti-fraud. With big data blessing, the app is undoubtedly added with a sight in the counterattack to effectively identify whether the computer is a real user or a false. Specifically, it applies to the following aspects:
1. Precise "black market" profiling

In traditional app protection measures, behavior analysis models will also be established to identify network black markets, such as behavior aggregation, which can be determined based on user login behavior, for example, page stay time, mouse focus, page access process, and csrf-Token. Devices gather and report many machine information through clients, especially mobile clients, to identify whether counterfeit devices exist.

However, by imitating real-person behaviors, the "Network black market" can circumvent the Behavior Analysis Model in the background, thereby confusing app operators and exploiting loopholes. Now, with the blessing of big data technology, the APP has made great innovations in data analysis of black industries. At present, some third-party big data service providers rely on their own massive data accumulation and advanced big data analysis technology, combined with APP data, user group tag system, and multi-party authoritative data, for example, you can perform multidimensional Modeling and Analysis on the entire blacklist database to generate a precise "black market" image. In addition, third-party big data service providers can present data analysis through visualization technology, so that app operators can use it.

For example, in the anti-fraud Big Data Service of "personal push", the "Black industry" portrait is easily interpreted. They attached scores to each analysis dimension, and finally obtained the user risk score and grade evaluation through statistical techniques, facilitating app user classification and precise risk control operations.
The app uses positive protection measures for users with high risk scores to restrict their businesses, reduce or even stop the issuance of red packets and discounts.
Apps can reduce and reduce protection measures as appropriate for users with low risk scores. This can not only ensure the security of apps and users, but also improve user experience.

2. High IQ verification Protection

Setting verification codes is the most widely deployed scheme when the app blocks network black market deployment.

Graphic Verification Code
Various formats, such as letter distortion, Chinese character recognition, mobile slider, and image selection. Common apps directly access the verification code. If you have the background analysis capability, the verification code is triggered only when an exception occurs in the background audit to improve the normal user experience.

Text message Verification
Send verification codes to mobile phones for real-Person Authentication. However, this method will produce a certain amount of text message fee, and user operations are relatively troublesome. However, the network black market is a way to deal with traditional verification code protection measures. For common verification codes, the network black market uses machine learning technology to effectively recognize the verification codes in images. For verification codes that are difficult to identify, black hat also employs human CAPTCHA human recognition personnel. For text message verification, the network black market uses mobile phone card dealers to obtain a large number of mobile phone numbers at a low cost, and then perform batch verification.

Many big data service companies have proposed many innovative solutions to these problems. On the one hand, big data companies use technical advantages (machine learning is also a type of big data technology) to generate verification codes that are not easy to recognize. For example, the animation Verification Code uses real people's ability to recognize animations better than machines. It enhances security and increases the difficulty of cracking while ensuring a good user experience. On the other hand, big data companies use multi-dimensional data insights to identify and connect platforms and effectively resist them.

3. Precise sniper defense

When the app is facing a network black market **, blocking IP addresses is a positive and effective countermeasure. In the past, IP address blocking was performed based on the number of requests initiated by the black IP database or the same IP address, and the Password error rate. However, because there are tens of thousands of users on the same IP address, it is easy to delete users by mistake. Therefore, if you cannot identify real users, the app will not use this method unless necessary. With the help of big data, the "Black industry portrait" not only can identify the problematic IP address, but also can gain insight into the "Black industry" users on the problematic IP address and carry out targeted blocking operations.

The protection between the black market *** and the app is a long and persistent battle between the spear and the shield. Apps not only need to keep up with new black industry technologies in a timely manner, update protection policies as frequently as possible, increase the black industry cracking costs, but also need to work with the industry's "security guard" to ensure the security of user information, improve user experience, effectively purify the industry environment, and maintain network security.
References:
Surging news/hacker: Hua lives
What is the network black industry chain behind 0.5 billion Data leaks? Https://www.thepaper.cn/newsDetail_forward_2393889

How does Big Data technology effectively block the internet black market?

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.