Information processing method and device, computer device and storage medium
By extracting interception attribute hit information, filtering target pass rates, and performing clustering and classification identification in information processing methods, the problem of inaccurate blacklists is solved, and the accuracy of spam interception is improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TENCENT TECHNOLOGY (SHENZHEN) CO LTD
- Filing Date
- 2022-09-02
- Publication Date
- 2026-06-12
AI Technical Summary
Existing spam blocking methods rely on blacklists that are not precise enough, resulting in low accuracy in both sender identification and spam blocking.
By obtaining the intercepted information from the reference application scenario, extracting the interception attribute hit information, filtering the target pass rate, performing clustering and classification identification, determining the blacklist object cluster, and intercepting information in the target application scenario.
It improves the accuracy of blacklisted object clusters and enhances the accuracy of spam interception.
Smart Images

Figure CN117014173B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network communication technology, and in particular to an information processing method, apparatus, computer equipment, storage medium, and computer program product. Background Technology
[0002] With the development of network communication technology, spam messages are frequently received during network communication. Currently, spam message blocking rules are typically pre-set to intercept spam messages sent by the sender. For example, a blacklist can be pre-set. When a message is received from a sender, it can be checked whether the sender is on the blacklist. If it is on the blacklist, it means the message sent by the sender is spam, and the message is blocked, thus preventing spam from being sent to the recipient. However, in new application scenarios, when using blacklists for spam message blocking, the initial blacklist is not accurate enough, leading to reduced accuracy in sender identification and consequently, lower accuracy in spam message blocking. Summary of the Invention
[0003] Therefore, it is necessary to provide an information processing method, apparatus, computer equipment, computer-readable storage medium, and computer program product that can improve the accuracy of target identification and thus improve the accuracy of information interception, in order to address the above-mentioned technical problems.
[0004] Firstly, this application provides an information processing method. The method includes:
[0005] Obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information;
[0006] Obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object based on the target pass rate;
[0007] Based on the interception attribute hit information of the intercepted sending objects of each target, the intercepted sending objects of each target are clustered to obtain each sending object cluster;
[0008] Obtain target interception information corresponding to the target application scenario, classify and identify each sending object cluster based on the target interception information, and obtain at least two types of object clusters, including blacklist object clusters;
[0009] The sending objects in the blacklist object cluster are used as the blacklist sending objects for the target application scenario, and the information is intercepted when the blacklist sending objects are detected in the target application scenario.
[0010] Secondly, this application also provides an information processing apparatus. The apparatus includes:
[0011] The attribute extraction module is used to obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information;
[0012] The filtering module is used to obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object based on the target pass rate;
[0013] The clustering module is used to cluster the intercepted sending objects of each target based on the interception attribute hit information corresponding to the intercepted sending objects of each target, so as to obtain each sending object cluster.
[0014] The identification module is used to obtain target interception information corresponding to the target application scenario, and classify and identify each sending object cluster based on the target interception information to obtain at least two types of object clusters, including blacklist object clusters.
[0015] The information interception module is used to identify the sending objects in the blacklist object cluster as blacklist sending objects in the target application scenario, and to intercept the information when the blacklist sending objects are detected in the target application scenario.
[0016] Thirdly, this application also provides a computer device. The computer device includes a memory and a processor, the memory storing a computer program, and the processor executing the computer program to perform the following steps:
[0017] Obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information;
[0018] Obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object based on the target pass rate;
[0019] Based on the interception attribute hit information of the intercepted sending objects of each target, the intercepted sending objects of each target are clustered to obtain each sending object cluster;
[0020] Obtain target interception information corresponding to the target application scenario, classify and identify each sending object cluster based on the target interception information, and obtain at least two types of object clusters, including blacklist object clusters;
[0021] The sending objects in the blacklist object cluster are used as the blacklist sending objects for the target application scenario, and the information is intercepted when the blacklist sending objects are detected in the target application scenario.
[0022] Fourthly, this application also provides a computer-readable storage medium. The computer-readable storage medium stores a computer program thereon, which, when executed by a processor, performs the following steps:
[0023] Obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information;
[0024] Obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object based on the target pass rate;
[0025] Based on the interception attribute hit information of the intercepted sending objects of each target, the intercepted sending objects of each target are clustered to obtain each sending object cluster;
[0026] Obtain target interception information corresponding to the target application scenario, classify and identify each sending object cluster based on the target interception information, and obtain at least two types of object clusters, including blacklist object clusters;
[0027] The sending objects in the blacklist object cluster are used as the blacklist sending objects for the target application scenario, and the information is intercepted when the blacklist sending objects are detected in the target application scenario.
[0028] Fifthly, this application also provides a computer program product. The computer program product includes a computer program that, when executed by a processor, performs the following steps:
[0029] Obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information;
[0030] Obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object based on the target pass rate;
[0031] Based on the interception attribute hit information of the intercepted sending objects of each target, the intercepted sending objects of each target are clustered to obtain each sending object cluster;
[0032] Obtain target interception information corresponding to the target application scenario, classify and identify each sending object cluster based on the target interception information, and obtain at least two types of object clusters, including blacklist object clusters;
[0033] The sending objects in the blacklist object cluster are used as the blacklist sending objects for the target application scenario, and the information is intercepted when the blacklist sending objects are detected in the target application scenario.
[0034] The aforementioned information processing method, apparatus, computer equipment, storage medium, and computer program product acquire intercepted information corresponding to a reference application scenario, and extract interception attribute hit information corresponding to each intercepted sending object based on the intercepted information; obtain the target passability corresponding to each intercepted sending object from the target application scenario, and filter by using the target passability of the target application scenario to obtain each target intercepted sending object. Then, cluster each target intercepted sending object using the interception attribute hit information of the reference application scenario, and classify and identify each sending object cluster using the target intercepted information of the target application scenario to determine the blacklist object cluster of the target application scenario, thereby improving the accuracy of obtaining the blacklist object cluster of the target application scenario. Finally, use the blacklist object cluster information for interception, thereby improving the accuracy of intercepting spam information in the target application scenario. Attached Figure Description
[0035] Figure 1 This is an application environment diagram of an information processing method in one embodiment;
[0036] Figure 2 This is a flowchart illustrating an information processing method in one embodiment;
[0037] Figure 3 This is a schematic diagram of the process for obtaining intercepted information in one embodiment;
[0038] Figure 4 This is a schematic diagram of the process for obtaining interception attribute hit information in one embodiment;
[0039] Figure 5 This is a schematic diagram illustrating the process of obtaining each sending object cluster in one embodiment;
[0040] Figure 6 This is a schematic diagram of the process for determining a blacklisted object cluster in one embodiment;
[0041] Figure 7 This is a flowchart illustrating the process of determining a whitelisted object cluster in one embodiment;
[0042] Figure 8 This is a flowchart illustrating an information processing method in a specific embodiment;
[0043] Figure 9 This is a schematic diagram of the framework of an information processing method in a specific embodiment;
[0044] Figure 10This is a schematic diagram illustrating an application scenario of an information processing method in a specific embodiment.
