Hacking Book | Free Online Hacking Learning


do unlimited risk control with limited information!

Posted by bassolino at 2020-03-09

Unlimited risk control with limited information

Business Security Technology Practice Series

Author: stir fried shredded potato

It is unacceptable to elaborate the risk control and defense strategies and technical means of our own system in an open level. However, there is still a certain space to discuss the basic principles of risk control technology. Sooner or later, we all know that if no one comes out to discuss the basic principles, we will not be able to promote the progress of the whole industry. If there is no special description, the risk control described in this paper belongs to the risk control technology under the scope of business security.


Business risk control of others

We have learned that there are some peers with first-class risk control technology at home and abroad, whose basic technical capabilities, historical data accumulation, fraud detection level and platform concurrency performance are not the same as those of ordinary enterprises.

Our little friends once lamented that they were not as skilled as people and were ashamed of themselves.

But when we have been in contact with them many times, we have a clearer understanding that the strength of the wind control of other people is strong, but we are also sparrows, although they are all small and dirty, and even have some advanced aspects.

We have the same development track and overall direction with each other, except that others think more deeply and broadly, invest more resources and time.

In an enterprise of our size, we can use our business data reasonably and effectively, and also do a good job in risk control.


How to do your own business risk control?

Effective risk control measures depend on a strong risk control system, while the accuracy of risk control judgment depends on risk control parameters, rules and models. The more reference information the business system provides for the risk control system, the more accurate the risk control judgment and decision-making.

However, not every enterprise's risk control system grows with its business system. Many legacy systems do not have the ability to transmit key information to the risk control system. In most scenarios, risk control system can only rely on limited information for risk judgment.

So in this context, how can we effectively carry out risk control work? Here we introduce two ways of thinking:

2.1 multi angle perspective of known information

2.2 insight into anomalies on the timeline

2.1 multi angle perspective of known information

Taking IP address as an example, in the early stage of risk control platform construction, the risk control operation team has configured a large number of rules based on IP address in the background. Obviously, it is not because the platform only has the computing power of IP address dimension, but most business systems are not ready for real access to risk control, they only deliver IP address.

Based on the lack of long-term experience in business security confrontation, early team members can only configure hard rules based on IP address, such as: an IP address can only access a service 100 times a day, etc.

With the increase of our experience in the competition with you, the team members gradually realized that even the IP address is still something to do. Making good use of IP address can help us find and solve problems quickly and effectively.

For example: if you receive a request from an IP address of, in addition to applying some IP address rules immediately, we will consider changing the IP address, for example: 8.8.8. *, 8.8. *. *.

The reason for this extension is that in many cases, the IP addresses that make malicious requests to some businesses of the website in batches are aggregated, for example, from a certain server network segment or computer room.

Here we have completed the perspective analysis of two dimensions. Of course, we can also derive the existing IP information from the following perspectives:

geographic information

Information of provinces, cities and counties

National Information

IDC attribute

IDC service area

Education Network

large enterprises

Centralized export of operators

Network attribute

Fixed network IP

3G/4G network

Telecom / mobile / Unicom

apply property

Proxy properties

VPN attribute

Historical attribute

Case record

Attack record

Is it suddenly clear? Originally, there was only one dimension of IP address, and more than ten attributes were added at once. The key is that these attributes can participate in risk calculation directly. Think about all the happiness, the ability of risk control has greatly increased!

2.1 insight into changes on the timeline

To judge whether a request behavior is abnormal, it is difficult to give a conclusion only by the current request frequency at a certain point. But if the time cycle of this kind of behavior is lengthened, especially compared with the historical data, the bad people's evil behavior will appear immediately.

Focusing on and analyzing the following abnormal monitoring latitudes can help to quickly identify potential risks:

Behavior trend

Steep increase

Drop pit

Very straight curve

Zigzag curve

Historical synchronization

Relative to last calendar day

Compared with the same period last week

Relative to last online activity

Similar comparison

Proportion of login and registration

Proportion of successful login to successful registration

Success ratio of domestic login and foreign login

The following is a very classic machine request behavior. After identifying the abnormal behavior, we will be more confident to take decisive measures of risk control and interception!

Look at problems from more perspectives, more dimensions, and more fine-grained ways to monitor and analyze problems. In the face of crazy requests from service interfaces (even those that have been blocked by risk control), we need to study the intentions of the users. In the process of work, thinking more and asking why more will help the risk control team to open up working thinking, expand imagination space, and finally discover the internal mystery!

Low key, risk control, sharing with heart

There are surprises in the contribution of wonderful articles!

Vsrc welcomes the contribution of original articles. Once the excellent articles are adopted and released, there will be a good gift (at least 500 yuan VIP card or cash) for you. Our rich prizes include but are not limited to: macbookair, vsrc customized umbrella, vsrc customized water cup and vsrc exquisite pillow! (the final interpretation right of the activity belongs to vsrc)

Click on the original text to read "e-commerce business security, what does the boss think?"? "