Shulou(Shulou.com)06/03 Report--

Recently, "network security" incidents in the Internet industry have occurred frequently. In August alone, there were a number of incidents in the network underground industry, including the Globelmposter blackmail virus encountered by a subsidiary of an important domestic communications company. Huazhu Group has been revealed to have leaked about 500m pieces of data from its hotels. Under the guise of cooperating with operators, Ruizhi Huasheng, a new third board company, illegally stole 3 billion pieces of user data, involving users of nearly 100 Internet companies, including BAT.

According to data, the total number of Internet users suffered by global enterprises in 2017 increased by 15% over last year, and the severity increased by 23%. Network security incidents not only infringe on the information security of users, but also damage the business security of Internet enterprises, its destruction is no longer limited to the traditional sense of material and property losses, but affects the operation, manufacturing and even personal safety.

What network underground industries will be encountered in the operation of APP?

APP can't operate without users, but you sitting at your desk don't know whether your users are real or virtual. According to Bot Traffic Report 2016, robot traffic accounted for 51.8 percent of the total network traffic in 2016, exceeding human traffic, and malicious robots accounted for 28.9 percent of the network traffic.

Half of the users are robots, think about it is also afraid of people, and what is more frightening is that nearly 30% of the malicious robot traffic, what kind of damage will they bring to the operation work? The following is the author's summary of the most common network risks in APP operations.

1. Malicious brushing quantity of competitors and bad SMS agents

Many APP registration pages require users to fill in their real mobile phone numbers for registration, login, password recovery and other operations. However, the page itself cannot determine whether the mobile phone number filled in by the user is the real mobile phone number, which also provides an opportunity for competitors and SMS agents of the application.

-- they will use the relevant tools of the underground industry to send text messages randomly to a large number of mobile phone numbers, resulting in high SMS fees, economic losses, and harassment to ordinary users who do not use the platform but receive verified text messages.

2. Promote the number of brushes in the company

Some APP will find a special promotion company to promote the product in the early stage of the product. Some bad promotion companies will use automated tools to register in bulk, resulting in the team paying a lot of promotion fees, but not attracting real users.

3. Water injection, Advertising Party

I believe that in the daily process of browsing some content communities, we will occasionally encounter a large number of water army infested under popular posts and various accounts taking advantage of the opportunity to advertise. After registering the second account, these water injection and advertising parties obtain a large number of accounts to log in to APP from the receiving platform, and send a large number of spam and even illegal information for some marketing purposes, seriously affecting the normal operation of the platform and destroying the atmosphere of the community.

4. Econnoisseur *

APP will use cash incentives and other preferential activities to attract the first users, but when the product itself is profitable, it is econnoisseur who is the first to be attracted. Econnoisseur made a profit by exploiting loopholes when doing operational activities in APP, which greatly affected the quality and effect of the activities.

5. Hit the library *

In order to make it easier to remember, many Internet users set their accounts on multiple platforms to the same password. * users take advantage of this feature to obtain the account passwords leaked by users on some websites and APP, and try to log in to other websites or APP, which is a major security risk to the security of users' accounts. Once a major event occurs, the APP operator also has an unshirkable responsibility.

Reveal the secret: APP protection + big data effectively hit the network underground industry

In fact, the blocking war of APP against the network underground industry has been going on, blocking IP, CAPTCHA, SMS verification and so on are all common countermeasures. However, because the network underground industry is mixed with real users, APP operators can not accurately target them and are often in a passive position in the confrontation. With the development of big data's technology, the concept of "precision" has been introduced into the field of "risk control". At present, several "leading" big data service providers in the industry are actively exploring big data's application practice in "anti-fraud". With big data's blessing, there is no doubt that APP has added a pair of scope when fighting back, which can effectively identify whether the opposite side of the computer is a real user or a fake one. It works in the following aspects:

1. Accurate portrait of "underground industry"

In the traditional APP protection measures, a behavior analysis model is also established to identify the network underground industry, such as behavior aggregation, judging according to the behavior of the user login process, such as page stay time, mouse focus, page access flow, csrf-token and so on. Equipment aggregation, through the client, especially the mobile phone client, to report a lot of machine information to identify whether there is a forged device.