[0045] Figure 11 This is a structural block diagram of an information processing device in one embodiment;
[0046] Figure 12 This is an internal structural diagram of a computer device in one embodiment;
[0047] Figure 13 This is a diagram of the internal structure of a computer device in another embodiment. Detailed Implementation
[0048] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0049] The information processing method provided in this application embodiment can be applied to, for example... Figure 1 In the application environment shown, terminal 102 communicates with server 104 via a network. A data storage system can store the data that server 104 needs to process. The data storage system can be integrated onto server 104 or placed on the cloud or other servers. Server 104 obtains intercepted information corresponding to the reference application scenario, and extracts interception attribute hit information corresponding to each intercepted sending object based on the intercepted information; server 104 obtains the target pass rate corresponding to each intercepted sending object from the target application scenario, and filters each target intercepted sending object from the intercepted sending objects based on the target pass rate; server 104 clusters each target intercepted sending object based on the interception attribute hit information corresponding to each target intercepted sending object, obtaining each sending object cluster; server 104 obtains target intercepted information corresponding to the target application scenario, and classifies and identifies each sending object cluster based on the target intercepted information, obtaining at least two types of object clusters, including blacklist object clusters; server 104 uses the sending objects in the blacklist object clusters as blacklist sending objects for the target application scenario, and intercepts the information when it detects information sent by blacklist sending objects through terminal 102 in the target application scenario. The terminal 102 can be, but is not limited to, various personal computers, laptops, smartphones, tablets, IoT devices, and portable wearable devices. IoT devices can include smart speakers, smart TVs, smart air conditioners, and smart in-vehicle systems. Portable wearable devices can include smartwatches, smart bracelets, and head-mounted devices. The server 104 can be implemented using a standalone server or a server cluster consisting of multiple servers.
[0050] In one embodiment, such as Figure 2As shown, an information processing method is provided, which is applied to... Figure 1 Taking a server as an example, this method can also be applied to a terminal, or to a system including both a terminal and a server, and is implemented through the interaction between the terminal and the server. In this embodiment, the method includes the following steps:
[0051] Step 202: Obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information.
[0052] The "reference application scenario" refers to an application scenario where spam is intercepted in advance. This application scenario can be one where communication is possible, such as instant messaging, email, SMS, or telephone. Alternatively, it can be a scenario where communication is based on a single object, such as a personal application scenario. "Blocked information" represents the spam sent by each blocked sender in the reference application scenario, and can include the blocked sender and the corresponding spam. The blocked sender is the object that sent the blocked information. The sender can be a real object, such as a person, or a virtual object, such as an AI object or a virtual object. "Blocking attribute hit information" represents the number of times spam sent by the blocked sender matches various blocking attributes within a certain period. Blocking attributes are pre-set attributes used for information interception. Different spam messages sent by the blocked sender within a period can match different blocking attributes or match the same blocking attribute.
[0053] Specifically, the server can retrieve the intercepted information corresponding to the reference application scenario from the database, the business service provider, or the data service provider. Then, it can use this intercepted information to identify each intercepted object and obtain information on whether the intercepted information sent by each object matches the interception attribute. Next, based on the information on whether the intercepted information sent by the intercepted object matches the interception attribute, the server counts the number of intercepted messages blocked by each interception attribute to obtain the interception attribute hit information for that intercepted object. Finally, it iterates through all the intercepted objects to obtain the interception attribute hit information for each intercepted object.
[0054] Step 204: Obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object from each intercepted sending object based on the target pass rate.
[0055] The target application scenario refers to the application scenario where spam interception is performed after the reference application scenario. The target application scenario can be an application scenario involving communication between multiple objects; for example, the reference application scenario could be a group application scenario. The target application scenario and the reference application scenario are of the same type; for example, if the reference application scenario is a personal email application scenario, then the target application scenario could be a group email application scenario. The target pass rate refers to the degree to which information sent by the intercepted sender in the target application scenario is intercepted. A higher target pass rate indicates a lower probability that the information sent by the intercepted sender in the target application scenario will be intercepted. The target intercepted senders refer to the intercepted senders in the target application scenario, obtained by filtering the intercepted senders in the reference application scenario.
[0056] Specifically, the server can retrieve the target pass rate of all sending objects in the target application scenario from the database. Then, it matches each intercepted sending object with the sending objects in the target application scenario, using the target pass rate of the matching sending objects as the target pass rate for each intercepted sending object. Next, it filters out intercepted sending objects whose target pass rate exceeds a preset pass rate threshold, and uses the remaining intercepted sending objects as the final target intercepted sending objects. If no target pass rate is retrieved from the target application scenario, it means that the intercepted sending object has not yet sent any information. In this case, the target pass rate for the intercepted sending object is set to zero, or the intercepted sending object is directly identified as a target intercepted sending object.
[0057] Step 206: Based on the interception attribute hit information corresponding to the intercepted sending objects of each target, cluster the intercepted sending objects of each target to obtain each sending object cluster.
[0058] Here, the sending object cluster refers to the set of sending objects that the target has intercepted. Different sending object clusters are sets of sending objects that have been intercepted by different types of targets.
[0059] Specifically, the server uses a clustering algorithm to cluster the intercepted sending objects based on the interception attribute hit information corresponding to each target intercepted sending object, resulting in clusters of sending objects. The clustering algorithm can be a prototype clustering algorithm, density clustering algorithm, hierarchical clustering algorithm, model clustering algorithm, etc.
[0060] Step 208: Obtain the target interception information corresponding to the target application scenario, and classify and identify each sending object cluster based on the target interception information to obtain at least two types of object clusters, including blacklist object clusters.
[0061] In this context, "target intercepted information" refers to intercepted information within a specific timeframe within the target application scenario. An "object cluster" refers to a collection of objects after classification and identification. Each sending object cluster has a corresponding type, and each sending object cluster corresponds to one object cluster. Each sending object cluster exists in at least two types, including blacklisted object clusters or whitelisted object clusters. In one embodiment, it may also include suspected blacklisted object clusters, etc. A blacklisted object cluster is a collection of blacklisted objects, which are sending objects whose information needs to be intercepted. A whitelisted object cluster is a collection of whitelisted objects, which are normal sending objects.
[0062] Specifically, the server can obtain target interception information corresponding to the target application scenario from the database, or it can obtain target interception information corresponding to the target application scenario from the business side. Then, the target interception information is used to classify and identify each sending object cluster. This can be done by calculating the number of each historically intercepted sending object corresponding to the target interception information in each sending object cluster, and classifying and identifying the sending object clusters based on the number of historically intercepted sending objects in each sending object cluster. Sending object clusters with the number of historically intercepted sending objects exceeding a preset number can be classified as blacklisted object clusters, and sending object clusters with the number of historically intercepted sending objects not exceeding the preset number can be classified as whitelisted object clusters, thus obtaining the category corresponding to each sending object cluster, that is, obtaining at least two categories of object clusters.
[0063] Step 210: Use the sending objects in the blacklist object cluster as the blacklist sending objects of the target application scenario, and intercept the information when the blacklist sending objects are detected in the target application scenario.
[0064] The information sent by the blacklist sender refers to the communication information sent by the blacklist sender to the receiver. This communication information can be instant messaging messages, SMS messages, emails, etc.
[0065] Specifically, the server designates senders from the blacklisted object clusters within each sender cluster as blacklisted senders for the target application scenario. Then, when information sent by a blacklisted sender is detected in the target application scenario, the server intercepts the information, preventing it from being forwarded to the receiving object. The server can also roll back information sent by blacklisted senders.
[0066] The aforementioned information processing method involves obtaining intercepted information corresponding to a reference application scenario, extracting interception attribute hit information for each intercepted sender based on this information, obtaining the target pass rate for each intercepted sender in the target application scenario, and filtering by the target pass rate to obtain each target intercepted sender. Then, the interception attribute hit information from the reference application scenario is used to cluster each target intercepted sender, and the target intercepted information from the target application scenario is used to classify and identify each sender cluster, determining the blacklist object clusters of the target application scenario. This improves the accuracy of obtaining the blacklist object clusters of the target application scenario. Finally, the blacklist object cluster information is used for interception, thereby improving the accuracy of spam interception in the target application scenario.
