A cheating identification method, system and device of an electronic scale and a storage medium
By generating a set of key input sequences for the electronic scale, calculating the trigger frequency and performing perturbation operations, and combining multi-rate verification and anomaly scoring models, the system identifies concealed cheating behaviors in the electronic scale, improving the efficiency and depth of cheating identification and solving the problem of difficulty in identifying complex and concealed cheating paths in existing technologies.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHANDONG MEASUREMENT SCI RES INST
- Filing Date
- 2025-08-12
- Publication Date
- 2026-07-10
AI Technical Summary
Existing electronic scale cheating detection technologies struggle to identify covert cheating behaviors that affect the accuracy of measurement results through specific operational procedures, resulting in low detection efficiency.
By generating a set of key input sequences for the electronic scale, calculating the trigger frequency, filtering out abnormal key sequences as suspicious paths, and performing perturbation operations, analyzing the status feedback data to identify cheating mechanisms with hidden paths, and combining a multi-rate verification mechanism and an anomaly scoring model to identify behavioral features.
It improves the efficiency of identifying covert cheating behaviors at the operational process level, enhances the depth of identification of complex cheating paths and the system's anti-evasion capability, and solves the problem of difficulty in identifying complex and covert cheating paths in existing technologies.
Smart Images

Figure CN121256287B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the technical field of measuring equipment inspection, specifically to a method, system, device, and storage medium for identifying cheating on electronic scales. Background Technology
[0002] With the rapid development of the retail, logistics, and trade industries, electronic scales, as a commonly used measuring device, are widely used in various scenarios such as weighing goods, transaction settlement, and data uploading. Modern electronic scales typically possess a certain degree of intelligence, not only performing basic weighing functions but also enabling various operations such as price setting, function switching, and network communication through built-in controllers, displays, and operation buttons.
[0003] Existing technologies identify cheating by monitoring and analyzing the operating data of electronic scales. For example, by setting a reasonable weight range and detecting abnormal weight fluctuations, suspicious cheating can be identified. However, existing electronic scale cheating detection technologies typically focus on detecting abnormal operations that directly tamper with measurement results. But some cheating behaviors are more subtle, not directly modifying measurement data, but affecting the accuracy of measurement results through specific operational procedures or state switching. This makes traditional cheating detection methods difficult to detect, thus reducing the efficiency of electronic scale cheating detection.
[0004] For example, Chinese Patent 2024102169094 discloses an "Anti-cheating System for Electronic Scales," authorized publication number CN117782290B. This system includes: an electronic scale data acquisition module for acquiring weighing data and electronic scale button data; an electronic scale processing information processing module for acquiring weighing data sequences, acquiring displayed weighing data, acquiring the abnormality of weighing data in each weighing process, and further acquiring the degree of button cheating in each weighing process; calculating the weighing cheating potential of the electronic scale; acquiring stable data values and stable data value sequences in the weighing data sequence, and calculating the stability standard; acquiring the data irregularity of each stable data value sequence based on the stability standard and stable data values; acquiring the data simulation degree of each weighing process based on the weighing data and data irregularity; acquiring the cheating risk degree of the electronic scale based on the data simulation degree and weighing cheating potential; and implementing anti-cheating measures for the electronic scale based on the cheating risk degree. Summary of the Invention
[0005] The purpose of this application is to provide a cheating detection method, system, device and storage medium for electronic scales that differs from existing technologies, in order to improve the cheating detection efficiency of electronic scales.
[0006] The first aspect of this application provides a method for identifying cheating on electronic scales, applied in a server. The method includes: acquiring key setting data, state response logic, operation sequence rules, and historical operation data of an electronic scale to be tested; generating a key input sequence set of the electronic scale to be tested based on the key setting data, the state response logic, and the operation sequence rules, wherein the key input sequence set is a collection of multiple key sequences, and the key sequence includes all possible combination key inputs, the state response logic corresponding to the combination key inputs, and operation sequence rules involving all the combination key inputs; calculating the trigger frequency of each key sequence in the historical operation data and setting a first preset threshold and a second preset threshold for the trigger frequency, wherein the first preset threshold is less than the second preset threshold; filtering key sequences with trigger frequencies lower than the first preset threshold and higher than the second preset threshold as first key sequences, and using the first key sequences as... Suspicious paths; based on the historical operation data, the suspicious paths are perturbed and modified to obtain a first key sequence set including multiple second key sequences, where each second key sequence includes multiple key nodes and perturbation points; the scale under test is controlled to execute key operations one by one according to each second key sequence in the first key sequence set to obtain status feedback data, which includes target status feedback data generated according to status response logic when each key input or combination key input corresponding to each second key sequence is operated; based on the target status feedback data, abnormal behavior identification is performed on the first key sequence set to determine the second key sequence set, and a third key sequence is determined based on the second key sequence set; if the third key sequence exists in the second key sequence set, it is determined that the scale under test has a cheating mechanism activated by a hidden path; otherwise, it is determined that the scale under test does not have the cheating mechanism.
[0007] Preferably, the step of perturbing the suspicious path based on historical operation data to modify the suspicious path and obtain a first key sequence set including multiple second key sequences specifically includes: determining the operation scenario of the electronic scale to be tested based on the historical operation data; counting the number of triggers of the suspicious path under different operation scenarios; identifying abnormal fluctuation paths in the suspicious path based on the number of triggers; analyzing the functional attributes, trigger frequency, and structural position of each key node in the abnormal fluctuation path; determining key nodes that meet preset perturbation conditions as perturbation points; perturbing the abnormal fluctuation path at the position of the perturbation point to generate multiple second key sequences and obtain the first key sequence set, specifically including: obtaining the position information of the perturbation point in the abnormal fluctuation path and the functional attributes of the perturbation point; and dividing the abnormal fluctuation path into a preorder based on the position information. The algorithm consists of a pre-sequence (preceding key inputs before the disturbance point) and a post-sequence (following key inputs after the disturbance point). A candidate key set is determined by filtering candidate keys that can replace the disturbance point at the functional level using a preset key-function mapping table and the functional attributes of the disturbance point. A second key sequence is obtained based on each candidate key in the candidate key set, the pre-sequence, and the post-sequence. Specifically, this includes: replacing the disturbance point with the candidate key one by one in the abnormal fluctuation path to obtain a first type of second key sequence; inserting the candidate key one by one between the pre-sequence and the post-sequence to obtain a second type of second key sequence; deleting the disturbance point and directly connecting the pre-sequence and the post-sequence to obtain a third type of second key sequence; and combining the first type of second key sequence, the second type of second key sequence, and the third type of second key sequence into the second key sequence.
[0008] Preferably, identifying abnormal fluctuation paths based on the number of triggers specifically includes: determining the operation scenario where the number of triggers for a suspicious path is not zero as the target operation scenario; and determining the suspicious path where the difference between the maximum and minimum target trigger counts in the same operation scenario is greater than a preset trigger threshold as the abnormal fluctuation path.
[0009] Preferably, based on the target state feedback data, abnormal behavior identification is performed on the first key sequence set to determine the second key sequence set, and a third key sequence is determined based on the second key sequence set. Specifically, this includes: analyzing the change characteristics of state change data in the target state feedback data; determining the abnormal type and degree of the target state feedback data through a preset expected state trajectory, wherein the state change data is the trajectory of the state parameters of the electronic scale under test changing over time; calculating the abnormal score value of the target state feedback data based on the abnormal type and the degree of abnormality; combining multiple second key sequences whose abnormal score values exceed a preset abnormal threshold and have the same abnormal type into a second key sequence set; performing an abnormality test on the second key sequences in the second key sequence set; and determining the second key sequence that passes the abnormality test as the third key sequence.
[0010] Preferably, the anomaly test of the second key sequence in the second key sequence set specifically includes: acquiring the state parameters of the electronic scale under test, the state parameters including a displayed value, a zeroing flag, and a stability flag; controlling the electronic scale under test to execute the second key sequence at a first preset rate to obtain first state parameter change data; controlling the electronic scale under test to execute the second key sequence at a second preset rate to obtain second state parameter change data; controlling the electronic scale under test to execute the second key sequence at a third preset rate to obtain third state parameter change data, wherein the first preset rate is less than the second preset rate, and the second preset rate is less than the third preset rate; analyzing the speed change value of the target state parameter change data that is stably read; if the speed change value is within a preset speed change range, then the second key sequence passes the anomaly test, and the target state parameter change data includes the first state parameter change data, the second state parameter change data, and the third state parameter change data; otherwise, the second key sequence fails the anomaly test.
