CN110674021A

Movatterモバイル変換

Info

Publication number: CN110674021A
Application number: CN201910857794.6A
Authority: CN
Inventors: 连耿雄
Original assignee: Shenzhen Power Supply Bureau Co Ltd
Current assignee: Shenzhen Power Supply Bureau Co Ltd
Priority date: 2019-09-09
Filing date: 2019-09-09
Publication date: 2020-01-10

Abstract

Translated fromChinese

本发明公开了一种移动应用登录日志的检测方法及系统，其包括：步骤S1，第三方移动应用在登录时，上传所有登录操作的日志数据；步骤S2，登录安全监控服务对第三方移动应用上报的日志数据，将实时数据、历史数据进行整编并将数据存入数据库，在数据库中建立数据分析规则；步骤S3，对第三方移动应用上报的日志数据进行分析，对分类后的日志数据根据建立的数据分析规则进行错误登录分析和异常登录分析；步骤S4,根据错误登录分析和异常登录分析得出的结果，当存在错误或异常情况，对第三方应用进行发出预警或锁定。实施本发明，能有效对移动应用的所有登录情况进行实时记录与监控，及时发现错误登录和异常登录情况，有效预防网络安全问题。

The present invention discloses a method and system for detecting login logs of mobile applications, which include: step S1, when a third-party mobile application logs in, upload log data of all login operations; step S2, log in security monitoring service to the third-party mobile application For the reported log data, reorganize the real-time data and historical data, store the data in the database, and establish data analysis rules in the database; step S3, analyze the log data reported by the third-party mobile application, and classify the log data according to the The established data analysis rules carry out error login analysis and abnormal login analysis; step S4, according to the results obtained from the error login analysis and the abnormal login analysis, when there is an error or abnormal situation, an early warning or lock is issued to the third-party application. The implementation of the present invention can effectively record and monitor all login situations of the mobile application in real time, discover erroneous logins and abnormal logins in time, and effectively prevent network security problems.

Description

Translated fromChinese

一种移动应用登录日志的检测方法及系统Method and system for detecting login log of mobile application

技术领域technical field

本发明属于互联网领域，涉及一种移动应用登录日志的检测方法及系统。The invention belongs to the field of the Internet, and relates to a method and system for detecting a log of a mobile application.

背景技术Background technique

随着网络技术和移动通信技术的普及，近年来我国的移动互联网发展迅猛，移动互联网已经占据人们的生活，移动互联网在为用户和企业带来便捷和利益的同时，随之而来的各类移动应用使用安全问题也不断增加，如何在登录移动应用时，判断当前用户、设备、IP是否安全是一个紧迫问题，因此，如何简单有效的解决登录安全问题是一大难点。With the popularization of network technology and mobile communication technology, my country's mobile Internet has developed rapidly in recent years, and mobile Internet has occupied people's lives. While mobile Internet brings convenience and benefits to users and enterprises, various types of The security problem of mobile application usage is also increasing. How to determine whether the current user, device, and IP are safe when logging in to a mobile application is an urgent problem. Therefore, how to solve the login security problem simply and effectively is a major difficulty.

发明内容SUMMARY OF THE INVENTION

本发明实施例所要解决的技术问题在于，提供一种移动应用登录日志的检测方法及系统，在登录移动应用时，简单有效的判断当前用户、设备、IP是否安全。The technical problem to be solved by the embodiments of the present invention is to provide a method and system for detecting mobile application login logs, which can simply and effectively determine whether the current user, device, and IP are safe when logging in to a mobile application.

本发明提供一种移动应用登录日志的检测方法，其包括如下步骤：The present invention provides a method for detecting a mobile application login log, which comprises the following steps:

步骤S1，登录安全监控服务提供多个上报接口用以上传登录操作的日志数据，第三方移动应用在登录时，选择其中一种上报接口上传所有登录操作的日志数据；Step S1, the login security monitoring service provides multiple reporting interfaces for uploading log data of login operations, and the third-party mobile application selects one of the reporting interfaces to upload log data of all login operations when logging in;

步骤S2，登录安全监控服务对第三方移动应用上报的日志数据，将日志数据分为错误登录日志和正常登录日志，将实时数据、历史数据进行整编并将数据存入数据库，在数据库中建立数据分析规则；Step S2, log in the log data reported by the security monitoring service to the third-party mobile application, divide the log data into an error log log and a normal log log, organize the real-time data and historical data, store the data in a database, and create data in the database analysis rules;

步骤S3，对第三方移动应用上报的日志数据进行分析，对分类后的日志数据根据建立的数据分析规则进行错误登录分析和异常登录分析；Step S3, analyze the log data reported by the third-party mobile application, and perform error login analysis and abnormal login analysis on the classified log data according to the established data analysis rules;

步骤S4,根据错误登录分析和异常登录分析得出的结果，当存在错误或异常情况，对第三方应用进行发出预警或锁定。Step S4, according to the results obtained by the error login analysis and the abnormal login analysis, when there is an error or abnormal situation, an early warning or lock is issued to the third-party application.

