Method and system of distinguishing between human and machine
First Claim
1. A method comprising:
- recording, when a request for accessing a designated network service is received, information of the request which includes a time of receiving the request and information of an access object that sends the request;
identifying whether the access object comprises a user or a terminal;
computing a statistical value of the requests sent by the access object based on a record and on the identification of the access object, the statistical value of the requests including multiple request frequency values;
determining that the access object is operated by a malicious computer program in response to the statistical value of the requests sent by the access object falling outside a predetermined normal range; and
upon determining the access object is operated by a malicious computer program, if the access object has not been isolated, excluding one or more requests sent from the access object prior to a current instance of anomaly when computing the statistical value of the requests sent from the access object in real time to avoid false negatives.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system of distinguishing between a human and a machine are disclosed. The method includes: when a request for accessing a designated network service is received, recording information of the request which include a time of receiving the request and information of an access object that sends the request; computing a statistical value of requests sent by the access object in real time based on a record; and determining the access object to be abnormal when the statistical value of the requests sent by the access object falls outside a predetermined normal range. The disclosed system of distinguishing between a human and a machine includes a recording module, a computation module and a determination module. Identification between humans and machines using the disclosed scheme is difficult to be cracked down and can improve an accuracy rate of human-machine identification.
21 Citations
21 Claims
-
1. A method comprising:
-
recording, when a request for accessing a designated network service is received, information of the request which includes a time of receiving the request and information of an access object that sends the request; identifying whether the access object comprises a user or a terminal; computing a statistical value of the requests sent by the access object based on a record and on the identification of the access object, the statistical value of the requests including multiple request frequency values; determining that the access object is operated by a malicious computer program in response to the statistical value of the requests sent by the access object falling outside a predetermined normal range; and upon determining the access object is operated by a malicious computer program, if the access object has not been isolated, excluding one or more requests sent from the access object prior to a current instance of anomaly when computing the statistical value of the requests sent from the access object in real time to avoid false negatives. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
recording, when a request for accessing a designated network service is received, information of the request which includes a time of receiving the request and information of an access object that sends the request; identifying whether the access object comprises a user or a machine; computing a statistical value of the requests sent by the access object based on a record and on the identification of the access object, the statistical value of the requests including multiple request frequency values, in response to identifying that the access object comprises a user; the information of the request includes information of a terminal and the user associated with sending the request, the statistical value of the requests sent by the user includes a value for a frequency of terminal switching obtained from an analysis of terminals that are used by the user when sending the requests, and the statistical value of the requests sent by the user falls outside the predetermined normal range when the value for the frequency of terminal switching is greater than a threshold for the frequency of terminal switching; determining that the access object is operated by a malicious computer program in response to the statistical value of the requests sent by the access object falling outside a predetermined normal range; and upon determining the access object is operated by a malicious computer program, if the access object has not been isolated, excluding one or more requests sent from the access object prior to a current instance of anomaly when computing the statistical value of the requests sent from the access object in real time to avoid false negatives. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
recording, when a request for accessing a designated network service is received, information of the request which includes a time of receiving the request and information of an access object that sends the request, the access object including a user and at least one terminal associated with the user; computing a statistical value of the requests sent by the access object based on a frequency of terminal switching associated with the user when sending the requests, the statistical value of the requests including multiple request frequency values; determining that the access object is operated by a malicious computer program in response to the statistical value falling outside a predetermined normal range; and upon determining the access object is operated by a malicious computer program, if the access object has not been isolated, excluding one or more requests sent from the access object prior to a current instance of anomaly when computing the statistical value of the requests sent from the access object in real time to avoid false negatives.
-
Specification