[0011] A second aspect of this application provides a cheating detection system for electronic scales, comprising: an acquisition module for acquiring key setting data, state response logic, operation sequence rules, and historical operation data of an electronic scale to be tested; a generation module for generating a key input sequence set of the electronic scale to be tested based on the key setting data, the state response logic, and the operation sequence rules, wherein the key input sequence set is a collection of multiple key sequences, the key sequence including all possible combination key inputs, the state response logic corresponding to the combination key inputs, and the operation sequence rules involving all the combination key inputs; a calculation module for calculating the trigger frequency of each key sequence in the historical operation data and setting a first preset threshold and a second preset threshold for the trigger frequency, wherein the first preset threshold is less than the second preset threshold; filtering key sequences with trigger frequencies lower than the first preset threshold and higher than the second preset threshold as first key sequences, and identifying the first key sequences as suspicious paths; and a perturbation module. The system is configured to: a first key sequence set including multiple second key sequences, modified by perturbing the suspicious path based on the historical operation data; a control module for controlling the scale under test to execute key operations one by one according to each second key sequence in the first key sequence set, obtaining status feedback data, the status feedback data including target status feedback data generated according to status response logic when the key input or combination key input corresponding to each second key sequence is operated; an identification module for identifying abnormal behavior in the first key sequence set based on the target status feedback data, determining the second key sequence set, and determining the third key sequence based on the second key sequence set; and a judgment module for determining that the scale under test has a cheating mechanism activated by a hidden path if the third key sequence exists in the second key sequence set; otherwise, determining that the scale under test does not have the cheating mechanism.
[0012] A third aspect of this application provides a cheat detection device for an electronic scale, comprising one or more processors and a memory; the memory is coupled to the one or more processors, the memory being used to store computer program code, the computer program code including computer instructions, wherein the one or more processors invoke the computer instructions to cause the cheat detection device for the electronic scale to perform any of the methods described above.
[0013] A fourth aspect of this application provides a computer-readable storage medium storing instructions that, when executed, perform the method described in any of the preceding descriptions.
[0014] In summary, one or more technical solutions provided in this application have at least the following technical effects or advantages:
[0015] 1. By employing a method that integrates button setting data, status response logic, and operation sequence rules to generate the electronic scale's button input sequence set, the trigger frequency of each sequence can be calculated from historical operation data. The first button sequence with an abnormal trigger frequency is then identified as a suspicious path. This suspicious path is then perturbed to generate a first set of button sequences, which are executed one by one by the electronic scale to obtain status feedback data. This allows for the identification of behavioral characteristics of the perturbed path and ultimately determines whether a cheating mechanism based on hidden path activation exists. Through this process, concealed cheating behaviors at the operational level can be identified without relying on abnormal fluctuations in the measurement results themselves, thus improving the efficiency of electronic scale cheating detection.
[0016] 2. By determining the operating scenarios of the electronic scale based on historical operation data and statistically analyzing the trigger frequency of suspicious paths in different scenarios, paths triggering abnormal fluctuations are identified as abnormal fluctuation paths. This allows for the discovery of hidden abnormal operation trends from the differences in operational behavior across scenarios. Furthermore, by analyzing the functional attributes, trigger frequency, and structural position of each button node in the abnormal fluctuation path, button nodes that meet the disturbance conditions are identified as disturbance points. Based on the positional information of the disturbance points, the path is divided into a preceding sequence and a following sequence. Simultaneously, candidate buttons are selected based on functional attributes to construct multiple second button sequences, achieving structured disturbance of suspicious paths. Through the above process, not only is the ability to discover abnormal behavior at the path level enhanced, but the targeting and coverage of disturbance path generation are also improved. This, in turn, improves the system's efficiency in identifying cheating behavior disguised based on operational procedures, solving the problem in existing technologies of difficulty in identifying complex and concealed cheating paths.
[0017] 3. Based on the target state feedback data, the first key sequence set is analyzed to identify the changing characteristics of the state change data and further determine the anomaly type and degree, thereby achieving a quantitative assessment of the perturbation path behavior characteristics. A second key sequence set is formed by calculating anomaly scores and selecting second key sequence combinations with scores exceeding a preset anomaly threshold and of the same anomaly type. This expands the identification of suspicious paths from rule-based judgment to multi-dimensional screening based on feedback behavior. Furthermore, anomaly testing is conducted on the second key sequence set. Combined with the state parameters of the electronic scale, the second key sequence is executed at different preset rates, and state parameter change data is collected. The state response characteristics under rate changes are then compared and analyzed, and verification and screening are completed according to preset anomaly identification conditions, thereby determining the third key sequence capable of stably activating the abnormal state. The above process, by introducing a multi-rate verification mechanism and anomaly scoring model, improves the ability to identify the stability and typicality of path anomalies, solves the problem of lacking a means to determine the consistency of activated path behavior in existing technologies, and further enhances the depth of identification of complex cheating paths and the system's anti-evasion capability. Attached Figure Description
[0018] Figure 1 This is a schematic diagram of a system architecture applying an embodiment of this application;
[0019] Figure 2 This is a flowchart illustrating a method for identifying cheating with an electronic scale according to an embodiment of this application.
[0020] Figure 3 This is a flowchart illustrating the perturbation operation on a suspicious path in an embodiment of this application;
[0021] Figure 4 This is a schematic diagram of the structure of a cheating detection system for an electronic scale according to an embodiment of this application;
[0022] Figure 5 This is a schematic diagram of the structure of the electronic device in the embodiments of this application.
[0023] Explanation of reference numerals in the attached figures: 401, Acquisition module; 402, Generation module; 403, Calculation module; 404, Disturbance module; 405, Control module; 406, Identification module; 407, Judgment module; 501, Processor; 502, Communication bus; 503, User interface; 504, Network interface; 505, Memory. Detailed Implementation
[0024] To enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments.
[0025] Figure 1 An exemplary system architecture 100 is shown, which can be applied to an embodiment of a cheating detection method or a cheating detection system for an electronic scale according to this application.
[0026] like Figure 1 As shown, the system architecture 100 may include: an electronic scale terminal device 101, a network 102, and a server 103. The network 102 is used as a medium to provide a communication link between the electronic scale terminal device 101 and the server 103. The network 102 may include various connection types, such as wireless communication links or fiber optic cables, etc.
[0027] Users can perform a series of operations such as weighing, pricing, and printing through the electronic scale terminal device 101. The electronic scale terminal device 101 can be equipped with various functional modules, such as a key input module, a status response module, a data recording module, and a communication module.
[0028] The electronic scale terminal device 101 can be a hardware device, specifically including but not limited to: commercial electronic scales with display screens and button input functions, label scales with integrated printing modules, etc. In practical applications, the electronic scale can also be equipped with interface modules for connecting peripherals such as barcode scanners and cameras. The electronic scale terminal device 101 can be embedded with an embedded operating system and has data upload and remote control interfaces.
[0029] Server 103 can be a server system that provides cheating detection and behavior analysis services. Server 103 can analyze, model and detect the data uploaded by terminal device 101, and feed back the judgment results (such as the existence of suspicious behavior paths, judgment as cheating, etc.) to the terminal device or the back-end management system.
[0030] Network 102 acts as an intermediate layer to ensure smooth and stable data interaction between server 103 and electronic scale terminal device 101.
[0031] It should be noted that server 103 can be either hardware or software. When the server is hardware, it can be implemented as a distributed server cluster consisting of multiple servers, or as a single server. When the server is software, it can be implemented as multiple software programs or software modules (e.g., multiple software programs or software modules used to provide distributed services), or as a single software program or software module. No specific limitations are made here. Furthermore, to improve system response speed, the electronic scale terminal device 101 can have a local caching function to temporarily store some operational logic, detection model parameters, etc. It should be understood that... Figure 1 The number of electronic scale terminals, networks, and servers shown in the diagram is merely illustrative. Depending on actual deployment needs, any number of electronic scale terminals, networks, and servers can be included. In some embodiments, if the target analysis data originates from local storage, the system architecture may not even include a network module, consisting solely of the electronic scale terminals and the local server forming a closed-loop analysis system.
[0032] The system architecture, through the collaborative work of the electronic scale terminal device 101 and the server 103, utilizes the server's intelligent analysis of button logic, path frequency, and status feedback to realize the electronic scale cheating detection function based on hidden path recognition, providing technical assurance for the safety and compliance of commercial electronic scales.