具体的，所述登录操作日志数据包括操作时间、登录账户、设备编号、设备类型、登录IP、终端版本号、登录响应状态，所述登录操作日志数据通过rest或dubbo接口上传。Specifically, the login operation log data includes operation time, login account, device number, device type, login IP, terminal version number, and login response status, and the login operation log data is uploaded through a rest or dubbo interface.

具体的，所述步骤S2中所述建立数据分析规则包括登录失败账户规则，以登录账户为对象，以登录时间为统计范围，该账户登录失败总数为依据，当数据库中登录错误日志数据记录过多的错误次数时，即判定该账户有被破解的异常。Specifically, the establishment of the data analysis rules in the step S2 includes the log-in failure account rules, taking the log-in account as the object, the log-in time as the statistical scope, and the total number of log-in failures of the account as the basis. When there are too many errors, it is determined that the account has been cracked abnormally.

具体的，所述步骤S2中所述建立数据分析规则包括登录预警账户规则，其具体为，Specifically, the establishment of the data analysis rule in the step S2 includes the login warning account rule, which is specifically:

登录预警账户规则：以登录账户为对象，以登录时间为统计范围，该账户登录使过的不同设备数和IP数为依据，查询数据库中的登录日志数据；Login warning account rules: Take the login account as the object, the login time as the statistical scope, and the number of different devices and IPs used by the account to log in, and query the login log data in the database;

登录预警设备规则：以登录设备为对象，以登录时间为统计范围，该设备登录过的不同账户数和IP数为依据，查询数据库中的登录日志数据；Log-in warning device rules: Take the log-in device as the object, the log-in time as the statistical scope, and the number of different accounts and IPs that the device has logged in as the basis to query the log-in log data in the database;

登录预警IP规则：以登录IP为对象，以登录时间为统计范围，该IP登录过的不同账户数和设备数为依据，查询数据库中的登录日志数据。Login warning IP rule: Take the login IP as the object, the login time as the statistical scope, the number of different accounts and devices that the IP has logged in as the basis, and query the login log data in the database.

具体的，所述步骤S3对分类后的日志数据根据建立的数据分析规则进行错误登录分析和异常登录分析包括，Specifically, the step S3 performs error logging analysis and abnormal logging analysis on the classified log data according to the established data analysis rules, including:

错误登录分析，基于错误登录日志，从用户角度，分析一段时间内用户登录的错误次数，如果存在过多的错误次数则判定账户异常；Error login analysis, based on the error login log, from the user's point of view, analyze the number of user login errors within a period of time, if there are too many errors, the account is abnormal;

异常登录分析，基于错误登录日志和正常登录日志，从账户、设备、访问IP几个角度，分析一段时间内的登录异常行为，异常行为包括，一个账户使用了多个设备和IP进行登录；一个设备有多个账户登录并且频繁切换登录IP；一个IP有多个账户和设备进行登录；在非正常时间登录到应用系统，如果存在过多的异常行为则判定系统存在安全风险。Abnormal login analysis, based on error login logs and normal login logs, from the perspectives of accounts, devices, and access IPs, analyzes abnormal login behaviors over a period of time. Abnormal behaviors include that one account uses multiple devices and IPs to log in; one The device has multiple accounts to log in and frequently switches the login IP; one IP has multiple accounts and devices to log in; log in to the application system at an abnormal time, if there are too many abnormal behaviors, it is determined that the system has a security risk.

具体的，所述步骤S4对第三方应用进行发出预警或锁定包括:Concretely, the step S4 to issue an early warning or lock the third-party application includes:

预警：提供短信通知或应用通知的方式，将错误和预警信息及时准确发送给系统安全管理员；Early warning: provide SMS notification or application notification, and send error and early warning information to the system security administrator in a timely and accurate manner;

锁定：锁定异常账户、设备或访问IP，如果用户未登录，则在下次登录时使其无法登录移动应用，并进行锁定提示，如果是在线用户，则使其强制退出移动应用。Lock: Lock the abnormal account, device or access IP. If the user is not logged in, the user will be unable to log in to the mobile application at the next login, and a lock prompt will be given. If the user is an online user, it will be forced to exit the mobile application.

