YD/T 4600-2023
Technical requirements for big data risk control systems for Internet businesses (English Version)
- Standard No.
- YD/T 4600-2023
- Language
- Chinese, Available in English version
- Release Date
- 2023
- Published By
- Professional Standard - Post and Telecommunication CN / YD
- Latest
- YD/T 4600-2023
- Introduction
Standard Background and Evolution Analysis
With the increasing professionalization of the Internet black industry chain, the traditional manual risk control model has been unable to cope with new threats such as false registration, database collision attacks, activity cheating, etc. This standard was jointly formulated by leading companies such as Alibaba and China Mobile, marking that my country's Internet risk control has entered a new stage of intelligence and standardization.
System Architecture Analysis
Architecture Level Core Functions Technical Implementation Data Layer Multi-source Data Collection/Encrypted Storage Distributed Database, Feature Encryption Core Technology Layer Five Major Recognition Engines Machine Learning Algorithms, Relationship Graphs Platform Technology Layer Rule/Model Management Visual Configuration, Real-time Computing
Core Function Requirements
1.
- Device fingerprint recognition: Multi-dimensional device portraits such as IMEI/MAC
- Behavior sequence analysis: Keyboard keystroke pattern + browsing trajectory modeling
- Relationship network mining: Account/device/IP association map
2. Comparison of typical application scenarios
Scenario Risk characteristics Prevention and control measures False registration Centralized registration of mobile phone numbers in the cat pool Device abnormal behavior detection Activity fraud Frequent requests from the same IP Traffic baseline analysis
Security and compliance points
According to GB/T 35273's requirements for personal information protection:
- Sensitive data storage requires AES-256 encryption
- Log audit retention ≥180 days
- Implement the principle of least privilege
Implementation suggestions
Construction path planning
Phase-based implementation: basic data governance→rule engine construction→AI model iteration
Performance evaluation indicators
- Risk identification accuracy ≥95%
- False interception rate ≤0.5%
- Response delay <200ms
YD/T 4600-2023 Referenced Document
- GB/T 35273-2017 Information security technology—Personal information security specification
YD/T 4600-2023 history
- 2023 YD/T 4600-2023 Technical requirements for big data risk control systems for Internet businesses
Topics on standards and specifications
Standard and Specification
IEEE 2813-2020 IEEE Standard: Big Data Business Security Risk Assessment
IEEE P2813/D3, August 2020 IEEE Approved Draft Standard for Big Data Business Security Risk Assessment (BD BSRA
IEEE P2813/D2, June 2020 IEEE Draft Standard for Big Data Business Security Risk Assessment (BD BSRA
IEEE Std 2813-2020 IEEE Standard for Big Data Business Security Risk Assessment
GA 557.7-2005 The information security administration code of internet service business site - Part 7: Code of administration site
GA 558.4-2005 Data interchange format for information security administration system of internet service business site - Part 4: Basic data interchange format of punishment
GA 558.6-2005 Data interchange format for information security administration system of internet service business site - Part 6: Basic data interchange format of message
GA 557.2-2005 The information security administration code of internet service business site - Part 2: Code of business state of business site
GA 558.3-2005 Data interchange format for information security administration system of internet service business site - Part 3: Basic data interchange format
GA 558.1-2005 Data interchange format for information security administration system of internet service business site - Part 1: Basic data interchange format of the data