[0033] Figure 2 This is a flowchart illustrating a method for identifying cheating on an electronic scale according to an embodiment of this application.
[0034] Please see Figure 2 This application discloses a method for identifying cheating with an electronic scale, applied in a server. The method includes:
[0035] S201. Obtain the button setting data, status response logic, operation sequence rules and historical operation data of the electronic scale to be tested;
[0036] In this embodiment, the button setting data refers to the function definitions corresponding to each physical button on the electronic scale, such as the control commands corresponding to buttons like "tare" and "zero". The button setting data is usually preset by the electronic scale manufacturer when the product leaves the factory. It can be obtained by extracting it from the manufacturer's technical documentation or by analyzing the button mapping table by reading the electronic scale's control firmware.
[0037] State response logic refers to the rules governing state changes of an electronic scale after receiving key input. For example, pressing the "Confirm" key in setting mode will proceed to the next parameter item, or pressing the "Tare" key in weighing mode will clear the tare value. This logic can be obtained through analysis of technical data such as state transition diagrams.
[0038] Operation sequence rules refer to the standardized order of key input followed by users during normal operation. For example, when setting prices, the "Set" key and then the number keys must be pressed in sequence. Operation sequence rules are generally derived from product manuals or user training materials, reflecting the standard operating procedures preset in the design of the electronic scale. Operation sequence rules can be obtained by analyzing user guides.
[0039] Historical operation data refers to the records of key inputs and status responses generated during the actual use of the electronic scale, including timestamps, key numbers, etc. It is typically recorded automatically by the electronic scale during operation and stored locally, or uploaded to the backend system in real time via external interfaces (such as serial communication). It can be retrieved from the electronic scale through log export, interface acquisition, or remote data collection.
[0040] S202. Based on the button setting data, status response logic, and operation sequence rules, generate a button input sequence set for the electronic scale to be tested. The button input sequence set is a collection of multiple button sequences. The button sequence includes all possible combination button inputs, the status response logic corresponding to the combination button inputs, and the operation sequence rules involving all combination button inputs.
[0041] To identify whether a cheating mechanism based on hidden path activation exists in the same model of electronic scale, it is necessary to generate a set of key input sequences for the electronic scale. The set of key input sequences serves as a data set covering all possible operation paths of the electronic scale.
[0042] During implementation, the physical buttons configured on the scale and their functional definitions are first determined based on the button setting data. The button setting data is typically preset by the scale manufacturer and specified in the product documentation, with each button corresponding to its specific functional logic. Subsequently, a state transition model for the scale is established based on the state response logic. This logic describes the system state changes that occur when the scale receives a specific button input. For example, pressing the "Set" button in the initial standby state will enter the parameter setting state; pressing the "Confirm" button in the parameter setting state will enter the next parameter setting stage. The state response logic can be obtained by analyzing the scale's control firmware, flowcharts, or through actual operation observation. Based on this logic, each system state of the scale is abstracted as a node, and each state change caused by a button input is abstracted as a directed edge, thus constructing the state transition model. After the state transition model is built, operation sequence rules are introduced as constraints for path generation. These operation sequence rules refer to the standard operation procedure sequence set based on the actual usage scenario of the scale. For example, when setting the unit price of a product, the "Set" button, "Number" key, and "Confirm" button must be pressed sequentially; when switching units, the "Unit" key must be pressed and confirmed. The operation sequence rules are derived from the electronic scale's user manual and product instructions, reflecting the standard operating path of the electronic scale under normal use scenarios. The technical function of the operation sequence rules is to restrict the path generation process to only logically reasonable key sequences.
[0043] Based on button setting data to form a button set, based on state response logic to construct a state transition model, and based on operation sequence rules to restrict path generation methods, the state transition model is traversed using a path traversal algorithm (such as depth-first or breadth-first traversal) under the synergistic effect of the above three types of data. This process gradually combines all legal button sequences starting from various functional initial states according to the operation sequence rules. Functional initial states include, but are not limited to, the default display state after the scale is powered on, the manual zeroing state, and the standby state after the power-on self-test, all of which are initial response states that may occur during the normal operation of the scale. Each button sequence consists of multiple buttons arranged in chronological order, constituting the complete input flow of the scale under a specific operation path. The final set of button input sequences covers all button paths executable in the scale's design logic, including both high-frequency conventional paths and potentially low-frequency but logically achievable combined paths.
[0044] S203. Calculate the trigger frequency of each key sequence in the historical operation data in the key input sequence set and set a first preset threshold and a second preset threshold for the trigger frequency. The first preset threshold is less than the second preset threshold. Filter key sequences with trigger frequencies lower than the first preset threshold and higher than the second preset threshold as first key sequences and use the first key sequences as suspicious paths.
[0045] After obtaining the set of key input sequences for the electronic scale, in order to identify potential cheating mechanisms based on hidden path activation, it is necessary to perform a usage frequency analysis on each key input sequence in the set. By statistically analyzing the trigger frequency of each key input sequence in historical operation data and combining it with a frequency threshold to determine whether it constitutes a suspicious path, a preliminary screening of irregular operating behaviors can be achieved.
[0046] In the specific implementation process, firstly, based on the set of key input sequences, each key input sequence is traversed sequentially. Each key input sequence consists of several keys pressed in the order of operation, representing a complete input path of the electronic scale under a specific functional logic, such as performing a tare operation, switching weighing units, entering parameter setting mode, or setting prices. Subsequently, each key input sequence is matched with historical operation data. By matching consecutive key inputs in the historical operation data with sequences in the key input sequence set, the number of times each key input sequence appears in the historical record is counted, which is the trigger frequency of the key input sequence.
[0047] For calculating the trigger frequency, a sliding window-based matching algorithm can be used. Specifically, a sliding window of the same length as the target key sequence is set in the historical operation data. The window position is gradually moved, and at each position, the key sequence within the window is compared with the target key input sequence one by one. If a complete match is found, it is counted as a trigger. By traversing the entire historical data, the trigger frequency of any key input sequence can be accurately calculated.
[0048] To identify abnormal paths that may be hidden in low-frequency or high-frequency operations, two frequency thresholds need to be set: a first preset threshold and a second preset threshold. The first preset threshold is used to identify paths with extremely low usage frequency, and the second preset threshold is used to identify paths with abnormally high usage frequency. Paths with a trigger frequency below the first preset threshold are usually rarely used in normal operation and may represent accidental touch paths; paths with a trigger frequency above the second preset threshold may be abnormally invoked duplicate paths, posing a risk of being exploited for abnormal function activation. Therefore, key input sequences that meet either of the above conditions are uniformly determined as the first key sequence and marked as suspicious paths.
[0049] The first and second preset thresholds can be set empirically based on the average daily usage frequency of the electronic scale, or obtained through statistical modeling of historical operation data from a large number of devices. For example, after obtaining historical operation data from multiple electronic scales of the same model, the trigger frequency of all key input sequences in each device can be statistically analyzed to construct a frequency distribution model. Suppose that during the statistical process, it is found that the trigger frequency of most key input sequences is concentrated between 10 and 100 times per day on each device, then the first preset threshold can be set as the frequency value corresponding to low-frequency paths that are triggered no more than twice per day, used to identify a very small number of operation paths that are called; at the same time, the second preset threshold can be set as the frequency value corresponding to high-frequency paths that are triggered more than 200 times per day, used to identify operation paths that are called a large number of times repeatedly.
[0050] S204. Based on historical operation data, perform perturbation operations on suspicious paths to modify them, thereby obtaining a first key sequence set including multiple second key sequences. The second key sequence includes multiple key nodes and perturbation points.
[0051] In one possible implementation, refer to Figure 3 This application embodiment illustrates the flowchart for perturbing a suspicious path. Perturbing the suspicious path based on historical operation data to obtain a first key sequence set may include steps S301 to S306:
[0052] S301. Determine the operating scenario of the electronic scale based on historical operating data;
[0053] To more accurately identify potential cheating behaviors based on hidden path activation during actual use of electronic scales, it is necessary to introduce contextual information at the operational semantic level on the basis of the identified suspicious paths, and determine whether these suspicious paths exhibit abnormal usage behavior in specific usage contexts.
[0054] The operational scenario refers to the typical business situation or functional stage in which the electronic scale is used in actual operation, such as "weighing goods" and "price setting". The button usage patterns and button sequence characteristics of the electronic scale differ significantly under different operational scenarios. For example, in the "weighing goods" scenario, function keys such as "tare" and "unit switching" are mainly triggered, while in the "setting parameters" scenario, it may involve multiple consecutive inputs, "setting", and "confirming" operation paths.