[0067] In one embodiment, such as Figure 3 As shown, before step 202, before obtaining the intercepted information corresponding to the reference application scenario and extracting the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information, the following steps are also included:
[0068] Step 302: When the information to be detected sent by each sending object in the target time period is detected in the reference application scenario, the information to be detected sent by each sending object is intercepted and detected using the preset interception rules.
[0069] The target time period refers to the pre-set time frame for acquiring intercepted information. This time frame can be set according to needs, for example, it can be set to one month. The information to be detected refers to the information that needs to be intercepted and detected; this is the information that the sender needs to send to the receiver. The receiver is the object that receives the information sent by the sender. Pre-set interception rules refer to the pre-defined rules used to intercept spam, which can include scoring rules, machine learning model rules, URL (uniform resource locator) rules, etc. Using pre-set interception rules ensures high accuracy in interception.
[0070] Specifically, in the reference application scenario, the sending object sends communication information to the receiving object within a target time period. At this time, the server receives the communication information to be sent by the sending object, treats this information as information to be detected, and then uses preset interception rules to intercept and detect it. That is, it determines whether the information to be detected conforms to the preset interception rules. For example, it can determine whether the information to be detected contains keywords for keyword interception, or it can determine whether the information to be detected conforms to pre-set scoring rules for interception. All information to be detected sent by each sending object within the target time period is intercepted and detected sequentially. Alternatively, parallel threads can be used to perform parallel detection of all information to be detected sent by each sending object within the target time period to improve detection efficiency.
[0071] Step 304: When the target information to be detected sent by each sending object meets the preset interception rules, the target information to be detected is intercepted.
[0072] Among them, the target information to be detected refers to the information to be detected that conforms to the preset interception rules.
[0073] Specifically, the server determines that if the target information to be detected matches at least one of the preset interception rules, it indicates that the target information to be detected is spam, and in this case, the target information to be detected needs to be intercepted. The preset interception rules include various different interception rules.
[0074] Step 306: Take the sending object corresponding to the target information to be detected as the intercepted object, and obtain the intercepted information based on the intercepted object and the target information to be detected.
[0075] Specifically, the server treats the sending object corresponding to each target information to be detected as an intercepted object, then obtains the intercepted information based on each intercepted object and the corresponding target information to be detected, and finally saves the intercepted information of the reference application scenario to the database.
[0076] In one embodiment, when the server obtains the intercepted information of the reference application scenario, it can directly extract the interception attribute hit information corresponding to each intercepted sending object, and then save the interception attribute hit information corresponding to each intercepted sending object to the database. When needed, the server can directly retrieve the interception attribute hit information corresponding to each intercepted sending object in the reference application scenario from the database.
[0077] In the above embodiments, by intercepting and detecting the information to be detected sent by each sending object in the reference application scenario through preset interception rules, the intercepted information of the reference application scenario is obtained, thereby improving the efficiency and accuracy of obtaining the intercepted information.
[0078] In one embodiment, such as Figure 4 As shown, step 202, which involves extracting the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information, includes:
[0079] Step 402: Merge the preset interception rules of the same type to obtain the interception attributes.
[0080] Specifically, the server merges rules of the same type from the preset blocking rules to obtain the corresponding blocking attributes, thus resulting in multiple blocking attributes. For example, the server merges DNS-related blocking rules into a DNS blocking attribute. The server merges rating-related blocking rules into a rating blocking attribute. The server can merge keyword-related blocking rules into a keyword blocking attribute, and so on. In one embodiment, each blocking type in the preset blocking types includes multiple blocking rules. The multiple blocking rules under the same blocking type are merged to obtain blocking attributes. The preset blocking types refer to the pre-set types used to block spam, which may include keyword blocking, feature string blocking, frequency blocking, sample blocking, DNS (Domain Name System) blocking, etc.
[0081] Step 404: Obtain the number of rule hits for each blocked object in the blocked information that matches the preset blocking rules.
[0082] The rule hit count refers to the number of times the information sent by the blocked object within the target time period matches each of the preset blocking rules. For example, if the number of times the information sent by the blocked object within the target time period matches blocking rule A is 2, then rule A has a hit count of 2.
[0083] Specifically, the server can directly retrieve from the database the number of rule hits for each blocked object in the preset blocking rules. The server can also retrieve this information from the business side. Furthermore, the server can access the blocking history for each blocked object and calculate the rule hit counts for each blocking rule from this history.
[0084] Step 406: Calculate the number of times the interception attribute is hit based on the number of rule hits, and obtain the interception attribute hit information corresponding to each intercepted sending object based on the interception attribute and the number of times the interception attribute is hit.
[0085] Here, the number of times an intercept attribute is hit refers to the sum of the number of times all intercept rules corresponding to the intercept attribute are hit.
[0086] Specifically, the server calculates the total number of hits for each interception rule used during the merging of interception attributes, thus obtaining the total number of hits for that interception attribute. The server can calculate the total number of hits for each interception attribute and then use each interception attribute and its corresponding hit count as the interception attribute hit information for that intercepted sending object. Each intercepted sending object has its own interception attributes and corresponding hit counts. In one embodiment, the total number of items in the information sent by each intercepted object within the target time period that match the interception rule corresponding to the interception attribute is used as the interception attribute hit information.
[0087] In the above embodiments, by calculating the number of rule hits and then calculating the number of interception attribute hits corresponding to the interception attribute, the accuracy of the interception attribute hit information is improved. Then, the interception attribute hit information is used for clustering, thereby improving the accuracy of clustering.
[0088] In one embodiment, step 204, obtaining the target pass rate corresponding to each intercepted sending object from the target application scenario, and filtering out each target intercepted sending object from the intercepted sending objects based on the target pass rate, includes the following steps:
[0089] In the target application scenario, obtain the total amount of information sent and the amount of information passed for each intercepted sending object; calculate the ratio of information passed to total information sent to obtain the target pass rate; and take the intercepted sending objects whose target pass rate does not exceed the preset pass rate threshold as each target intercepted sending object.
[0090] The total number of messages sent refers to the total number of messages intercepted from the sender within the target time period. For example, the total number of emails intercepted from sender A within a month, or the total number of instant messaging messages intercepted from sender A within a month. The total number of messages transmitted refers to the total number of messages intercepted from the sender and transmitted to the receiver within the target time period. For example, the total number of emails intercepted from sender A within a month, or the total number of instant messaging messages intercepted from sender A within a month.
[0091] Specifically, the server obtains the total number of messages sent and the amount of messages transmitted for each intercepted sender in the target application scenario within a target time period. It then calculates the ratio of the amount of messages transmitted to the total number of messages sent, using this ratio as the target pass rate. Intercepted senders whose target pass rate does not exceed a preset threshold are then identified as target intercepted senders. In one embodiment, the server can also obtain the number of complaints received by each intercepted sender in the target application scenario within the target time period. Based on the number of complaints and the total number of messages sent, the server calculates the number of normal messages, calculates the ratio of normal messages to the total number of messages sent, and then performs a weighted calculation based on the ratio of the amount of messages transmitted to the total number of messages sent and the ratio of the number of normal messages to the total number of messages sent, to obtain the target pass rate. Intercepted senders whose target pass rate does not exceed a preset threshold are then identified as target intercepted senders, thereby improving the accuracy of obtaining each target intercepted sender.
[0092] In one embodiment, step 204, which involves filtering each intercepted sending object from the various intercepted sending objects based on the target's passability, includes the following steps:
[0093] Based on the target's pass rate, each candidate intercepted sending object is obtained from the intercepted sending objects; the total number of times each candidate intercepted sending object has been intercepted is obtained, and based on the total number of interceptions, each target intercepted sending object is obtained from the candidate intercepted sending objects.
[0094] Among them, candidate intercepted transmission objects refer to the intercepted transmission objects obtained after filtering using the target pass rate. The total number of interceptions is used to characterize the total number of times the information sent by the candidate intercepted transmission objects was intercepted.