实施本发明实施例，还提供一种移动应用登录日志的检测系统,包括：Implementing the embodiment of the present invention also provides a detection system for mobile application login logs, including:

登录日志采集模块，用于收集第三方移动应用所有的登录行为日志，提供给登录安全监控平台进行日志整编与数据持久化存储，同时将数据提交给数据分析模块进行分析；The login log collection module is used to collect all the login behavior logs of the third-party mobile applications, provide them to the login security monitoring platform for log compilation and data persistent storage, and submit the data to the data analysis module for analysis;

数据分析模块，以登录日志采集模块采集的所有登录操作日志为基础，依据账户、设备、访问IP建立各种不同规则算法模型，对日志数据进行分析与统计，判断当前登录的账户、设备、访问IP是否错误或异常；The data analysis module, based on all the login operation logs collected by the login log collection module, establishes various rule algorithm models according to accounts, devices, and access IPs, analyzes and counts the log data, and determines the currently logged-in account, device, access Whether the IP is wrong or abnormal;

预警与锁定模块，用于在数据分析模块认定账户、设备、访问IP相关对象的登录行为为错误或者异常时，预警与锁定模块向安全管理员通过多种方式发送预警通知，并将对象进行锁定使其无法再继续使用移动应用。The warning and locking module is used to send a warning notification to the security administrator in various ways and lock the object when the data analysis module determines that the login behavior of the account, device, and access IP-related object is wrong or abnormal. so that it can no longer continue to use the mobile app.

该系统还包括数据库，用于存储被登录日志采集模块整编的实时数据和历史数据；存储数据分析模块建立的各种规则算法模型数据，以及分析和统计后的数据；存储预警与锁定模块发出的预警通知和锁定信息数据。The system also includes a database for storing real-time data and historical data compiled by the logging log collection module; storing various rule algorithm model data established by the data analysis module, as well as data after analysis and statistics; Alert notification and lock information data.

具体的，所述预警与锁定模块包括通知子模块，用于提供发送手机短信通知或第三方移动应用通知，系统配置选择一种或多种相结合的方式向安全管理员及时发送预警和锁定信息。Specifically, the pre-warning and locking module includes a notification sub-module, which is used to provide notification by sending mobile phone short messages or third-party mobile application notifications. The system configuration selects one or more combined methods to send early warning and locking information to the security administrator in time. .

具体的，所述预警与锁定模块包括锁定子模块，用于对第三方移动应用进行锁定账户、锁定设备、锁定IP，当锁定发生后，当前用户正在使用的账户、手机设备、网络IP被系统判断为非法状态，未登录用户将不能登录到移动应用，已登录用户将强制退出应用。Specifically, the early warning and locking module includes a locking sub-module, which is used to lock accounts, devices, and IPs for third-party mobile applications. If it is judged to be illegal, users who have not logged in will not be able to log in to the mobile application, and users who have logged in will be forced to exit the application.

实施本发明实施例，具有如下有益效果：Implementing the embodiment of the present invention has the following beneficial effects:

本发明实施例提供的移动应用登录日志的检测方法及系统，独立于需要接入的第三方移动应用系统部署，并且接入简单；能有效对移动应用的所有登录情况进行实时记录与监控，及时发现错误登录和异常登录情况，有效预防网络安全问题，并将账户、设备、IP等登录信息结合起来综合分析，提高了移动应用的系统安全，保障了用户信息安全；按规则配置自动对异常对象进行预警通知和锁定，提升了运维效率，系统的安全监控和维护更简单。The method and system for detecting mobile application login logs provided by the embodiments of the present invention are independent of the deployment of the third-party mobile application system that needs to be accessed, and the access is simple; Discover wrong logins and abnormal logins, effectively prevent network security problems, and combine login information such as accounts, devices, and IPs to comprehensively analyze, improve the system security of mobile applications, and ensure user information security; Early warning notification and locking are carried out, which improves the efficiency of operation and maintenance, and makes the security monitoring and maintenance of the system easier.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，根据这些附图获得其他的附图仍属于本发明的范畴。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention, and for those of ordinary skill in the art, obtaining other drawings according to these drawings still belongs to the scope of the present invention without any creative effort.

图1为本发明提供的移动应用登录日志的检测方法的一个实施例的主流程示意图。FIG. 1 is a schematic diagram of the main flow of an embodiment of a method for detecting a mobile application login log provided by the present invention.