[0055] In practice, based on a large number of keystroke sequences recorded in historical operation data, combined with keystroke input timestamps, system status numbers, and functional attributes, supervised or rule-based operation scenario identification methods are used to classify the data. Operation scenario identification can be achieved in the following ways: First, a mapping relationship between keystroke input sequences and scenario labels is constructed. This mapping relationship can be obtained based on the manufacturer's preset functional process documents and the electronic scale's menu structure. Then, based on the structural characteristics and state transition trajectory of the current keystroke input sequence, the operation scenario to which the keystroke input sequence belongs is identified.
[0056] S302. Count the number of times suspicious paths are triggered in different operation scenarios;
[0057] After identifying the operational scenarios, the trigger frequency of suspicious paths in each scenario is counted. This is achieved by extracting the key input sequences corresponding to each identified operational scenario from historical operational data and comparing them with all suspicious paths, recording the actual number of times each suspicious path is triggered in each operational scenario. Specifically, historical operational data is grouped by scenario label, and key sequences within each group are iterated one by one. A sliding window approach is used to determine if a key input sequence completely matches any suspicious path; if a match is found, it is counted as a trigger. This process is repeated to obtain the trigger frequency matrix of all suspicious paths across all operational scenarios.
[0058] S303. Identify abnormal fluctuation paths in suspicious paths based on the number of triggers;
[0059] In this step, the system identifies paths with significantly higher-than-average trigger frequencies as abnormal fluctuation paths based on the trigger frequency of key input sequences in historical operation data. This step may also include the following steps:
[0060] S3031. Determine the operation scenario in which the number of triggers of the target suspicious path is not zero as the target operation scenario, and the target suspicious path is any suspicious path;
[0061] In step S3031, for each suspicious path, the operation scenarios that actually occurred in the historical data are filtered out, i.e., operation scenarios with a non-zero trigger count, and these are identified as target operation scenarios. Specifically, after completing the trigger count statistics for each suspicious path under each operation scenario, the trigger distribution records for each suspicious path are traversed to identify the set of operation scenarios with a trigger count greater than zero corresponding to the suspicious path, and this set of operation scenarios is marked as the target operation scenario set for the suspicious path. This process can be implemented by constructing a two-dimensional index table, with the horizontal axis representing the suspicious path identifier and the vertical axis representing the operation scenario type. By querying non-zero cells, the target operation scenario can be quickly located, eliminating irrelevant scenarios without actual triggering behavior and avoiding noise interference.
[0062] S3032. Suspicious paths in the same operation scenario where the difference between the maximum and minimum target trigger counts is greater than a preset trigger threshold are identified as abnormal fluctuation paths.
[0063] In step S3032, to further filter out suspicious target paths with abnormal behavior characteristics, the system determines whether the trigger frequency of the suspicious target path fluctuates significantly across different target operation scenarios based on the number of times the suspicious target path is triggered in different target operation scenarios. By quantifying the differences in the number of target triggers in each target operation scenario, paths that are frequently activated only in specific scenarios and almost never triggered in other scenarios are identified, thereby determining whether there is a possibility of potential abnormal calls, hidden function triggering, or paths being activated by unexpected processes.
[0064] In practical implementation, for each suspected target path, the system first extracts the number of target triggers for the suspected target path in each target operation scenario from a pre-constructed set of target operation scenarios, forming a set of target trigger counts. Then, it obtains the maximum and minimum target trigger counts from this set and calculates the difference between them (hereinafter referred to as the difference). The difference is used to measure the degree of fluctuation in the trigger frequency of the suspected target path in each target operation scenario. The system sets a preset trigger threshold as a benchmark for judging the difference. If the difference is greater than the preset trigger threshold, the suspected target path is identified as an abnormal fluctuation path. The preset trigger threshold is a numerical limit used to measure the degree of difference in trigger frequency of the suspected target path in different target operation scenarios. The preset trigger threshold is not arbitrarily specified but obtained through statistical analysis of historical operational data. Specifically, the system has accumulated a large amount of data on the triggering behavior of paths in various operation scenarios during historical periods. By statistically modeling the distribution of the difference of the suspected target paths, a typical range of the difference under normal behavior can be obtained. For example, methods such as mean plus standard deviation, 90th percentile, or cluster analysis can be used to extract a numerical upper limit that can cover the fluctuation range of most normal paths as a preset trigger threshold.
[0065] S304. Analyze the functional attributes, trigger frequency, and structural position of each button node in the abnormal fluctuation path.
[0066] In step S304, after identifying the abnormal fluctuation path, the system performs a comprehensive analysis of the functional attributes, trigger frequency, and structural position of each button node within the abnormal fluctuation path. Based on the path hierarchy, the system identifies the key nodes that cause the path-triggered fluctuations.
[0067] In practice, the system first traverses each abnormal fluctuation path, extracting all button nodes arranged in execution order. Then, the system analyzes the functional attributes of each node, determining its specific functional role within the system's functional hierarchy, such as whether it belongs to a setup, calibration, or maintenance process. This functional attribute analysis helps determine if the abnormal fluctuation path contains operational behaviors that are inconsistent with the current scenario's logic. For example, frequent appearances of configuration buttons in the main weighing process may indicate that the path has been triggered unexpectedly.
[0068] Next, the system calculates the trigger frequency of each key node, i.e., the number of times the key node is triggered by the user or the system in historical data. By comparing the trigger frequencies of each node in the path horizontally, it can identify abnormal patterns where specific key nodes are triggered in concentrated manner under specific usage scenarios. When the trigger frequency of a certain key node is significantly higher than that of other nodes in the same path, and this key node appears simultaneously in multiple identified abnormal fluctuation paths, it can be preliminarily determined that this key node is a high-risk trigger point causing abnormal fluctuations.
[0069] In addition, the system needs to analyze the structural position of each key node in the abnormal fluctuation path. The structural position of a key node in the abnormal fluctuation path is determined based on the execution order of the key nodes in the path. Analyzing the structural position helps to identify the role of the key node in the path execution logic, such as whether it is the start, jump point, or end of the path. Specific nodes that appear repeatedly at specific locations, especially abnormal nodes that appear at the beginning or end of the path, are often the direct trigger points for the path to be guided or terminated, and have important anomaly indication significance.
[0070] S305. Determine the button nodes that meet the preset disturbance conditions as disturbance points;
[0071] A disturbance point refers to a node in an abnormal fluctuation path whose behavioral characteristics (such as functional attributes and trigger frequency) meet specific conditions and may be the main node causing significant differences in path triggering behavior across different target operation scenarios. The system identifies disturbance points by setting preset disturbance conditions. These preset disturbance conditions are a set of judgment rules based on extensive historical data experience and behavioral analysis results, used to identify which button nodes may exhibit abnormal behavioral characteristics. For example, preset disturbance conditions may include: the node's functional attribute belonging to a non-main flow operation (such as settings or debugging); the node's trigger frequency ranking high in the abnormal fluctuation path; and the node's structural position being at the beginning of the path or a critical jump point.
[0072] When executing step S305, the system first traverses all key nodes in the abnormal fluctuation path, sequentially checking whether each node meets the aforementioned preset disturbance conditions. During the matching process, the system can employ a simple Boolean logic judgment mechanism: if a key node simultaneously meets two or more disturbance conditions (e.g., it belongs to a non-main flow operation and appears frequently in the path), it is marked as a disturbance point. The matching process can directly judge based on the key node attributes extracted in the previous step, without introducing complex models or additional calculations.
[0073] S306. Perturb the abnormal fluctuation path at the location of the disturbance point to generate multiple second key sequences and obtain the first key sequence set;
[0074] In step S306, based on the identified disturbance points, the original abnormal path is locally modified using a path mutation method, thereby generating a set of new key paths (i.e., a second key sequence) that may contain potential hidden logic. These mutated paths will be used in subsequent steps for feasibility verification and illegal state activation testing to further analyze whether the disturbance points have the actual ability to trigger abnormal behavior. As an optional embodiment, step S306 may also include the following steps:
[0075] S3061. Obtain the location information of the disturbance point in the abnormal fluctuation path and the functional attributes of the disturbance point;
[0076] In step S3061, after determining the disturbance point, the system further obtains the location information of each disturbance point in the abnormal fluctuation path and the functional attributes of the disturbance point.