[0095] Specifically, the server first filters based on the target pass rate, removing intercepted packets that exceed a pre-defined pass threshold. The remaining intercepted packets are then designated as candidate intercepted packets. Further filtering of these candidate intercepted packets involves obtaining the total number of interceptions for each packet. Candidate intercepted packets with a total number of interceptions below a threshold are removed. The remaining candidate intercepted packets are then designated as target intercepted packets. For example, candidate intercepted packets with only one interception are removed. This process avoids false interceptions and improves the accuracy of the obtained target intercepted packets.
[0096] In one embodiment, such as Figure 5As shown, in step 206, based on the interception attribute hit information corresponding to each target's intercepted sending object, the intercepted sending objects of each target are clustered to obtain each sending object cluster, including:
[0097] Step 502: Obtain the number of interception levels, and select the interception attribute hit information of the number of interception levels as the cluster center from the interception attribute hit information corresponding to the intercepted sending objects of each target.
[0098] The number of interception levels refers to the number of interception levels used to characterize the maliciousness of intercepted messages. A higher interception level indicates a more malicious message. This interception level can be set according to requirements. Targets with the same interception level are in the same object cluster. Targets in each object cluster have the same interception level, while different object clusters may correspond to different interception levels.
[0099] Specifically, the server can obtain the number of interception levels. For example, if there are 5 interception levels pre-set, then the number of interception levels is 5. In this case, the number of interception levels is directly used as the number of cluster centers during clustering. Then, the interception attribute hit information corresponding to the number of cluster centers is selected from the interception attribute hit information corresponding to the intercepted sending objects of each target, thus obtaining the interception attribute hit information corresponding to the cluster centers. This can be done by randomly selecting the interception attribute hit information or by obtaining specified interception attribute hit information according to the settings.
[0100] Step 504: Calculate the similarity between the interception attribute hit information of each target intercepted sending object and the cluster center, and divide each target intercepted sending object based on the similarity to obtain each initial sending object cluster.
[0101] The similarity score characterizes the similarity between the intercepted attribute hit information and the intercepted attribute hit information of the cluster center. The higher the similarity score, the closer the intercepted attribute hit information belongs to the cluster to which the cluster center belongs. The initial sending object cluster refers to the sending object cluster obtained from the initial partitioning.
[0102] Specifically, the server uses a similarity algorithm to calculate the similarity between the intercepted attribute hit information corresponding to each intercepted sending object and the intercepted attribute hit information corresponding to each cluster center. The similarity algorithm can be a distance similarity algorithm, cosine similarity algorithm, etc. Then, the cluster center corresponding to the maximum similarity is selected, and the intercepted sending objects are assigned to the cluster to that cluster center. This process is repeated for each intercepted sending object until all initial sending object clusters are obtained.
[0103] Step 506: Update the cluster center based on the interception attribute hit information of each target intercepted sending object in each initial sending object cluster to obtain the updated cluster center;
[0104] Step 508 involves updating the cluster center as the cluster center and returning the similarity between the interception attribute hit information corresponding to each target intercepted sending object and the cluster center. Based on the similarity, each target intercepted sending object is divided to obtain each initial sending object cluster. This process is iteratively executed until the clustering completion condition is met, and each sending object cluster is obtained.
[0105] Here, "updated cluster centers" refers to the updated cluster centers. "Clustering completion conditions" refers to the conditions under which clustering ends, including but not limited to no (or minimum number) objects being reassigned to different clusters, no (or minimum number) cluster centers changing again, and a local minimum of the sum of squared errors.
[0106] Specifically, the server updates the cluster centers based on the interception attribute hit information corresponding to the intercepted targets in each initial sending object cluster. This can be achieved by calculating the average of the interception attribute hit information for each intercepted target in the initial sending object cluster and using this average as the updated cluster center. Then, the updated cluster centers are used to recalculate the clustering, meaning the updated cluster centers are used as the new cluster centers, and the similarity between the interception attribute hit information for each intercepted target and the new cluster centers is calculated. Based on this similarity, the intercepted targets are divided into clusters, and this process is iteratively executed until the clustering completion condition is met, resulting in the final sending object clusters.
[0107] In the above embodiments, by calculating the similarity between the interception attribute hit information corresponding to each target intercepted sending object and the cluster center, and then using the similarity to perform clustering and continuously iterating, each sending object cluster can be obtained, thereby improving the accuracy of the obtained sending object clusters.
[0108] In one embodiment, step 206, clustering the intercepted sending objects of each target based on the interception attribute hit information corresponding to each intercepted sending object to obtain each sending object cluster, includes the following steps:
[0109] Obtain the attribute information corresponding to the intercepted sending objects of each target, and cluster the intercepted sending objects of each target based on the attribute information and the interception attribute hit information to obtain the sending object clusters of each target.
[0110] Among them, attribute information refers to the basic attributes corresponding to the sending object. These basic attributes may include communication address, object name, object identity, similar samples of sending object information, etc. Different sending objects may have different attributes, and different sending objects may also have the same attributes.
[0111] Specifically, after the server grants authorization to the intercepted sending object, it can retrieve and use the corresponding attribute information of the intercepted sending object from the database. At this point, the server can use the attribute information and interception attribute hit information to cluster the intercepted sending objects using a clustering algorithm. Specifically, the attribute information can be converted into attribute vectors, and the interception attribute hit information can be converted into interception attribute hit vectors. The attribute vectors and interception attribute hit vectors are then merged to obtain a merged vector. This merged vector is then used to cluster the intercepted sending objects, resulting in clusters of intercepted sending objects.
[0112] In one embodiment, the server can also obtain the message type profile, message pass profile, and interception attribute hit information of each intercepted sending object to cluster each intercepted sending object, obtaining each sending object cluster. The message type profile is used to characterize the message type sent by the intercepted sending object. The message pass profile is used to characterize the pass rate of the message sent by the intercepted sending object.
[0113] In the above embodiments, clustering of each intercepted target is performed by using various different information about the intercepted target, thereby obtaining clusters of target targets, which improves the accuracy of clustering. Then, the clusters of target targets are used for classification and identification to obtain blacklisted object clusters, thereby improving the accuracy of the obtained blacklisted object clusters.
[0114] In one embodiment, such as Figure 6 As shown, step 208 involves classifying and identifying each sending object cluster based on the target interception information, resulting in at least two types of object clusters. These object clusters include blacklisted object clusters, which include:
[0115] Step 602: Identify each historically intercepted sending object from the target intercepted information.
[0116] Here, "historically intercepted sending objects" refers to the sending objects in the target application scenario whose sending information has been intercepted in the past. The target intercepted information includes each historically intercepted sending object and its corresponding historically intercepted sending information.
[0117] Specifically, the server can find each historically intercepted sending object from the target intercepted information. For example, the target intercepted information can be stored in a database as a list, and the server can find each historically intercepted sending object corresponding to the sending object column from the target intercepted information list in the database.
[0118] Step 604: Calculate the intersection of each historically intercepted sending object with the sending object of the current sending object cluster in each sending object cluster, and obtain the interception intersection object set corresponding to the current sending object cluster.
[0119] Here, the current sending object cluster refers to the sending object cluster that is currently being classified and identified. The intercepted intersection object set refers to the set of sending objects that coexist in the sending object cluster and in various historically intercepted sending objects.
[0120] Specifically, the server matches each historically intercepted send object with the send objects in the current send object cluster. When a matching send object is found, it is included in the intercept intersection object set corresponding to the current send object cluster. All matching send objects constitute the intercept intersection object set corresponding to the current send object cluster. The server iterates through each send object cluster, matching each historically intercepted send object with the send objects in each cluster, and then including the matching send objects in the intercept intersection object set. After matching, the server obtains the intercept intersection object set corresponding to each send object cluster.