However, the "network underground industry" can evade the background behavior analysis model by imitating human behavior, thus confusing APP operators and exploiting loopholes. Now, with the blessing of big data's technology, APP has made a great innovation in the data analysis of underground industry. At present, some third-party big data service providers rely on their own massive data accumulation and leading big data analysis technology, combined with APP's own data, user base tagging system, and multi-party authoritative data, such as the network-wide blacklist database, to carry out multi-dimensional modeling and analysis, resulting in accurate portraits of the "underground industry". In addition, the third-party big data service provider can also display the data analysis through visualization technology, which can be used by APP operators.

For example, the anti-fraud big data service of "GE Tweet" makes the portrait of "underground industry" easy to interpret. They attach a score to each analysis dimension, and finally get the user risk score and grade assessment through statistical techniques, which is convenient for APP to classify users and carry out accurate risk control operations.

APP adopts positive protective measures for users with high risk scores, restricts its business, and reduces or even stops the distribution of red packets and discounts.

APP may waive protective measures as appropriate for users with low risk scores. Doing so can not only ensure the security of APP and users, but also improve the user experience.

2. Verification and protection of high IQ

In the deployment of APP blocking network underground industry, setting CAPTCHA is the most widely deployed scheme.

Graphic verification code

There are various forms, such as letter distortion, Chinese character recognition, moving slider, image selection and so on. Ordinary APP is directly connected to the verification code, and those with background analysis ability trigger the verification code only when there is an exception in the background audit to enhance the ordinary user experience.

SMS verification

Real person authentication is carried out by sending a CAPTCHA to the mobile phone. However, this practice will generate a certain amount of SMS fees, and the user operation is more troublesome. However, the network underground industry has a way to deal with the traditional CAPTCHA protection measures. For ordinary CAPTCHA, the network underground industry will use machine learning technology, which can effectively identify the CAPTCHA in the picture. For individual verification codes that are difficult to identify, the underground industry also employs some coding personnel to identify them manually. For SMS verification, the network underground industry obtains a large number of mobile phone numbers cheaply through mobile phone card vendors, and then verifies them in batches.

In order to solve these problems, many big data service companies have put forward many innovative solutions. On the one hand, big data Company uses technological advantages (machine learning technology is also a kind of big data technology) to produce verification codes that are not easily recognized by machines. For example, animation CAPTCHA, the use of human animation recognition ability is stronger than the machine, under the premise of ensuring a good user experience, improve security and increase the difficulty of cracking. On the other hand, big data company through multi-dimensional data insight, found to identify the code platform, effectively resist.

3. Accurate sniper confrontation

When APP is facing the network underground industry, blocking IP address is a more positive and effective confrontation strategy. In the past, the practice of blocking IP is based on the number of requests initiated by the black IP library or the same IP, password error rate, etc., to decide whether to ban the IP request for a period of time. However, because there will be tens of thousands of users on the same IP address, it is easy to delete users by mistake. Therefore, APP will not use this approach until it is a last resort when it is impossible to identify the real user. With the help of big data, through the "Portrait of Underground Industry," we can not only identify the problem IP, but also gain insight into the "underground industry" users on the IP address of the problem, and carry out targeted blockade operations.

The protection of underground industry and APP is a battle between spear and shield, and it is also a long and protracted battle. APP not only needs to follow up on the new technologies of the underground industry in time, update the protection strategy as frequently as possible, and increase the cracking cost of the underground industry, but also need to fight side by side with the "security guards" in the industry to ensure user information security, enhance user experience, effectively purify the industry environment, and maintain network security.

Reference:

Thepaper.cn / Gaoke: Huazhu

500 million data leaks, what is the network black industry chain behind it? Https://www.thepaper.cn/newsDetail_forward_2393889

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.