[0077] In practical implementation, the system first traverses all identified disturbance points in each identified abnormal fluctuation path. Based on the sequential structure of the abnormal fluctuation path, it extracts the positional information of the disturbance points within the path. This positional information refers to the sequential or topological sequence position of the disturbance point within the abnormal fluctuation path, typically represented by a sequence number or offset, such as "the 3rd node" or "located after the node before the jump." Positional information can be obtained by recording the call order of each key node in the path, eliminating the need for complex data structures. By understanding the position of the disturbance point in the path, it's possible to determine whether the disturbance point serves as the starting action, intermediate jump node, or ending operation, thus inferring its impact on the overall execution logic of the path. For example, a disturbance point at the beginning of the path is more likely to be the initial trigger point causing path deviation, while one in the middle may be a function jump node.
[0078] Subsequently, the system synchronously extracts the functional attribute information of the disturbance points. Functional attributes refer to the functional category corresponding to the key node in the system's functional hierarchy, such as "parameter settings," "calibration entry," and "maintenance mode," used to describe the system behavior performed by the key node. Functional attributes can be obtained by querying a preset key-function mapping table based on the key identifier of the disturbance point to retrieve the corresponding functional semantic tag. The semantic tag not only reflects the functional classification of the key node but also reveals whether the key node belongs to the main process operation, system maintenance operation, or other hidden functions. The preset key-function mapping table is usually pre-set by the device manufacturer, system developer, or software configuration module during the system initialization or deployment phase and stored in the system configuration file, function dictionary, or database. It describes the functional category, operation type, or function name corresponding to each key identifier (e.g., key code, location number, UI control ID, etc.).
[0079] By combining the location information and functional attributes of disturbance points, the system can comprehensively judge the behavioral patterns and path impact of these disturbance points. For example, if a disturbance point's functional attribute is "debugging mode entry," it is located at the beginning of the path and only frequently appears in certain specific scenarios, it can be reasonably inferred that the disturbance point may be a key entry point that triggers abnormal fluctuations and leads to hidden processes or unexpected logic. Furthermore, location information can also be used to construct the association between disturbance points and target operation scenarios for subsequent dynamic path analysis, access control configuration, or operation behavior alarms.
[0080] S3062. Based on location information, the abnormal fluctuation path is divided into a pre-sequence and a post-sequence. The pre-sequence is the combination key input before the disturbance point, and the post-sequence is the key sequence after the disturbance point.
[0081] In step S3062, after obtaining the location information of the disturbance point, the system divides the entire abnormal fluctuation path into a preceding sequence and a following sequence based on the sequential position of the disturbance point in the abnormal fluctuation path.
[0082] In actual implementation, the system traverses the key nodes in the abnormal fluctuation path and performs path segmentation based on the disturbance point position index obtained in the previous step. The path is essentially a linear sequence of multiple key nodes arranged in time or operation order. The disturbance point, as a specific node, has a uniquely determined index position within the path. Based on the disturbance point position, the system divides the path into two segments from the disturbance point. The portion from the path start point to the disturbance point (excluding the disturbance point) is defined as the pre-sequence, and the portion from the disturbance point to the end of the path is defined as the post-sequence. This ensures that the path structure is logically deconstructed into two stages: "before the disturbance occurs" and "after the disturbance occurs," allowing for independent analysis of the disturbance point's impact on the subsequent operation chain.
[0083] In the user's or system's operation sequence, the preceding operations often constitute the prerequisites or triggering background for the subsequent operations. As a key node in the path fluctuation, the subsequent sequence of the disturbance point is more likely to show deviation from the expected path, such as function jump, process interruption or hidden logic call.
[0084] S3063. By filtering candidate buttons that can replace the disturbance point at the functional level through the preset button function mapping table and the functional attributes of the disturbance point, a set of candidate buttons is determined.
[0085] In step S3063, after acquiring the functional attributes of the disturbance points and segmenting the path structure, the system further determines the candidate key set based on the functional attributes of the disturbance points.
[0086] In the implementation process, the system first performs a reverse lookup operation in a pre-defined key-function mapping table based on the functional attributes of the disturbance point. The key-function mapping table is a predefined data structure used in the system design phase to record the mapping relationship between each key identifier and its corresponding functional attribute. Through the reverse lookup mechanism of the key-function mapping table, the system can find all other key nodes with functional attributes consistent with or similar to the disturbance point. These key nodes constitute a candidate key set, that is, a set of keys with similar behavioral capabilities to the disturbance point at the functional level. Furthermore, to enhance the accuracy and controllability of the filtering, the system can also introduce a semantic hierarchy or classification system of functional attributes. For example, if the functional attribute of the disturbance point is "parameter setting," the system can identify all key nodes belonging to the "configuration function" category, such as "time setting," "unit switching," and "communication configuration," and include them in the candidate key set.
[0087] The determination of the candidate button set is not only significant at the structural level, but also valuable for behavioral prediction and risk extrapolation. Since the disturbance point has been identified as a critical node that may cause path fluctuations, the system can infer whether there are other potential disturbance points in the system on a larger scale by identifying other buttons with similar functional attributes to the disturbance point.
[0088] S3064. Obtain the second key sequence based on each candidate key in the candidate key set and the preceding and following sequences.
[0089] Step S3064 may include the following steps: in the abnormal fluctuation path, replace the disturbance points one by one with candidate keys to obtain a first type of second key sequence; insert candidate keys one by one between the preceding sequence and the following sequence to obtain a second type of second key sequence; delete the disturbance points and directly connect the preceding sequence and the following sequence to obtain a third type of second key sequence; combine the first type of second key sequence, the second type of second key sequence and the third type of second key sequence into a second key sequence.
[0090] In one embodiment, the system identifies disturbance points in the abnormal fluctuation path. The functional attribute of the disturbance points is "debugging settings." Based on the functional attribute, five candidate keys with similar configuration functions are extracted from the key-function mapping table. The system first replaces each disturbance point with one of the candidate keys, generating five first-type second-key sequences to simulate the path effect of functionally equivalent replacement. Then, these five candidate keys are inserted one by one between the preceding and following sequences of the original path, constructing five second-type second-key sequences. The system observes whether the path experiences logical shifts or flow jumps due to the insertion operation. Finally, the system deletes the disturbance points and directly concatenates the preceding and following sequences to generate a third-type second-key sequence to test whether the disturbance points are necessary trigger points for abnormal fluctuations. By comparing the differences in behavior output and triggering results between the above sequences and the original path, the system confirms that the disturbance points are key triggering factors for the abnormal path and further identifies two candidate keys that may serve as alternative inputs, possessing the potential for path optimization.
[0091] In another implementation, for an abnormal fluctuation path containing multiple disturbance points, the system sequentially performs candidate key replacement and insertion operations for each disturbance point. For each disturbance point, the system generates a first-type second key sequence, a second-type second key sequence, and a third-type second key sequence corresponding to the disturbance point, while keeping other disturbance points unchanged in each simulation round to ensure the comparability of variable control. Throughout the process, the system uses a path behavior simulation module to simulate the execution of various types of second key sequences, recording the function call stack and interface jump behavior. The results show that replacing or deleting any disturbance point can significantly alleviate the abnormal path phenomenon, while replacing another disturbance point has little impact on the path behavior. Based on this analysis, the system finally determines the high-priority disturbance point intervention strategy and incorporates candidate keys with good substitution effects into the subsequent path optimization module for dynamic strategy configuration, thereby improving the system's adaptive adjustment capability and stability of abnormal paths.
[0092] After generating the three types of second key sequences, the system performs the following combined operation to form the final set of second key sequences for easier unified analysis and path behavior comparison:
[0093] First, the system initializes the target sequence set and then adds all paths from the first, second, and third category second key sequence sets to the target sequence set sequentially. During the addition process, the system attaches a source tag to each path to indicate which type of mutation the path belongs to (such as "replacement", "insertion", or "deletion").
[0094] To avoid path redundancy, the system performs a structured hash calculation on each candidate path before adding it to determine if it has a logical structure that is duplicated from an existing path. If it is duplicated, it is skipped; otherwise, it is included in the set. This deduplication operation ensures that the combined second key sequence set has good representativeness and diversity, avoiding redundant calculations.
[0095] In addition, the system standardizes the structural features of each merged path, such as unifying the path length (by padding or truncation) and unifying the key format (such as encoding, naming rules, etc.), to adapt to the input requirements of the subsequent path behavior simulation module.