[0121] Step 606: Calculate the intersection ratio based on the intercepted intersection object set and the current sending object cluster to obtain the target intercept ratio corresponding to the current sending object cluster.
[0122] The target interception ratio characterizes the proportion of sending objects in the intercepted intersection object cluster to the total number of sending objects in the sending object cluster. A higher target interception ratio indicates that the sending object cluster contains more intercepted sending objects, meaning a higher probability that the sending object cluster is a blacklisted sending object cluster.
[0123] Specifically, the server counts the number of cluster objects in the current sending object cluster and the number of intersection objects in the interception intersection object set corresponding to the current sending object cluster. Then, it calculates the ratio of the number of intersection objects to the number of cluster objects to obtain the target interception ratio for the current sending object cluster. The server can sequentially traverse each sending object cluster, that is, count the number of cluster objects in each sending object cluster and the number of intersection objects in the interception intersection object set corresponding to each sending object cluster. Then, it calculates the ratio of the number of intersection objects to the number of cluster objects to obtain the target interception ratio for each sending object cluster.
[0124] Step 608: When the target interception ratio exceeds the preset interception threshold, determine that the current sending object cluster is a blacklist object cluster.
[0125] The preset interception threshold refers to a pre-set threshold used to characterize the sending pair as a blacklisted object cluster. This preset interception threshold can be set according to requirements.
[0126] Specifically, the server compares the target interception ratio with a preset interception threshold. When the target interception ratio exceeds the preset threshold, it indicates that the proportion of senders in the current sender cluster that are the same as the senders of the intercepted information is high. In this case, the current sender cluster is determined to be a blacklisted cluster. When the target interception ratio does not exceed the preset interception threshold, the current sender cluster is determined to be a whitelisted cluster.
[0127] In one embodiment, when the target interception ratio is within the range of a preset whitelist threshold and a preset interception threshold, and the preset whitelist threshold is less than the preset interception threshold, the current sending object cluster is determined to be a suspected blacklist object cluster. Furthermore, when the target interception ratio is less than the preset whitelist threshold, the current sending object cluster is determined to be a whitelist object cluster.
[0128] In the above embodiments, the intersection ratio is calculated based on the intercepted intersection object set and the current sending object cluster to obtain the target interception ratio corresponding to the current sending object cluster. Then, when the target interception ratio exceeds the preset interception threshold, the current sending object cluster is determined to be a blacklist object cluster, thereby improving the accuracy of the obtained blacklist object cluster. That is, the sending object cluster can be automatically classified and identified, so there is no need to label the clusters, which improves efficiency.
[0129] In one embodiment, such as Figure 7 As shown, the information processing method also includes:
[0130] Step 702: Obtain the target approval information corresponding to the target application scenario. The target approval information includes the target approval sent objects for each target.
[0131] Among them, the target has passed information refers to the information used to characterize that each target in the target application scenario has been sent through the sending object, which may include each target has passed the sending object and the corresponding sent information. The target has passed the sending object means that the sent information has been sent to the sending object of the receiving object.
[0132] Specifically, the server can obtain target approval information corresponding to the target application scenario from the database, from the business side, or from the target application scenario uploaded by the terminal. Then, it can determine the target that has been approved for transmission from this target approval information.
[0133] Step 704: Calculate the intersection of the sent objects of each target with the sent objects of the current sent object cluster in each sent object cluster, and obtain the intersection object set corresponding to the current sent object cluster.
[0134] Among them, the intersection object set refers to the set of sending objects that exist in the sending object cluster and the sending objects that exist in the sending objects of each target.
[0135] Specifically, the server matches each target's sent object with the sent objects in the current sent object cluster. When a matching sent object exists, it is included in the intersection set of sent objects for the current sent object cluster. All matching sent objects constitute the intersection set of sent objects for the current sent object cluster. The server iterates through each sent object cluster, matching each target's sent object with the sent objects in each cluster, and then including the matching sent objects in the intersection set. After matching, the server obtains the intersection set of sent objects for each sent object cluster.
[0136] Step 706: Based on the intersection ratio calculation of the intersection object set and the current sending object cluster, the target passing ratio corresponding to the current sending object cluster is obtained.
[0137] The target pass rate characterizes the proportion of objects sent through the intersection object set relative to the total number of objects sent within the sent object cluster. A higher target pass rate indicates a higher probability that the sent object cluster is a whitelisted sent object cluster.
[0138] Specifically, the server counts the number of cluster objects in the current sending object cluster and the number of intersection objects corresponding to the current sending object cluster that are sent through the intersection object set. Then, it calculates the ratio of the number of intersection objects to the number of cluster objects to obtain the target pass rate for the current sending object cluster. The server can iterate sequentially or calculate the target pass rate for each sending object cluster in parallel, i.e., count the number of cluster objects in each sending object cluster and the number of intersection objects corresponding to the sending object cluster that are sent through the intersection object set. Then, it calculates the ratio of the number of intersection objects to the number of cluster objects to obtain the target pass rate for each sending object cluster.
[0139] Step 708: When the target pass rate exceeds the preset pass threshold, determine that the current sending object cluster is a whitelist object cluster.
[0140] The preset pass threshold refers to a pre-set threshold used to characterize the sending of data to whitelisted object clusters. This preset pass threshold can be set according to requirements.
[0141] Specifically, the server compares the target pass rate with a preset pass threshold. When the target pass rate exceeds the preset pass threshold, it indicates that the current sending object cluster is highly likely to be a normal sending object in the target application scenario. In this case, the current sending object cluster is determined to be a whitelisted object cluster. When the target interception rate does not exceed the preset interception threshold, the current sending object cluster is determined to be a blacklisted object cluster.
[0142] In the above embodiments, by obtaining the target approved information corresponding to the target application scenario, and then using the target approved information to classify and identify each sending object cluster, a blacklist object cluster can be obtained, thereby improving the accuracy of the obtained blacklist object cluster.
[0143] In one embodiment, the information processing method further includes the steps of:
[0144] Obtain the attribute information of each blacklist sending object in the target application scenario within the blacklist object cluster. Based on the attribute information of each blacklist sending object in the target application scenario, extract common attributes to obtain blacklist common attribute information. Obtain the attribute information of the sending object to be identified in the target application scenario. When the sending object to be identified contains blacklist common attribute information in the attribute information of the sending object to be identified in the target application scenario, determine that the sending object to be identified is a blacklist sending object.
[0145] Shared attribute information in the blacklist refers to information about common attributes shared by different blacklist senders. For example, if different blacklist senders use the same communication address when sending messages, then that communication address is considered a shared attribute. The sender to be identified refers to the sender whose membership in the blacklist needs to be determined.
[0146] Specifically, the server can retrieve attribute information of each blacklisted sending object in the target application scenario from the database. Then, it counts the common attributes among the attribute information of each blacklisted sending object to obtain shared blacklist attribute information. When classifying and identifying a sending object to be identified, the server can retrieve the attribute information of the sending object to be identified in the target application scenario from the database, the attribute information of the sending object to be identified sent by the business party, or the attribute information of the sending object to be identified uploaded by the terminal. It then determines whether the attribute information of the sending object to be identified contains any attributes from the shared blacklist attribute information. If the attribute information of the sending object to be identified contains any attributes from the shared blacklist attribute information in the target application scenario, it indicates that the sending object to be identified is a blacklisted sending object. In one embodiment, the server can also consider the shared attribute information as having more than a preset number of blacklisted sending objects with the same attribute.
[0147] In the above embodiments, by using blacklist shared attribute information to identify the sending object, the diffusion identification of shared attributes is realized, thereby improving the coverage of identification.