图2为本发明提供的移动应用登录日志的检测方法的数据采集存储示意图。FIG. 2 is a schematic diagram of data collection and storage of a method for detecting a mobile application login log provided by the present invention.

图3为本发明提供的移动应用登录日志的检测方法的规则分析示意图。FIG. 3 is a schematic diagram of rule analysis of the method for detecting mobile application login logs provided by the present invention.

图4为本发明提供的移动应用登录日志的检测方法的预警和锁定示意图。FIG. 4 is a schematic diagram of early warning and locking of the detection method of the mobile application login log provided by the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚，下面将结合附图对本发明作进一步地详细描述。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings.

如图1所示，是出了本发明提供的移动应用登录日志的检测方法的一个实施例的主流程示意图，在本实施例中，所述方法包括如下步骤：As shown in FIG. 1 , it is a schematic diagram showing the main flow of an embodiment of a method for detecting a mobile application login log provided by the present invention. In this embodiment, the method includes the following steps:

步骤S1，登录安全监控服务提供多个上报接口用以上传登录操作的日志数据，第三方移动应用在登录时，选择其中一种上报接口上传所有登录操作的日志数据，发送到登录安全监控服务端；Step S1, the login security monitoring service provides multiple reporting interfaces for uploading log data of login operations. When logging in, the third-party mobile application selects one of the reporting interfaces to upload log data of all login operations, and sends the log data to the login security monitoring server. ;

登录安全监控服务采用SpringBoot+Hibernate+Dubbo+Shiro+MySQL+Redis架构设计，可以部署在单个或多个服务器上。The login security monitoring service adopts the SpringBoot+Hibernate+Dubbo+Shiro+MySQL+Redis architecture design and can be deployed on a single or multiple servers.

进一步在一个具体实施例中,所述登录操作日志数据包括操作时间、登录账户、设备编号、设备类型、登录IP、终端版本号、登录响应状态，所述登录操作日志数据通过rest或dubbo接口上传，第三方移动应用可根据本系统的情况选择合适的接口方式，每种接口方式均能达到相同的数据收集效果。Further in a specific embodiment, the login operation log data includes operation time, login account, device number, device type, login IP, terminal version number, login response status, and the login operation log data is uploaded through rest or dubbo interface. , the third-party mobile application can choose the appropriate interface method according to the situation of the system, and each interface method can achieve the same data collection effect.

在具体实施例中，如图2所示，登录安全监控服务采取java异步多线程方式将接收到的日志数据，按操作时间、登录账户、设备编号、设备类型、登录IP、终端版本号、登录响应状态相关信息进行数据格式和类型的统一整编，并将整编后的模型数据按时间分类保存到mysql数据库中进行持久化存储。In a specific embodiment, as shown in Figure 2, the login security monitoring service adopts java asynchronous multi-threading method to receive log data, according to operation time, login account, device number, device type, login IP, terminal version number, login In response to status-related information, the data format and type are unified and reorganized, and the reorganized model data is sorted by time and saved to the mysql database for persistent storage.

根据整编后的数据内容，建立数据分析规则，定义以下各种算法模型，当各算法规则达到对应配置的条件被触发后，相关对象：账户、设备、IP被认定为异常，系统将控制预警和锁定模块发送预警通知并锁定对象。According to the reorganized data content, establish data analysis rules, define the following various algorithm models, when each algorithm rule reaches the corresponding configuration conditions and is triggered, the relevant objects: accounts, devices, IPs are identified as abnormal, and the system will control the early warning and The locking module sends alert notifications and locks objects.

分析规则有以下4种：There are four types of analysis rules:

登录失败账户规则，以登录账户为对象，以登录时间为统计范围，该账户登录失败总数为依据，当数据库中登录错误日志数据记录过多的错误次数时，即判定该账户有被破解的异常；The login failure account rule takes the login account as the object, the login time as the statistical scope, and the total number of login failures of the account as the basis. When the login error log data in the database records too many errors, it is determined that the account has been cracked abnormally. ;

具体实施例中，如图3所示，错误登录分析，基于错误登录日志，从用户角度，分析一段时间内用户登录的错误次数，如果存在过多的错误次数则判定账户异常；In a specific embodiment, as shown in Figure 3, the error login analysis, based on the error login log, from the user's point of view, analyzes the number of errors logged in by the user within a period of time, and if there are too many errors, it is determined that the account is abnormal;

步骤S4,如图4所示，根据错误登录分析和异常登录分析得出的结果，当存在错误或异常情况，对第三方应用进行发出预警或锁定。In step S4, as shown in FIG. 4, according to the results obtained by the error login analysis and the abnormal login analysis, when there is an error or abnormal situation, an early warning or lock is issued to the third-party application.