[0096] Ultimately, all the combined key sequences constitute a unified "second key sequence set". The system uses this set as input to perform subsequent steps such as path simulation, behavior offset analysis, and abnormal trigger testing, in order to further identify hidden logic, verify the importance of disturbance points, and provide candidate solutions for path optimization.
[0097] S205. Control the electronic scale under test to execute key operations one by one according to each second key sequence in the first key sequence set to obtain status feedback data. The status feedback data includes the target status feedback data generated according to the status response logic when the key input or combination key input corresponding to each second key sequence is operated.
[0098] After obtaining the second key sequence, the system controls the electronic scale to execute key operations one by one according to each of the second key sequences in the first key sequence set, and collects the corresponding status feedback data. By executing simulated path operations, the system's response status under different key combinations is obtained to determine whether each variant path still causes abnormal behavior, thereby verifying the effect of path structure adjustment.
[0099] Specifically, the system uses an automated control module to sequentially send each generated second key sequence to the electronic scale control unit, simulating manual operation by the user. The control module can control the device to execute the function operation corresponding to each key node through protocol commands or a virtual trigger interface. During execution, the system monitors the operating status of the electronic scale in real time and records status feedback data, including interface jump results, function call responses, system flag changes, and abnormal alarm information, through a status acquisition module. Each second key sequence corresponds to a complete set of target status feedback data, serving as a direct reflection of the system status changes caused by the second key sequence during actual operation.
[0100] In this way, the system can verify the behavior of the second key sequence in a real environment using simulated path variants, thereby determining whether the replacement, insertion, or deletion operations have effectively changed the behavioral logic of the original abnormal path. For example, if the original path always enters "maintenance mode" after the disturbance point, but the system returns to the main interface normally after the second key sequence is executed, it can be determined that the path variant of the original path has the ability to repair behavior.
[0101] S206. Based on the target state feedback data, perform abnormal behavior identification on the first key sequence set, determine the second key sequence set, and determine the third key sequence based on the second key sequence set.
[0102] Step S206 may include the following steps: analyzing the change characteristics of state change data in the target state feedback data, determining the anomaly type and degree of the target state feedback data; calculating the anomaly score value of the target state feedback data based on the anomaly type and degree of anomaly; combining multiple second key sequences with anomaly scores exceeding a preset anomaly threshold and having the same anomaly type into a second key sequence set; performing anomaly testing on the second key sequences in the second key sequence set; and determining the second key sequences that pass the anomaly test as the third key sequence.
[0103] Specifically, the system first analyzes the state change data in each target state feedback data. State change data refers to the trajectory information of system state fields (such as operating mode identifier, page jump code, function call code, error code, etc.) changing over time during the execution of the second key sequence. The system extracts features such as the changing trends, jump amplitudes, and durations of these state fields before, during, and after path execution, constructs a state change feature vector, and compares it with the standard path or expected state trajectory to identify the degree of deviation and abnormal behavior of the state change data. The comparison process can employ algorithms such as dynamic time warping, state transition graph matching, or neural network-based feature classifiers to model and determine whether path behavior deviations constitute anomalies.
[0104] Next, the system determines the anomaly type and severity for each target status feedback data based on the aforementioned feature comparison results. The anomaly type categorizes the nature of the behavioral deviation, such as "function jump anomaly" or "page lag." The system can map different status deviation patterns to specific anomaly labels using a pre-defined anomaly type dictionary. This dictionary is a pre-established data structure used to classify, encode, and describe various system anomalies that may occur during device operation. Essentially, it is a classification standard table of anomaly patterns, providing a unified reference for the system to identify, judge, and handle abnormal behaviors. The pre-defined anomaly type dictionary typically exists in the form of key-value pairs or structured tables. Each anomaly type corresponds to a unique identifier (anomaly type code), anomaly description information, feature pattern definition, severity level, and other fields. The anomaly severity is a quantitative assessment of the scope or severity of the anomaly's impact. It can be weighted based on dimensions such as deviation amplitude, duration, and system impact level, forming a score representation. The anomaly severity is usually not determined by a single factor; it is calculated by weighting multiple dimensions of indicators to form a comprehensive score. A common calculation model is as follows: Anomaly Severity = α × Deviation Amplitude + β × Duration + γ × System Impact Level. Here, deviation amplitude refers to the degree of deviation of the state parameter, such as the difference between the page jump code and the expected value, or the error rate of the function call flag; duration refers to the length of time the abnormal state lasts; the longer the abnormality lasts, the greater the impact; system impact level is a preset level weight, representing the ability of the abnormality type to damage system functions (e.g., minor, moderate, severe, fatal); α, β, and γ are weight parameters set by the system and can be flexibly adjusted according to the actual application scenario. For example, in cases involving medical weighing equipment or commercial electronic scales with extremely high pricing accuracy requirements, the system focuses more on the destructiveness of the abnormality to core functions. In this case, the weight of the system impact level in the anomaly severity calculation can be increased, i.e., setting γ > α and γ > β, for example, α = 0.2, β = 0.2, γ = 0.6, to highlight the importance of the "system impact level" in the overall anomaly assessment. Conversely, in user experience-oriented portable devices, the system may pay more attention to response latency or the duration of page anomalies. In such cases, a higher β value can be set, such as α=0.3, β=0.5, γ=0.2, to allow the system to more accurately capture anomalies affecting the user's workflow. Furthermore, the weight parameters can be adaptively adjusted based on historical data feedback, further enhancing the dynamic adaptability and actual discrimination efficiency of the anomaly assessment model.
[0105] The system first calculates an anomaly score for each target status feedback data based on the identified anomaly types and corresponding anomaly severity. The anomaly score is a comprehensive indicator reflecting the severity of abnormal behavior caused by the second key sequence during actual device operation, and can be calculated using the following formula: Anomaly Score = λ × Anomaly Severity + μ × Anomaly Type Level Coefficient. Here, the anomaly score represents the comprehensive score of the anomaly caused by the second key sequence corresponding to the target status feedback data, used to determine whether the second key sequence should be included in the second key sequence set; the anomaly severity is calculated by the system based on the deviation amplitude, duration, and system impact level, quantifying the strength of the abnormal behavior itself; the anomaly type level coefficient is a fixed coefficient value preset by the system for different anomaly types in a preset anomaly type dictionary, reflecting the weight or priority of the anomaly type in the overall risk management of the system (e.g., "system restart" is set to 1.5, "page jump anomaly" is set to 1.0); λ and μ are weight parameters set by the system to control the proportion of influence of the anomaly severity and the anomaly type level coefficient on the score.
[0106] After obtaining the abnormal scores for all second key press sequences, the system filters these sequences based on a preset abnormality threshold. The preset abnormality threshold is a scoring cutoff value set by the system based on historical abnormal data statistics, abnormal repair cost assessments, and expert experience rules. It is typically obtained through one of the following methods: 1) selecting the upper percentile (e.g., the 80th percentile) of the score distribution based on statistical analysis of score distributions in historical real-world abnormal cases; 2) manually setting a score reflecting the minimum tolerable risk (e.g., 8.0 points) based on the system's definition of acceptable abnormality levels; or 3) using a machine learning model to train and predict abnormal consequences, automatically outputting the optimal segmentation point as the threshold. The preset abnormality threshold obtained through these methods can objectively reflect the system's need to identify "high-risk abnormal paths."
[0107] The system groups multiple second-key sequences with anomaly scores exceeding a preset anomaly threshold and the same anomaly type into a single second-key sequence set. This ensures that paths grouped into the same second-key sequence set exhibit high consistency in their anomaly behavior, meaning significant anomaly intensity and consistent anomaly type. During the combination process, the system first performs initial screening based on the score values, and then categorizes and aggregates them using anomaly type codes from an anomaly type dictionary. For example, for three paths with scores of 9.2, 9.6, and 10.1, if the anomaly type corresponding to the second-key sequences is "system restart," the system groups them into a "system restart anomaly path set," which serves as the key path set for subsequent reproduction and verification.
[0108] After constructing the second key sequence set, the system further performs anomaly testing on each second key sequence in the set. This aims to verify the reproducibility of anomalies by automatically reproducing identified high-risk anomaly paths. The anomaly test may include the following steps: acquiring the state parameters of the scale under test, including displayed values, a zeroing flag, and a stability flag; controlling the scale under test to execute the second key sequence at a first preset rate to obtain first state parameter change data; controlling the scale under test to execute the second key sequence at a second preset rate to obtain second state parameter change data; controlling the scale under test to execute the second key sequence at a third preset rate to obtain third state parameter change data, where the first preset rate is less than the second preset rate, and the second preset rate is less than the third preset rate; analyzing the change characteristics between the target state parameter change data. If the change characteristics meet preset anomaly identification conditions, the second key sequence passes the anomaly test; otherwise, the second key sequence fails the anomaly test.