[0148] In one embodiment, the information processing method further includes the steps of:
[0149] Obtain the target interception attribute hit information of the target sending object in the reference application scenario, and calculate the similarity between the target interception attribute hit information and each sending object cluster; when the similarity exceeds a preset threshold, the sending object cluster exceeding the preset threshold is taken as the target sending object cluster corresponding to the target sending object; when the target sending object cluster is a blacklisted object cluster, the target sending object is determined to be a blacklisted sending object.
[0150] Among them, the interception attribute hit information to be identified refers to the interception attribute hit information corresponding to the sending object to be identified.
[0151] Specifically, when the target object to be identified exists in the reference application scenario, the server can directly obtain the target interception attribute hit information of the reference application scenario. Then, it calculates the similarity between the target interception attribute hit information and each cluster of sending objects. A similarity algorithm can be used to calculate the similarity between the target interception attribute hit information and the cluster center corresponding to each cluster of sending objects. The similarity is then compared to a preset threshold. When the similarity exceeds the preset threshold, the cluster of sending objects exceeding the threshold is designated as the target sending object cluster. If the target sending object cluster is a blacklisted cluster, the target sending object is determined to be a blacklisted sending object. If the target sending object cluster is a whitelisted cluster, the target sending object is determined to be a whitelisted sending object.
[0152] In the above embodiments, the similarity between the target interception attribute hit information and each sending object cluster is calculated, and when the similarity exceeds a preset threshold, the sending object cluster exceeding the preset threshold is taken as the target sending object cluster corresponding to the sending object to be identified; when the target sending object cluster is a blacklisted object cluster, the sending object to be identified is determined to be a blacklisted sending object, thereby improving the efficiency of identifying sending objects.
[0153] In a specific embodiment, such as Figure 8 As shown, an information processing method, executed by a computer device, specifically includes the following steps:
[0154] Step 802: Obtain the information to be detected sent by each sending object in the target time period reference application scenario, and use preset interception rules to intercept and detect the information to be detected sent by each sending object. When there is target information to be detected in the information to be detected sent by each sending object that meets the preset interception rules, the target information to be detected is intercepted; the sending object corresponding to the target information to be detected is taken as the intercepted object, and the intercepted information is obtained based on the intercepted object and the target information to be detected.
[0155] Step 804: Merge the preset interception rules of the same type to obtain the interception attributes, obtain the rule hit count of each intercepted object in the intercepted information that conforms to the preset interception rules, calculate the interception attribute hit count corresponding to the interception attribute based on the rule hit count, and obtain the interception attribute hit information corresponding to each intercepted sending object based on the interception attributes and the interception attribute hit count.
[0156] Step 806: In the target application scenario, obtain the total amount of information sent and the amount of information passed for each intercepted sending object, calculate the ratio of the amount of information passed to the total amount of information sent, obtain the target pass rate, and take the intercepted sending objects whose target pass rate does not exceed the preset pass rate threshold as each target intercepted sending object.
[0157] Step 808: Based on the interception attribute hit information corresponding to the intercepted sending objects of each target, cluster the intercepted sending objects of each target to obtain each sending object cluster;
[0158] Step 810: Obtain the target intercepted information corresponding to the target application scenario, determine each historically intercepted sending object from the target intercepted information, calculate the intersection of each historically intercepted sending object with each sending object cluster, and obtain the intercepted intersection object set corresponding to each sending object cluster.
[0159] Step 812: Calculate the intersection ratio based on each interception intersection object set and its corresponding sending object cluster to obtain the target interception ratio for each sending object cluster. When the target interception ratio exceeds a preset interception threshold, the sending object cluster is determined to be a blacklist object cluster. When the target interception ratio does not exceed the preset interception threshold, the sending object cluster is determined to be a whitelist object cluster. Iterate through each sending object cluster to obtain the blacklist / whitelist classification and identification results for each sending object cluster.
[0160] Step 814: Use the sending objects in the blacklist object cluster as the blacklist sending objects of the target application scenario, and intercept the information when the blacklist sending objects are detected in the target application scenario.
[0161] In a specific embodiment, such as Figure 9The diagram illustrates a framework for an information processing method. Specifically, this method is applied to an email platform, which is used in both personal and enterprise application scenarios. In the personal application scenario, the email platform obtains blocked sender data from an individual's mailbox. This blocked sender data can be data from the past month, and it statistically analyzes the blocking types and rules that the emails sent by the blocked senders match. Multiple blocking rules under the same blocking type are then merged to obtain blocking attributes. The matching rate of each blocked sender to each blocking attribute is then calculated. For example, multiple different blocking rules (a, b, c, d, e) are merged to obtain a blocking attribute (X). During the calculation, if the blocked sender's data matches blocking rule a twice and blocking rule c three times, then the blocking attribute X for that sender is set to 5, obtaining the blocking attribute match information for that sender. Finally, based on the statistical values corresponding to each item in the blocking attribute set, i.e., the blocking attribute match information for the blocked sender, the sender's blocking profile data is determined. The email platform then obtains the target pass rate for each blocked sender in the target application scenario, which can be reflected by reputation scores. Senders with pass rates exceeding a certain threshold are then removed from the list of blocked senders, meaning those with good reputation behavior in the target application scenario are excluded, thus reducing the interference of false positives in candidate blacklist identification. At this point, the target blocked senders are obtained. K-means clustering is then used to cluster these target blocked senders, using their blocking attribute hit information. The number of cluster centers can be correlated with the blocking level. After clustering, sender clusters are obtained. These sender clusters are then further classified and identified. The email platform then obtains the target blocked information corresponding to the target application scenario, i.e., the historical blocked senders. The senders shared with each sender cluster among the historical blocked senders are then counted, and the proportion of senders shared with each cluster is calculated. When the proportion exceeds a preset blocking threshold, it indicates a high percentage of senders being blocked in the target application scenario, and this sender cluster is designated as a blacklist cluster. Senders within this cluster are blacklisted senders, who are malicious spammers. When the proportion is less than a preset passing threshold, it indicates a low percentage of senders being blocked in the target application scenario, and this sender cluster is designated as a whitelist cluster. Senders within this cluster are whitelisted senders. Then, common attribute diffusion identification of blacklisted senders is performed. This involves obtaining the attribute information of senders within the blacklist cluster and extracting their common attributes.At this point, when the sender to be detected is obtained, the attribute information of the sender to be detected is matched with the common attributes of blacklisted senders. If the attribute information of the sender to be detected contains the common attributes of blacklisted senders, it means that the sender to be detected is a blacklisted sender, thereby realizing attribute diffusion identification of blacklisted senders and improving coverage.
[0162] In a specific embodiment, such as Figure 10 The diagram illustrates an application scenario of an information processing method. Specifically, the email platform establishes a blacklist database offline. This is achieved by using personal email sender interception data to obtain the interception attribute hit information for each intercepted sender. Then, enterprise email sender reputation data (i.e., the target passability of each intercepted sender) is used to filter and obtain the target intercepted senders. Next, k-means clustering is used to cluster the target intercepted senders based on their interception attribute hit information, resulting in sender clusters. These clusters are then classified and identified using enterprise email sender interception data, resulting in blacklist clusters and whitelist clusters. The senders in the blacklist clusters are then stored in the enterprise email blacklist database. Alternatively, attribute diffusion identification can be performed to obtain blacklisted senders, which are also stored in the enterprise email blacklist database. When the email platform receives new emails, it first checks for spam through a spam detection system, i.e., it performs spam identification. This can be done by checking if the sender of a new email is on a blacklist. The result of this check allows you to determine whether to block the email. If the sender is on a blacklist, the email can be blocked, or it can be returned to the sender.