进一步在一个具体实施例中,预警：提供短信通知或应用通知的方式，将错误和预警信息及时准确发送给系统安全管理员。Further in a specific embodiment, early warning: provide a way of short message notification or application notification, and send error and early warning information to the system security administrator in a timely and accurate manner.

进一步在一个具体实施例中,锁定：锁定异常账户、设备或访问IP，如果用户未登录，则在下次登录时使其无法登录移动应用，并进行锁定提示，如果是在线用户，则使其强制退出移动应用。Further in a specific embodiment, lock: lock an abnormal account, device or access IP, if the user is not logged in, make it impossible to log in to the mobile application at the next login, and perform a lock prompt, if it is an online user, make it mandatory Exit the mobile app.

本发明还提供了一种移动应用登录日志的检测系统包括:登录日志采集模块，用于收集第三方移动应用所有的登录行为日志，提供给登录安全监控平台进行日志整编与数据持久化存储，同时将数据提交给数据分析模块进行分析；The present invention also provides a mobile application login log detection system, comprising: a login log collection module for collecting all login behavior logs of a third-party mobile application, and providing it to a login security monitoring platform for log compilation and data persistent storage, and at the same time Submit the data to the data analysis module for analysis;

进一步在一个具体实施例中,所述预警与锁定模块包括通知子模块，用于提供发送手机短信通知或第三方移动应用通知，系统配置选择一种或多种相结合的方式向安全管理员及时发送预警和锁定信息。Further in a specific embodiment, the early warning and locking module includes a notification sub-module, which is used to provide a notification of sending a mobile phone short message or a third-party mobile application notification, and the system configuration selects one or more combined methods to notify the security administrator in time. Send alerts and lockout messages.

进一步在一个具体实施例中,所述预警与锁定模块包括锁定子模块，用于对第三方移动应用进行锁定账户、锁定设备、锁定IP，当锁定发生后，当前用户正在使用的账户、手机设备、网络IP被系统判断为非法状态，未登录用户将不能登录到移动应用，已登录用户将强制退出应用。Further in a specific embodiment, the early warning and locking module includes a locking sub-module, which is used to lock the account, lock the device, and lock the IP of the third-party mobile application. , The network IP is judged as illegal by the system, users who have not logged in will not be able to log in to the mobile application, and users who have logged in will be forced to exit the application.

该系统还包括数据库，其为mysql数据库，用于存储被登录日志采集模块整编的实时数据和历史数据；存储数据分析模块建立的各种规则算法模型数据，以及分析和统计后的数据；存储预警与锁定模块发出的预警通知和锁定信息数据。The system also includes a database, which is a mysql database, used to store real-time data and historical data compiled by the log collection module; store various rule algorithm model data established by the data analysis module, as well as data after analysis and statistics; store early warning Alert notifications and lock information data issued by the lock module.

更多的细节，可以参照并结合前述对附图的描述，在此不进行详述。For more details, reference may be made to and combined with the foregoing description of the accompanying drawings, which will not be described in detail here.

本发明实施例提供的移动应用登录日志的检测方法及系统,独立于需要接入的第三方移动应用系统部署，并且接入简单；能有效对移动应用的所有登录情况进行实时记录与监控，及时发现错误登录和异常登录情况，有效预防网络安全问题，并将账户、设备、IP等登录信息结合起来综合分析，提高了移动应用的系统安全，保障了用户信息安全；按规则配置自动对异常对象进行预警通知和锁定，提升了运维效率，系统的安全监控和维护更简单。The method and system for detecting mobile application login logs provided by the embodiments of the present invention are independent of the deployment of the third-party mobile application system that needs to be accessed, and the access is simple; Discover wrong logins and abnormal logins, effectively prevent network security problems, and combine login information such as accounts, devices, and IPs to comprehensively analyze, improve the system security of mobile applications, and ensure user information security; Early warning notification and locking are carried out, which improves the efficiency of operation and maintenance, and makes the security monitoring and maintenance of the system easier.

以上所揭露的仅为本发明一种较佳实施例而已，当然不能以此来限定本发明之权利范围，因此依本发明权利要求所作的等同变化，仍属本发明所涵盖的范围。What is disclosed above is only a preferred embodiment of the present invention, and of course it cannot limit the scope of the rights of the present invention. Therefore, equivalent changes made according to the claims of the present invention are still within the scope of the present invention.