Good product mechanism is an effective way to solve malicious behavior

Http://www.aliyun.com/zixun/aggregation/7652.html "> Taobao Mall event reflects a technical problem: how to prevent and prevent malicious user behavior.

Recently, because Taobao mall prices caused by small and medium sellers besieged big sellers of the incident intensified. The parties to the incident have their own reasons, and from their own point of view, feel very wronged.

I do not want to discuss this matter in the wrong, just want to explore a lot of web sites have encountered technical problems: how to anti-fraud/anti-malicious user behavior. In order to deal with the Taobao mall incident, Taobao's technical team now must be working overtime to develop the technology to prevent malicious online shopping behavior. In fact, many sites have similar needs: Google, Baidu need to prevent malicious clicks, Sina Weibo need to block small ads, fairs, 58 need to delete false posts ...

As a technical director, I was responsible for building up Google's anti-fraud/Anti-malware technology platform at Google's US headquarters and accumulating some experience and methodologies. Here to share with you friends.

First of all, from a macro perspective, there are several aspects of the site need to understand the leadership:

1 Good product mechanism is the most effective way to solve fraud or malicious behavior. If malicious behavior is prevalent in a large number of users, then a good reflection of their own product mechanism. This has something in common with the social system: a good system makes a man virtuous, and a bad system tempting to evil. Under the right mechanism, the user of malicious behavior should be a minority, of course, these few people will do a lot of repeated malicious acts to achieve their commercial purposes.

2 The prevention of malicious acts is a game. Your opponents are constantly learning about you and studying you. Villains, outsmart. Therefore, all methods are not static, but should be constantly changing, continuous improvement.

3 always pay attention to the impact on the normal users. Any action that strikes a malicious act can have a negative effect. If these actions affect the normal behavior of the normal user on the site, it is not worth the candle.

Then let's look at the tactical approaches to fraud and malicious behavior:

1. Abnormal user behavior found. Anomalies can be found in the following ways:

Abnormal rate. For example, the user clicks the page speed and buys the frequency.

Anomalous quantity. For example, the number and amount of items a user buys.

Abnormal movements. For example, some actions that normal users do not often do, such as "Log Out".

Anomalous distribution. For example, the user's Cookie age.

2 Find the associated user account. Malicious users are a minority, and they need to create a large number of accounts to commit malicious acts, so it is helpful to find associated accounts that may be created by the same person. There are a number of clues to the account associated, such as cookies, IP, username, email, address, telephone, credit card number ...

3 focus on the new account. Because there is history, so the old user is easy to judge. New users are at high risk and need special attention

4 Data mining technology. By machine learning, you can find out many factors and the relative degree of malicious users. Many people think that data mining, machine learning is very mysterious, in fact, the simple will, these technologies are qualitative things quantitative. For example, from the previous method (1) (2) (3), you can find a lot of clues that may find malicious users. By digitizing these clues and then inputting the historical data into the model, you can quantitatively predict whether a future user is a malicious user.

5 According to the previous malicious user probability, we can divide a user into black, gray, white three categories. The black (explicit malicious user) is automatically closed, the white (clear normal user) automatically release and in the future try to avoid interference. Ash needs to be further processed, often arranging more inspection methods, such as a call to the user.

6 Delay Any feedback information to the malicious user. Malicious users and sites in the game. The quicker they know if the site finds them, the quicker they can make improvements. As a result, we need to do some obfuscation on the disposition of the malicious user, so that the malicious user can take longer to know that they have been found.

By implementing these methods, malicious actions should be able to be controlled. Simply put, a user's occasional malicious behavior is difficult to guard against, but using these methods can make the cost of trying to do more than one malicious act become high, thus defeating malicious users.

Finally, I can't help saying that the Taobao mall incident also illustrates the risk of over-reliance on a single channel. Regardless of the reaction of the small and medium sellers, or the large sellers of innocent attacks, are very focused on Taobao as a sales channel. Once there is a systemic problem with the channel, the sellers will be severely affected. In the technical field, such a problem is referred to as a single point of failure (failure), which is a matter of great attention and avoidance by various technical teams.