[0163] In one specific embodiment, the information processing method can also be applied to an SMS communication platform. Specifically: the SMS communication platform obtains blocked SMS messages corresponding to personal application scenarios, and extracts the interception attribute hit information corresponding to each blocked sender based on the blocked SMS messages; it obtains the target pass rate corresponding to each blocked sender from the enterprise application scenario, and filters out each target blocked sender based on the target pass rate; it clusters each target blocked sender based on the interception attribute hit information corresponding to each target blocked sender to obtain each sender cluster; it obtains the target blocked information corresponding to the enterprise application scenario, and classifies and identifies each sender cluster based on the target blocked information to obtain at least two types of object clusters, including blacklist object clusters; it uses the senders in the blacklist object clusters as blacklist senders in the enterprise application scenario, and blocks the SMS message when a blacklist sender is detected in the enterprise application scenario.
[0164] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.
[0165] Based on the same inventive concept, this application also provides an information processing apparatus for implementing the information processing method described above. The solution provided by this apparatus is similar to the implementation scheme described in the above method; therefore, the specific limitations in one or more information processing apparatus embodiments provided below can be found in the limitations of the information processing method described above, and will not be repeated here.
[0166] In one embodiment, such as Figure 11 As shown, an information processing device 1100 is provided, including: an attribute extraction module 1102, a filtering module 1104, a clustering module 1106, an identification module 1108, and an information interception module 1110, wherein:
[0167] The attribute extraction module 1102 is used to obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information;
[0168] The filtering module 1104 is used to obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter each target intercepted sending object from each intercepted sending object based on the target pass rate;
[0169] Clustering module 1106 is used to cluster the intercepted sending objects of each target based on the interception attribute hit information corresponding to the intercepted sending objects of each target, so as to obtain each sending object cluster.
[0170] The identification module 1108 is used to obtain target interception information corresponding to the target application scenario, and classify and identify each sending object cluster based on the target interception information to obtain at least two types of object clusters, including blacklist object clusters.
[0171] The information interception module 1110 is used to identify the sending objects in the blacklist object cluster as blacklist sending objects in the target application scenario, and to intercept the information when the blacklist sending objects are detected in the target application scenario.
[0172] In one embodiment, the information processing device 1100 further includes:
[0173] The intercepted information acquisition module is used to intercept and detect the information to be detected sent by each sending object within a target time period in the reference application scenario using preset interception rules; when the information to be detected sent by each sending object contains target information that matches the preset interception rules, the target information to be detected is intercepted; the sending object corresponding to the target information to be detected is taken as the intercepted object, and the intercepted information is obtained based on the intercepted object and the target information to be detected.
[0174] In one embodiment, the attribute extraction module 1102 is further configured to merge the preset interception rules into similar categories to obtain interception attributes; obtain the rule hit count of each intercepted object in the intercepted information that conforms to the preset interception rules; calculate the interception attribute hit count corresponding to the interception attribute based on the rule hit count, and obtain the interception attribute hit information corresponding to each intercepted sending object based on the interception attribute and the interception attribute hit count.
[0175] In one embodiment, the filtering module 1104 is further configured to obtain the total amount of information sent and the amount of information passed for each intercepted sending object in the target application scenario; calculate the ratio of the amount of information passed to the total amount of information sent to obtain the target pass rate; and take the intercepted sending objects whose target pass rate does not exceed the preset pass rate threshold as each target intercepted sending object.
[0176] In one embodiment, the filtering module 1104 is further configured to filter each candidate intercepted sending object from each intercepted sending object based on the target pass rate; obtain the total number of times each candidate intercepted sending object has been intercepted; and filter each candidate intercepted sending object from each candidate intercepted sending object based on the total number of times it has been intercepted to obtain each target intercepted sending object.
[0177] In one embodiment, the clustering module 1106 is further configured to obtain the number of interception levels and select the interception attribute hit information of the number of interception levels as cluster centers from the interception attribute hit information corresponding to each intercepted target sending object; calculate the similarity between the interception attribute hit information corresponding to each intercepted target sending object and the cluster centers, and divide each intercepted target sending object into clusters based on the similarity to obtain each initial sending object cluster; update the cluster centers based on the interception attribute hit information corresponding to each intercepted target sending object in each initial sending object cluster to obtain updated cluster centers; use the updated cluster centers as cluster centers, and return to iteratively execute the steps of calculating the similarity between the interception attribute hit information corresponding to each intercepted target sending object and the cluster centers, and dividing each intercepted target sending object into clusters based on the similarity to obtain each initial sending object cluster, until the clustering completion condition is met, and each sending object cluster is obtained.
[0178] In one embodiment, the clustering module 1106 is further configured to obtain attribute information corresponding to each target intercepted sending object, and cluster each target intercepted sending object based on the attribute information and interception attribute hit information to obtain each target sending object cluster.
[0179] In one embodiment, the identification module 1108 is further configured to determine each historically intercepted sending object from the target intercepted information; calculate the intersection of each historically intercepted sending object with the current sending object cluster in each sending object cluster to obtain the intercepted intersection object set corresponding to the current sending object cluster; calculate the intersection ratio based on the intercepted intersection object set and the current sending object cluster to obtain the target interception ratio corresponding to the current sending object cluster; and determine the current sending object cluster as a blacklist object cluster when the target interception ratio exceeds a preset interception threshold.
[0180] In one embodiment, the identification module 1108 is further configured to obtain target pass information corresponding to the target application scenario, the target pass information including each target pass sending object; calculate the intersection of each target pass sending object with the sending object of the current sending object cluster in each sending object cluster, to obtain the pass intersection object set corresponding to the current sending object cluster; calculate the intersection ratio based on the pass intersection object set and the current sending object cluster, to obtain the target pass ratio corresponding to the current sending object cluster; when the target pass ratio exceeds a preset pass threshold, determine the current sending object cluster as a whitelist object cluster.
[0181] In one embodiment, the information processing device 1100 further includes:
[0182] The attribute recognition module is used to obtain the attribute information of each blacklist sending object in the blacklist object cluster in the target application scenario, extract common attributes based on the attribute information of each blacklist sending object in the target application scenario to obtain blacklist common attribute information; obtain the attribute information of the sending object to be identified in the target application scenario, and when the sending object to be identified has blacklist common attribute information in the attribute information of the sending object to be identified in the target application scenario, the sending object to be identified is determined to be a blacklist sending object.
[0183] In one embodiment, the information processing device 1100 further includes:
[0184] The similarity identification module is used to obtain the target interception attribute hit information of the target sending object in the reference application scenario, calculate the similarity between the target interception attribute hit information and each sending object cluster; when the similarity exceeds a preset threshold, the sending object cluster exceeding the preset threshold is taken as the target sending object cluster corresponding to the target sending object; when the target sending object cluster is a blacklisted object cluster, the target sending object is determined to be a blacklisted sending object.
[0185] Each module in the aforementioned information processing device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device, or stored in the memory of a computer device as software, so that the processor can call and execute the operations corresponding to each module.
[0186] In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as follows: Figure 12 As shown, this computer device includes a processor, memory, input / output interfaces (I / O), and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operating system and computer programs stored in the non-volatile storage media. The database stores intercepted information corresponding to a reference application scenario, intercepted information and pass-through rate of the target application scenario, and blacklisted recipients for the target application scenario. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communicating with external terminals via a network connection. When executed by the processor, the computer program implements an information processing method.