[0109] In one embodiment, to verify whether the second key sequence in the second key sequence set can trigger a consistency anomaly at different operating rates, the system acquires the state parameters of the electronic scale, including the displayed value, the zeroing flag, and the stability flag, which are used to comprehensively characterize the physical and logical state of the electronic scale during execution. The system controls the electronic scale to execute the second key sequence sequentially at a first preset rate, a second preset rate, and a third preset rate, respectively collecting the corresponding first state parameter change data, second state parameter change data, and third state parameter change data, with the three rates increasing sequentially. The system inputs the three sets of state parameter change data as target state parameter change data to the anomaly verification module. By comparing the fluctuation amplitude of the displayed value, the zeroing response delay, and the jump pattern of the stability flag, the system analyzes whether the change characteristics meet the preset anomaly identification conditions, such as "zeroing failure occurs at high and medium rates, while zeroing is normal at low rates." If it meets the conditions, the second key sequence is considered to have rate-sensitive anomaly triggering characteristics, and the verification passes; otherwise, it is determined to be an occasional or non-deterministic anomaly, and the verification fails.
[0110] In another embodiment, to further identify the dynamic boundary conditions that trigger anomalies, the system performs a rate-layered verification test on the second key sequence in the second key sequence set. During the test, the system controls the electronic scale to execute the second key sequence at three different preset rates: a first preset rate (slow), a second preset rate (medium), and a third preset rate (fast). During each execution, the system collects and displays state parameters such as the displayed values, zeroing flag, and stability flag in real time, forming three sets of state parameter change data. The system performs a difference analysis on the three sets of data, focusing on detecting whether there are characteristics such as lag in state parameter response, abnormal jitter frequency, or repeated jumps in the stability flag at different rates. If consistent abnormal behavior is observed at all three rates, or if the abnormal characteristics show a clear regularity with the rate change (e.g., the faster the rate, the more abnormal), then the second key sequence is considered to have controllable abnormal triggering logic and is verified as passed. Otherwise, if the abnormality only occurs occasionally at any rate or does not have a regular change pattern, then the path stability is considered insufficient and the verification fails.
[0111] At this point, the system further marks the second key sequence that passed the anomaly test as the third key sequence and stores it in the suspicious path database. Since the third key sequence usually corresponds to a special path that activates the hidden function or illegal operation mode, it rarely appears in normal user operations. Therefore, if the second key sequence that passed the anomaly test has the above characteristics, it can be regarded as a potential hidden path.
[0112] S207. If a third key sequence exists in the second key sequence set, it is determined that the electronic scale under test has a cheating mechanism activated by a hidden path; otherwise, it is determined that the electronic scale under test does not have a cheating mechanism.
[0113] After constructing and testing the second key sequence set, the system further performs a hidden path detection operation to determine whether a path identified as a third key sequence exists within the second key sequence set. A third key sequence refers to a key combination path that, through anomaly testing, exhibits stable abnormal characteristics and can repeatedly activate abnormal states, possessing strong concealment and high risk. The system stores all second key sequences that pass the anomaly test into a third key sequence list and compares this list with the second key sequence set. If at least one third key sequence exists in the second key sequence set, it indicates that the scale under test has the ability to trigger illegal functions through a hidden path. The judgment is based on the fact that a normal function path should not exhibit stable abnormal behavior in the standard operating procedure. If unexpected state parameter anomalies are continuously triggered in multiple rounds of verification, such as value drift, failure of the stability flag, or bypassing of the zeroing logic, and this does not belong to the legal operating procedure defined in the publicly available specification, it is highly likely that it is designed as a trigger path for a hidden function. Therefore, the system directly determines that the scale under test possesses a cheating mechanism based on hidden path activation.
[0114] If no key path that is completely identical or highly similar to the third key sequence is found in the second key sequence set, it means that no hidden path that could trigger an illegal state was exposed during the actual test operation, and it is considered that the electronic scale under test does not have a cheating mechanism.
[0115] Please see Figure 4 This is a schematic diagram of the structure of a cheating detection system for an electronic scale provided in an embodiment of this application. The cheating detection system 400 specifically includes: an acquisition module 401, used to acquire key setting data, state response logic, operation sequence rules, and historical operation data of the electronic scale to be tested; a generation module 402, used to generate a key input sequence set of the electronic scale to be tested based on the key setting data, the state response logic, and the operation sequence rules, wherein the key input sequence set is a collection of multiple key sequences, and the key sequence includes all possible combination key inputs, the state response logic corresponding to the combination key inputs, and the operation sequence rules involving all the combination key inputs; and a calculation module 403, used to calculate the trigger frequency of each key sequence in the historical operation data and set a first preset threshold and a second preset threshold for the trigger frequency, wherein the first preset threshold is less than the second preset threshold; and to filter key sequences with trigger frequencies lower than the first preset threshold and higher than the second preset threshold as first key sequences, and to use the first key sequences as... Suspicious path; Disturbance module 404, used to disturb the suspicious path according to the historical operation data, modify the suspicious path, and obtain a first key sequence set including multiple second key sequences, the second key sequence including multiple key nodes and disturbance points; Control module 405, used to control the electronic scale under test to execute key operations one by one according to each second key sequence in the first key sequence set, and obtain status feedback data, the status feedback data including target status feedback data generated according to status response logic when the key input or combination key input corresponding to each second key sequence is operated; Identification module 406, used to identify abnormal behavior in the first key sequence set based on the target status feedback data, determine the second key sequence set, and determine the third key sequence according to the second key sequence set; Judgment module 407, used to determine that the electronic scale under test has a cheating mechanism activated by a hidden path if the third key sequence exists in the second key sequence set; otherwise, determine that the electronic scale under test does not have the cheating mechanism.
[0116] The disturbance module 404 is specifically used for: determining the operating scenario of the electronic scale to be tested based on the historical operation data; counting the number of times the suspicious path is triggered in different operating scenarios; identifying abnormal fluctuation paths in the suspicious path based on the number of triggers; analyzing the functional attributes, trigger frequency, and structural position of each button node in the abnormal fluctuation path; determining the button nodes that meet the preset disturbance conditions as disturbance points; and performing a disturbance operation on the abnormal fluctuation path at the location of the disturbance point to generate multiple second button sequences, thereby obtaining the first button sequence set. Specifically, this includes: acquiring the position information of the disturbance point in the abnormal fluctuation path and the functional attributes of the disturbance point; and dividing the abnormal fluctuation path into a pre-sequence and a post-sequence based on the position information, wherein the pre-sequence is the combination of buttons before the disturbance point. The input key is given, where the subsequent sequence is the key sequence following the disturbance point. A candidate key set is determined by filtering candidate keys that can replace the disturbance point at the functional level using a preset key-function mapping table and the functional attributes of the disturbance point. A second key sequence is obtained based on each candidate key in the candidate key set, the preceding sequence, and the subsequent sequence. Specifically, this includes: replacing the disturbance point with the candidate key one by one in the abnormal fluctuation path to obtain a first type of second key sequence; inserting the candidate key one by one between the preceding sequence and the subsequent sequence to obtain a second type of second key sequence; deleting the disturbance point and directly connecting the preceding sequence and the subsequent sequence to obtain a third type of second key sequence; and combining the first type of second key sequence, the second type of second key sequence, and the third type of second key sequence into the second key sequence.
[0117] The disturbance module 404 is further specifically used to: determine the operation scenario in which the number of triggers of the suspicious path is not zero as the target operation scenario; and determine the suspicious path in which the difference between the maximum target trigger count and the minimum target trigger count in the same operation scenario is greater than a preset trigger threshold as the abnormal fluctuation path.
[0118] The identification module 406 is specifically used for: analyzing the change characteristics of state change data in the target state feedback data; determining the anomaly type and degree of the target state feedback data through a preset expected state trajectory, wherein the state change data is the change trajectory of the state parameters of the electronic scale under test over time; calculating the anomaly score value of the target state feedback data according to the anomaly type and the degree of anomaly; combining multiple second key sequences whose anomaly score values exceed a preset anomaly threshold and have the same anomaly type into a second key sequence set; performing anomaly testing on the second key sequences in the second key sequence set; and determining the second key sequence that passes the anomaly test as the third key sequence.
