Recently, “network security” incidents occurred frequently in the Internet industry. In August alone, there were a number of network hacking attacks, including the Globelmposter ransomware attack on the subsidiaries of an important domestic communication enterprise. It has been revealed that about 500 million pieces of data from its hotels were leaked. Under the guise of cooperating with operators, A new Third Board company, Ruizhisheng, illegally stole 3 billion pieces of user data, involving users of nearly 100 Internet companies including BAT.

Data show that in 2017, the total number of cyber attacks on global enterprises increased by 15% compared with last year, and the severity increased by 23%. Network security incidents not only infringe on user information security, but also damage the operation security of Internet enterprises. Their destructions are no longer limited to material and property losses in the traditional sense, but affect operation, manufacturing and personal safety.

What network hacking attacks will be encountered in APP operation?

APP operation depends on users, but you don’t know whether your users are real or virtual. According to Bot Traffic Report 2016, robot Traffic accounted for 51.8% of the total network Traffic in 2016, exceeding human Traffic, and malicious robot Traffic accounted for 28.9% of the total network Traffic.

Half of the users are robots, it is frightening to think, but more terrible is that nearly 30% of the malicious robot flow, they will bring what kind of damage to the operation work? The following are my summary of the most common network risks in APP operation.

1, competitors and bad SMS agents malicious brushing

On the registration page of many apps, users are required to fill in their real mobile phone number for registration, login, password retrieval and other operations. But the page itself can’t determine if a user’s phone number is a real one, which opens up an opportunity for rival apps and SMS agents to use hacking tools to randomly send text messages to a large number of phone numbers, resulting in high fees and financial losses. It also caused harassment to ordinary users who did not use the platform but received verification messages.

2, promote the company brush quantity

Some apps will find a promotion company to promote the product in the early stage. Some bad promotion companies will use automated tools for batch registration, resulting in the team to pay a lot of promotion costs, but did not attract real users.



3, water injection, advertising party attack

I believe that we brush some content community in the daily process, occasionally meet a large number of hot posts under the presence of water, all kinds of accounts take the opportunity to play advertising rub heat. After registering as a small number of users, these parties obtain a large number of accounts from the access code platform to log in to the APP, and send a large number of spam advertisements or even illegal information for some marketing purposes, which seriously affect the normal operation of the platform and destroy the community atmosphere.

4. Wool party attacks

APP promotion will use cash rewards and other preferential activities to attract the first group of users, but when the product itself is profitable, the first group is attracted by the wool party. The wool party made profits by exploiting loopholes in APP operation activities, which greatly affected the quality and effect of activities.

5. Warehouse attack

Many Internet users use the same password for their accounts on multiple platforms for easy memorization. Attackers take advantage of this feature to obtain account passwords leaked by users on some websites and APPS through automated tools and try to log in to other websites or apps, which is a major security risk for users’ account security. Once a major incident occurs, APP operators also have unshirkable responsibility.

Revealed: APP protection + big data effectively hit network hacking

In fact, THE battle of APP against network hacking has been going on all the time. IP blocking, verification code, SMS verification and so on are common countermeasures. However, because network hackers are mixed with real users, APP operators cannot accurately target them and are often in a passive position in the confrontation.

With the development of big data technology, the concept of “precision” has also been introduced into the field of “risk control”. At present, several “leading” big data service providers in the industry are actively exploring the application practice of big data in “anti-fraud”. With the support of big data, there is no doubt that APP has a pair of scopes when fighting back, which can effectively identify whether the computer is facing a real user or a fake attacker. Specific effects on the following aspects:

1, accurate “black production” portrait

In traditional APP protection measures, behavior analysis model will also be established to identify network hacking, such as:

Behavior aggregation is determined based on user login behaviors, such as page duration, mouse focus, page access process, and CSRF-token.

Device aggregation, through the client, especially the mobile phone client, to report a lot of machine information, identify the existence of forged devices.

However, “network hacking” can circumvent the background behavior analysis model by imitating real people’s behavior, thus confusing APP operators and exploiting loopholes.

Now, with the support of big data technology, APP has greatly innovated the data analysis of black industry. At present, some third-party big data service providers rely on their own massive data accumulation and leading big data analysis technology, combine APP’s own data, user group label system, and multi-authoritative data, such as the whole network blacklist database, to conduct multidimensional modeling and analysis, thus generating accurate “black production” portraits. In addition, third-party big data service providers can also display data analysis through visualization technology, which is convenient for APP operators to use.

For example, Getui’s anti-fraud big data service makes it easier to interpret images of “black production”. They attach a score value to each analysis dimension, and finally obtain user risk score and grade evaluation through statistical methods, which is convenient for APP to classify users and carry out accurate risk control operation. APP takes active protective measures for users with high risk scores, restricts business, and reduces or even stops the issuance of red envelopes and discounts. APP can exempt users with low risk score from protective measures. Doing so not only ensures the security of the APP and users, but also improves the user experience.

2, high IQ verification protection

In the deployment of APP to prevent network hacking, setting captcha is the most widely deployed solution.

Graphic verification code has various forms, such as letter distortion, Chinese character recognition, moving slider, image selection and so on. Common apps directly access the verification code, and those with background analysis ability trigger the verification code only when there is an exception in background audit to improve common user experience.

SMS authentication Sends a verification code to a mobile phone for human authentication. However, this approach will produce a certain SMS costs, and user operation is more troublesome.

However, there are ways to hack against traditional captcha safeguards. For ordinary captcha, cyber hackers can use machine learning techniques to effectively identify captcha in images. For individual verification codes that are difficult to identify, the black industry also employs some codebreakers to identify them manually. For SMS verification, network hackers obtain a large number of mobile phone numbers cheaply through mobile card vendors, and then batch verification.

To solve these problems, many big data service companies have put forward many innovative solutions. On the one hand, big data companies take advantage of technology (machine learning is a big data technology) to produce captchas that are hard for machines to read. For example, animation verification code, the use of real people to animation recognition ability is stronger than the characteristics of the machine, on the premise of ensuring good user experience, improve security, increase the difficulty of cracking. On the other hand, through multi-dimensional data insight, big data companies find and identify access codes platforms and effectively resist.

3. Accurate sniper confrontation

When APP faces network hacking attacks, IP address blocking is a more positive and effective countermeasure strategy. In the past, the number of requests from the black IP address library or the same IP address and the password error rate determine whether to deny the requests from the IP address within a period of time. However, as tens of thousands of users can reside on the same IP address, users are easily deleted by mistake. Therefore, the APP will not use this method unless it is absolutely necessary if it cannot identify the real user.

With the help of big data, the company can not only identify the IP address in question, but also gain insight into the users of the IP address in question, so as to carry out targeted blocking actions.

The attack of black production and the protection of APP is a duel of contradiction and shield, but also a long and protracted war. APP not only needs to timely follow up the new technology of black industry, update the protection strategy as frequently as possible, and increase the cracking cost of black industry, but also needs to work side by side with the “security guards” in the industry to ensure user information security, improve user experience, effectively purify the industry environment, and maintain network security.