[0187] In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as follows: Figure 13 As shown, the computer device includes a processor, memory, input / output interface, communication interface, display unit, and input device. The processor, memory, and input / output interface are connected via a system bus, and the communication interface, display unit, and input device are also connected to the system bus via the input / output interface. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The input / output interface is used for exchanging information between the processor and external devices. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, mobile cellular networks, NFC (Near Field Communication), or other technologies. When the computer program is executed by the processor, it implements an information processing method. The display unit of the computer device is used to form a visually visible image. It can be a display screen, a projection device, or a virtual reality imaging device. The display screen can be an LCD screen or an e-ink screen. The input device of the computer device can be a touch layer covering the display screen, or buttons, trackballs, or touchpads set on the casing of the computer device, or external keyboards, touchpads, or mice, etc.
[0188] Those skilled in the art will understand that Figure 12 or Figure 13 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0189] In one embodiment, a computer device is also provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above method embodiments.
[0190] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon that, when executed by a processor, implements the steps in the above method embodiments.
[0191] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the steps in the above method embodiments.
[0192] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data shall comply with the relevant laws, regulations and standards of the relevant countries and regions.
[0193] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, etc., and are not limited to these.
[0194] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0195] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.
Claims
1. An information processing method, characterized in that, The method includes: Obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information; Obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter out each target intercepted sending object based on the target pass rate; Based on the interception attribute hit information corresponding to the intercepted sending objects of each target, the intercepted sending objects of each target are clustered to obtain each sending object cluster; Obtain target interception information corresponding to the target application scenario, and classify and identify each sending object cluster based on the target interception information to obtain at least two types of object clusters, including blacklist object clusters; The sending objects in the blacklist object cluster are used as blacklist sending objects for the target application scenario, and when information sent by the blacklist sending objects is detected in the target application scenario, the information is intercepted.
2. The method according to claim 1, characterized in that, Before obtaining the intercepted information corresponding to the reference application scenario and extracting the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information, the method further includes: When the information to be detected sent by each sending object in the target time period is detected in the reference application scenario, the information to be detected sent by each sending object is intercepted and detected using a preset interception rule; When the target information to be detected sent by each of the sending objects matches the preset interception rule, the target information to be detected is intercepted. The sending object corresponding to the target information to be detected is taken as the intercepted object, and the intercepted information is obtained based on the intercepted object and the target information to be detected.
3. The method according to claim 2, characterized in that, The step of extracting the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information includes: The preset interception rules are merged into similar categories to obtain interception attributes; Obtain the number of rule hits for each blocked object in the blocked information that matches the preset blocking rule; The number of times the interception attribute is hit is calculated based on the number of times the rule is hit, and the interception attribute hit information corresponding to each intercepted sending object is obtained based on the interception attribute and the number of times the interception attribute is hit.
4. The method according to claim 1, characterized in that, The step of obtaining the target pass rate corresponding to each intercepted sending object from the target application scenario, and filtering each target intercepted sending object from the intercepted sending objects based on the target pass rate, includes: In the target application scenario, obtain the total amount of information sent and the amount of information passed by each intercepted sending object; Calculate the ratio of the amount of information passed to the total amount of information sent to obtain the target pass rate, and identify the intercepted sending objects whose target pass rate does not exceed a preset threshold as the respective target intercepted sending objects.
5. The method according to claim 1, characterized in that, The step of filtering each intercepted transmission target from the intercepted transmission targets based on the target's passability includes: Based on the target pass rate, each candidate intercepted sending object is obtained by filtering from each of the intercepted sending objects; Obtain the total number of times each candidate intercepted sending object has been intercepted, and filter from each candidate intercepted sending object based on the total number of intercepted sending objects to obtain each target intercepted sending object.
6. The method according to claim 1, characterized in that, The method of clustering the intercepted sending objects based on the interception attribute hit information corresponding to each intercepted sending object to obtain each sending object cluster includes: Obtain the number of interception levels, and select the interception attribute hit information of the number of interception levels as the cluster center from the interception attribute hit information corresponding to the intercepted sending objects of each target; Calculate the similarity between the interception attribute hit information corresponding to each target intercepted sending object and the cluster center, and divide each target intercepted sending object into each initial sending object cluster based on the similarity; The cluster centers are updated based on the interception attribute hit information corresponding to the intercepted sending objects in each initial sending object cluster, to obtain the updated cluster centers; The updated cluster center is used as the cluster center, and the similarity between the interception attribute hit information corresponding to each target intercepted sending object and the cluster center is returned. The intercepted sending objects of each target are divided based on the similarity to obtain each initial sending object cluster. The steps are iteratively executed until the clustering completion condition is met, and then each sending object cluster is obtained.
7. The method according to claim 1, characterized in that, The method of clustering the intercepted sending objects based on the interception attribute hit information corresponding to each intercepted sending object to obtain each sending object cluster includes: Obtain the attribute information corresponding to the intercepted sending objects of each target, and cluster the intercepted sending objects of each target based on the attribute information and the interception attribute hit information to obtain each target sending object cluster.
8. The method according to claim 1, characterized in that, The classification and identification of each sending object cluster based on the intercepted target information yields at least two types of object clusters, including blacklisted object clusters, comprising: Identify each historically intercepted sending object from the target interception information; Calculate the intersection of each historically intercepted sending object with the sending object of the current sending object cluster in each sending object cluster to obtain the interception intersection object set corresponding to the current sending object cluster; The intersection ratio is calculated based on the interception intersection object set and the current sending object cluster to obtain the target interception ratio corresponding to the current sending object cluster. When the target interception ratio exceeds a preset interception threshold, the current sending object cluster is determined to be a blacklisted object cluster.
9. The method according to claim 7, characterized in that, The method further includes: Obtain the target approval information corresponding to the target application scenario, wherein the target approval information includes the target approval sending objects for each target. Calculate the intersection of the sending objects of each target with the sending objects of the current sending object cluster in each sending object cluster, and obtain the intersection object set corresponding to the current sending object cluster; Based on the intersection ratio calculation of the intersection object set and the current sending object cluster, the target passing ratio corresponding to the current sending object cluster is obtained; When the target pass rate exceeds a preset pass threshold, the current sending object cluster is determined to be a whitelisted object cluster.
10. The method according to claim 1, characterized in that, The method further includes: Obtain the attribute information of each blacklist sending object in the blacklist object cluster in the target application scenario, and extract common attributes based on the attribute information of each blacklist sending object in the target application scenario to obtain blacklist common attribute information; Obtain the attribute information of the target object to be identified in the target application scenario. When the target object to be identified has the blacklist common attribute information in the attribute information of the target application scenario, determine that the target object to be identified is a blacklist target.
11. The method according to claim 1, characterized in that, The method further includes: Obtain the identification interception attribute hit information of the target sending object in the reference application scenario, and calculate the similarity between the identification interception attribute hit information and each group of sending objects; When the similarity exceeds a preset threshold, the cluster of sending objects that exceeds the preset threshold is taken as the target sending object cluster corresponding to the sending object to be identified; When the target sending object cluster is a blacklisted object cluster, the sending object to be identified is determined to be a blacklisted sending object.
12. An information processing device, characterized in that, The device includes: The attribute extraction module is used to obtain the intercepted information corresponding to the reference application scenario, and extract the interception attribute hit information corresponding to each intercepted sending object based on the intercepted information; The filtering module is used to obtain the target pass rate corresponding to each intercepted sending object from the target application scenario, and filter each target intercepted sending object from each intercepted sending object based on the target pass rate; The clustering module is used to cluster the intercepted sending objects of each target based on the interception attribute hit information corresponding to each intercepted sending object, so as to obtain each sending object cluster; The identification module is used to obtain target interception information corresponding to the target application scenario, and classify and identify each sending object cluster based on the target interception information to obtain at least two types of object clusters, including blacklist object clusters. The information interception module is used to identify the sending objects in the blacklist object cluster as blacklist sending objects of the target application scenario, and to intercept the information when the information sent by the blacklist sending object is detected in the target application scenario.
13. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 11.
14. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 11.
15. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 11.