[0119] The identification module 406 is further specifically configured to: acquire the state parameters of the electronic scale under test, the state parameters including a displayed value, a zeroing flag, and a stability flag; control the electronic scale under test to execute the second key sequence at a first preset rate to obtain first state parameter change data; control the electronic scale under test to execute the second key sequence at a second preset rate to obtain second state parameter change data; control the electronic scale under test to execute the second key sequence at a third preset rate to obtain third state parameter change data, wherein the first preset rate is less than the second preset rate, and the second preset rate is less than the third preset rate; analyze the speed change value of the target state parameter change data that is stably read; if the speed change value is within a preset speed change range, then the second key sequence passes the anomaly test, and the target state parameter change data includes the first state parameter change data, the second state parameter change data, and the third state parameter change data; otherwise, the second key sequence fails the anomaly test.
[0120] This embodiment also discloses an electronic device, as shown in the reference. Figure 5The electronic device may include: at least one processor 501, at least one communication bus 502, a user interface 503, a network interface 504, and at least one memory 505. The communication bus 502 is used to enable communication between these components. The user interface 503 may include a display screen and a camera; optionally, the user interface 503 may also include a standard wired interface or a wireless interface. The network interface 504 may optionally include a standard wired interface or a wireless interface. The processor 501 may include one or more processing cores. The processor 501 connects to various parts of the server using various interfaces and lines, and performs various functions of the server and processes data by running or executing instructions, programs, code sets, or instruction sets stored in the memory 505, and by calling data stored in the memory 505. Optionally, the processor 501 may be implemented using at least one hardware form selected from Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). Processor 501 can integrate one or more of the following: a central processing unit (CPU), a graphics processing unit (GPU), and a modem. The CPU primarily handles the operating system, user interface, and applications; the GPU is responsible for rendering and drawing the content required for display; and the modem handles wireless communication. It is understood that the modem can also be implemented as a separate chip without being integrated into processor 501.
[0121] The memory 505 may include random access memory (RAM) or read-only memory. Optionally, the memory 505 may include a non-transitory computer-readable storage medium. The memory 505 can be used to store instructions, programs, code, code sets, or instruction sets. The memory 505 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for at least one function (such as touch function, sound playback function, image playback function, etc.), instructions for implementing the above-described method embodiments, etc.; the data storage area may store data involved in the above-described method embodiments, etc. Optionally, the memory 505 may also be at least one storage device located remotely from the aforementioned processor 501. Figure 5 As shown, the memory 505, as a computer storage medium, may include an operating system, a network communication module, a user interface module, and an application program for a cheating detection method for an electronic scale. Figure 5 In the electronic device shown, the user interface 503 is mainly used to provide an input interface for the user and to obtain the user input data; while the processor 501 can be used to call the application program stored in the memory 505 for a cheating detection method of an electronic scale. When executed by one or more processors 501, the electronic device executes one or more methods as described in the above embodiments.
[0122] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage device (CMD). Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a memory 505 and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned memory 505 includes various media capable of storing program code, such as a USB flash drive, external hard drive, magnetic disk, or optical disk.
Claims
1. A method for detecting cheating on electronic scales, characterized in that, The cheating detection method for the electronic scale applied in the server includes: Acquire the button settings data, status response logic, operation sequence rules, and historical operation data of the electronic scale under test; Based on the key setting data, the state response logic, and the operation sequence rules, a key input sequence set for the electronic scale to be tested is generated. The key input sequence set is a collection of multiple key sequences. The key sequence includes all possible combination key inputs, the state response logic corresponding to the combination key inputs, and the operation sequence rules involving all the combination key inputs. Calculate the trigger frequency of each key sequence in the historical operation data in the key input sequence set and set a first preset threshold and a second preset threshold for the trigger frequency, wherein the first preset threshold is less than the second preset threshold; filter key sequences with trigger frequencies lower than the first preset threshold and higher than the second preset threshold as first key sequences, and regard the first key sequences as suspicious paths; The suspicious path is perturbed based on the historical operation data, and the suspicious path is modified to obtain a first key sequence set including multiple second key sequences. The second key sequence includes multiple key nodes and perturbation points. The electronic scale under test is controlled to execute key operations one by one according to each second key sequence in the first key sequence set to obtain status feedback data. The status feedback data includes target status feedback data generated according to the status response logic when the key input or combination key input corresponding to each second key sequence is operated. Based on the target state feedback data, abnormal behavior identification is performed on the first key sequence set to determine the second key sequence set, and a third key sequence is determined based on the second key sequence set. If the third key sequence exists in the second key sequence set, it is determined that the electronic scale under test has a cheating mechanism activated by a hidden path; otherwise, it is determined that the electronic scale under test does not have the cheating mechanism. The step of identifying abnormal behavior in the first key sequence set based on the target state feedback data, determining the second key sequence set, and determining the third key sequence based on the second key sequence set specifically includes: Analyze the change characteristics of the state change data in the target state feedback data, and determine the abnormal type and degree of the target state feedback data by preset expected state trajectory. The state change data is the change trajectory of the state parameters of the electronic scale to be tested over time. Calculate the anomaly score value of the target state feedback data based on the anomaly type and the anomaly degree; Multiple second key sequences whose abnormal scores exceed a preset abnormal threshold and have the same abnormal type are combined into a second key sequence set; Anomaly testing is performed on the second key sequence in the second key sequence set; The second key sequence that passes the anomaly test is determined as the third key sequence.
2. The method for identifying cheating on an electronic scale according to claim 1, characterized in that, The step of perturbing the suspicious path based on the historical operation data to modify the suspicious path and obtain a first key sequence set including multiple second key sequences specifically includes: The operating scenario of the electronic scale to be tested is determined based on the historical operation data. Count the number of times the suspicious path is triggered under different operational scenarios; Identify abnormal fluctuation paths within the suspicious paths based on the number of triggers; Analyze the functional attributes, trigger frequency, and structural position of each button node in the abnormal fluctuation path; Key nodes that meet the preset disturbance conditions are identified as disturbance points; At the location of the disturbance point, a disturbance operation is performed on the abnormal fluctuation path to generate multiple second key sequences, thus obtaining the first key sequence set, specifically including: Obtain the location information of the disturbance point in the abnormal fluctuation path and the functional attributes of the disturbance point; Based on the location information, the abnormal fluctuation path is divided into a pre-sequence and a post-sequence. The pre-sequence is the combination key input before the disturbance point, and the post-sequence is the key sequence after the disturbance point. By filtering candidate buttons that can replace the disturbance point at the functional level through a preset button function mapping table and the functional attributes of the disturbance point, a set of candidate buttons is determined. The second key sequence is obtained based on each candidate key in the candidate key set and the preceding and following sequences, specifically including: In the abnormal fluctuation path, the disturbance points are replaced one by one with the candidate keys to obtain the first type of second key sequence; The candidate keys are inserted one by one between the preceding sequence and the following sequence to obtain the second type of second key sequence; Delete the perturbation points and directly connect the preceding sequence and the following sequence to obtain the third type of second key sequence; The first type of second button sequence, the second type of second button sequence, and the third type of second button sequence are combined to form the second button sequence.
3. The method for identifying cheating on an electronic scale according to claim 2, characterized in that, The step of identifying abnormal fluctuation paths in the suspicious paths based on the number of triggers specifically includes: The operation scenario in which the number of triggers of the suspicious path is not zero is identified as the target operation scenario; The suspicious path in which the difference between the maximum and minimum target trigger counts in the same operation scenario is greater than a preset trigger threshold is identified as the abnormal fluctuation path.
4. The method for identifying cheating on an electronic scale according to claim 1, characterized in that, The anomaly test for the second key sequence in the second key sequence set specifically includes: The status parameters of the electronic scale to be tested are obtained, including the displayed value, zeroing indicator, and stability indicator. The electronic scale under test is controlled to execute the second key sequence according to the first preset rate to obtain the first state parameter change data; The electronic scale under test is controlled to execute the second key sequence according to the second preset rate to obtain the second state parameter change data; The electronic scale under test is controlled to execute the second key sequence according to the third preset rate to obtain the third state parameter change data. The first preset rate is less than the second preset rate, and the second preset rate is less than the third preset rate. The target state parameter change data is analyzed to obtain a stable reading of the speed change value. If the speed change value is within a preset speed change range, the second key sequence passes the anomaly test. The target state parameter change data includes the first state parameter change data, the second state parameter change data, and the third state parameter change data. Otherwise, the second key sequence fails the anomaly test.