Foreword: In business scenarios, the security team of an enterprise usually uses verification codes as a method to reduce the risk of business damage, so as to reduce the possibility of risk events such as credentialing, false registration, fraudulent swiping, information theft, and fleece.
Today, we will explore the significance of verification codes in business risk control through the practical application of verification codes in the special event of the 10th anniversary of GeeExpert.
In October's 10th anniversary event, we simulated e-commerce marketing activities to create a real event of a business scenario being attacked by a machine. In this event, the robot participated in a total of 1,183,900 card draws, and received a total of 7,811 iQiyi monthly memberships through machine cheating. If this investment is converted into large-scale operating activities, the business of the enterprise may cause a loss of 234,300 yuan.
Machine vs. Human Users Accepting Prizes
Taking October 27 as the dividing line to deploy the verification code in the reward receiving scene, we divided the whole activity into the first stage and the second stage. In the first stage without the verification code, the robot successfully took away 6081 rewards; but in the In the second stage, the verification code played the role of intercepting abnormal accounts, successfully identified risk accounts and implemented risk control strategies. According to statistics, there are 3,464 abnormal accounts identified through verification codes in this activity. So, in this business scenario, how does the verification code identify risky accounts?
The verification code used in this event is the extremely experimental behavioral verification code. This verification code is based on biological behavior characteristics and uses artificial intelligence deep learning to conduct high-dimensional analysis on the behavior data generated during the verification process, and finds that real human users and machine behavior patterns are consistent with each other. The differences in behavioral characteristics can accurately distinguish between human and machine in this scene.
01
Analysis and identification of hacking ideas
Through the tracking analysis of the cracking platform and the reverse research of related security products, the Jiexperi Interactive Security Lab found that cracking verification codes mainly relies on simulator cracking and interface cracking.
Simulator cracking: through various automated testing tools, such as Selenium to operate the chromium kernel to realize automated dragging, clicking and other operations;
Interface cracking: Use the interface program to crack the correct key parameters, so as to crack the verification code. Since interface cracking requires reverse restoration of the front-end JS and the logic of parameter generation needs to be fully clarified, the technical threshold and implementation cost of cracking with simulators are higher.
Simulator cracking and interface cracking are two technical paths to automate the cracking process, but no matter which one is used, verification answers must be obtained through manual, exhaustive pictures, AI recognition, etc., and then generate as realistic a behavior trajectory as possible . Automatic generation of trajectories includes:
Function generation: By writing functions, trajectory data with specific behavior patterns are automatically generated, and machine characteristics are relatively obvious.
Trajectory replay: Through various channels, real trajectory samples of different types and lengths are accumulated, and the trajectory data is repeatedly delivered according to the answer adaptation.
Based on these, the captcha can identify exceptions through the following three models:
CNN model: The full name is the convolutional neural network model, which automatically learns the characteristics of machine trajectories from massive databases, distinguishes human-machine trajectories in real time, and blocks abnormal risk trajectories.
Cluster model: The trajectory generated by the function is very easy to generate aggregation patterns in the feature space, and the dynamic clustering model automatically discovers new variant machine data through the aggregation of this behavior pattern. The clustering model calculates the probability distribution of the data in the low-dimensional space in the current period of time by performing low-dimensional mapping of the data in the high-dimensional feature space in real time. If the probability of a certain area is higher than the threshold, the new falling The trajectory data in this area will be banned.
Hash model: The hash model hashes the data in a high-dimensional feature space, and each real trajectory has its corresponding unique hash code. When hackers try to crack the verification by replaying the trajectory or generating a random trajectory library, the trajectory will generate a hash collision, thereby exposing the characteristics of the machine.
02
Real-time dynamic counter interception machine
In the face of machine intrusion, the verification code can play a real-time defense role, that is, the machine needs to answer the correct answer in the corresponding scene before proceeding to the next step. In this event, rewards are collected for passing the verification, so that the machine can be intercepted in real time , reduce abnormal machine users in websites, software or applets, and reduce the risk of business damage.
In addition, if hackers upgrade their intrusion methods through machine learning during the attack process, the verification code can also be scientifically and effectively defended through dynamic changes, such as regular obfuscation and transformation of front-end JS, regular changes of front-end dynamic parameters, The network-wide risk library will be updated regularly, and the parameter encryption algorithm will be changed flexibly. However, among the existing verification codes, only GeeExperiment 4.0 can do this.
For example, under the protection of the verification code, the number of awards received on the 27th and 28th of the event decreased significantly compared with the 26th day when no verification code was configured, but the number of awards received on the 29th increased slightly. With ten years of rich experience, we judge that the black industry has upgraded its attack methods through machine learning at this time.
Immediately, we upgraded the verification model strategy. In the face of risky requests, the verification AI brain will automatically strengthen the confrontation strategy, such as: dynamically switch the verification form, automatically update the visual model, etc. The dynamically changing verification code model has brought great challenges to black production, increased the cost and time of cracking, and improved the interception ability, so we can clearly see that the number of machines in the last two days of the event is on a downward trend again.
03
The significance of verification codes in practical applications
Today, hackers use more diversified means of machine attacks. Through the above real cases, we can see that verification codes have the following practical significance in risk control:
1) Assisting enterprises in making risk judgments: the behavioral data collected by verification codes can effectively enrich the information collection dimension of the risk control system and provide more diverse perspectives and basis for the final judgment. For example, sliding puzzle verification can collect user sliding tracks, and image recognition verification can collect user mouse click events.
2) Improve the difficulty of hacking attacks: the verification code is deployed as a necessary component at the entrance of key businesses such as login, password retrieval, order placement, and comment posting, which can effectively prevent attacks such as database collision and brute-force guessing. The deployment of verification codes Increased the attack difficulty of black products.
3) Dealing with malicious traffic: In addition to the above direct meaning, many Internet companies have been or are working on building their own risk control systems based on actual business conditions. Under the premise of the judgment result of the risk control system, it can be processed in combination with verification codes of different difficulty levels to improve user experience and reduce misjudgment.