Classification of Risk Control and Full-Scenario Anti-Cheat Strategies in the Internet

Real‑time information transmission on the internet brings great convenience but also introduces risks such as virtual machines, virtual phone numbers, and information leakage, making precise and efficient risk control a critical issue for the industry.

01

Risk Control Classification

At a macro level, risk control is divided into Internet and financial domains. In the Internet domain it can be further split into anti‑cheat/anti‑fraud and content security sub‑categories.

Anti‑Cheat: growth anti‑cheat (account theft, acquisition difficulty) and e‑commerce anti‑cheat (e‑commerce discounts).

Anti‑Fraud: payment risk control (card theft, payment risk).

Content Security: text, image, and video safety; tags such as pornographic or political content.

In the financial domain, risk control can be further divided into anti‑fraud and scoring‑card mechanisms.

Fraud: criminals collect identity information in rural areas and use it for bulk loan applications, resulting in fraud.

Scoring Card: combines bank credit, third‑party data, and user behavior (e.g., repayment performance) to decide credit tier, collection strategy, loan limits, and terms.

02

Full‑Scenario Cheat Types in Internet Risk Control

Specific internet risk scenarios include cheating from app downloads (paying for fake installs), incentive‑driven referral programs that attract black‑market actors, and fake traffic such as purchased followers, likes, and view counts.

03

Full‑Scenario Joint Defense and Control

First, risk perception is achieved through intelligence gathering, metric monitoring, and anomaly detection.

Second, risk identification can be performed by recalling strategy algorithms.

Third, risk mitigation includes interception, user bans, withdrawal blocks, and other actions.

We monitor our own data extensively; for example, a master who recruits many apprentices but sees no subsequent consumption may indicate abnormal behavior, prompting checks on Alipay binding patterns or low‑price membership sales.

The figure shows a cross‑scenario example: registration, login, device activation, participation in many activities, followed by batch binding and withdrawal. Identical registration times across a group that simultaneously joins activities and initiates withdrawals indicate coordinated fraud, and blacklists from one activity can be reused in another.

Cross‑validation is a common strategy: for instance, a Mate30 device cannot run Android 7.0.0, and a charging phone should not report 100% battery. Combining such feature pairs helps verify device authenticity.

We categorize all features into three types:

Type A – High‑entropy features: low repetition probability, e.g., user ID, IP address.

Type B – Enumerated or numeric features: e.g., city.

Type C – Numeric features: e.g., proportion of low‑version Android devices.

Feature combination analysis calculates the standard deviation of Type B distribution under each Type A feature; a near‑zero deviation suggests the same user group. It also computes the mean of Type C features under each Type A feature; for example, an IP address associated with uniformly low Android versions flags a suspicious cluster.

Is this leaving you wanting more?

Click to read the original article for more insights!