CN110830664B - Method and device for identifying telecommunication fraud potential victim user - Google Patents

Method and device for identifying telecommunication fraud potential victim user Download PDF

Info

Publication number
CN110830664B
CN110830664B CN201810920834.2A CN201810920834A CN110830664B CN 110830664 B CN110830664 B CN 110830664B CN 201810920834 A CN201810920834 A CN 201810920834A CN 110830664 B CN110830664 B CN 110830664B
Authority
CN
China
Prior art keywords
social
cluster
calling
victim
social cluster
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810920834.2A
Other languages
Chinese (zh)
Other versions
CN110830664A (en
Inventor
杜刚
朱艳云
张晨
戴晶
邵妍
李元锋
胡入祯
杜雪涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Design Institute Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Design Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Design Institute Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201810920834.2A priority Critical patent/CN110830664B/en
Publication of CN110830664A publication Critical patent/CN110830664A/en
Application granted granted Critical
Publication of CN110830664B publication Critical patent/CN110830664B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • H04M3/4365Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it based on information specified by the calling party, e.g. priority or subject
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6027Fraud preventions

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a method and a device for identifying telecommunication fraud potential victim users. The method comprises the following steps: the method comprises the steps of obtaining social identity information of key called parties in a social cluster and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called parties and a plurality of calling parties with stable conversation relations with the key called parties; and identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters, and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters. According to the embodiment of the invention, the social identity information of the key called party and the fraud information of the calling party in the social cluster are obtained, the telecommunication fraud potential victim user based on the trust relationship can be effectively identified, and the telecommunication fraud potential victim user of a certain fraud type is further identified.

Description

Method and device for identifying telecommunication fraud potential victim user
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a method and a device for identifying telecommunication fraud potential victim users.
Background
Currently, the molecular fraud committing means presents a precise trend, and the mode of fraudulent molecules cheating by using the trust of victims is often successful, namely the committing idea of the fraudulent molecules is the object/thing trusted by the victims and the weakness of easy fraud by the object/thing, such as the imposition of a school teacher to send fraud information to parents of students, such as the imposition of a leader to send fraud information to employees, such as the passing staff cheating the elderly and the like, so that the committee can not prevent the committing means.
Therefore, how to identify potential victim users of various fraud types to enhance protection of victim social relationship people becomes an urgent issue to be solved.
Disclosure of Invention
In view of the problems of the prior art, the embodiments of the present invention provide a method and an apparatus for identifying a telecom fraud potential victim user.
In one aspect, an embodiment of the present invention provides a method for identifying a telecom fraud potential victim user, the method including:
the method comprises the steps of obtaining social identity information of key called parties in a social cluster and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called parties and a plurality of calling parties with stable conversation relations with the key called parties;
and identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters, and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters.
In another aspect, an embodiment of the present invention provides an apparatus for identifying a telecom fraud potential victim user, where the apparatus includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring social identity information of a key called party in a social cluster and acquiring victim information of calling parties in the social cluster, and the social cluster comprises the key called party and a plurality of calling parties with stable conversation relations with the key called party;
the identification module is used for identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters.
In another aspect, an embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor, when executing the program, implements the steps of the method for identifying a telecommunication fraud potential victim user as described above.
In another aspect, embodiments of the present invention also provide a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method for identifying a telecommunication fraud potential victim user as described above.
According to the embodiment of the invention, the social identity information of the key called party and the fraud information of the calling party in the social cluster are obtained, the telecommunication fraud potential victim user based on the trust relationship can be effectively identified, and the telecommunication fraud potential victim user of a certain fraud type is further identified.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a method for identifying a telecom fraud potential victim user according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for establishing a social cluster according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a method for identifying a potential victim user in a social cluster according to victim information of a caller in the social cluster according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a method for identifying potential victim users based on relationships of social clusters of the same type according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of an apparatus for identifying a telecom fraud potential victim user according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an apparatus for establishing a social cluster according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a system for establishing a social cluster according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 shows a flow chart of a method for identifying a telecom fraud potential victim user according to an embodiment of the present invention.
As shown in fig. 1, the method for identifying a telecommunication fraud potential victim user provided by the embodiment of the present invention specifically includes the following steps:
s11, obtaining social identity information of a key called party in a social cluster, and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called party and a plurality of calling parties having stable conversation relations with the key called party;
specifically, the social cluster is a model based on a user trust relationship, which is constructed based on call behaviors of call ticket data. By finding out a trusted object in a group of people as a key called party and finding out a group of people who trust the key called party as a calling party, a trust circle with a stable social relationship is formed by taking the key called party as a center and surrounding the key called party by a plurality of calling parties.
The embodiment of the invention discovers potential telecommunication fraud victim users based on the social cluster, and firstly obtains the social identity information of key called parties in the social cluster so as to pertinently determine the types of the potential victim users; and acquiring victim information of each caller in the social cluster, such as the number of received fraud information, so as to clarify the overall victim situation and trend of the social cluster.
S12, potential victim users in the social clusters are identified according to the victim information of the calling users in the social clusters, and potential victim users in other social clusters are identified according to the social identity information of the key called users in the social clusters and the relations among the social clusters.
According to the embodiment of the invention, the overall damage condition and trend of the social cluster are determined according to the damage information of each calling party in the social cluster, so that potential damage users are identified according to the internal relation of the social cluster.
Considering the spreading of fraud and the transitivity of the social network, the embodiment of the invention screens out the social clusters of the same type as the victim social cluster based on the social identity information of the key called party in the social cluster, and identifies more potential victim users with similar characteristics according to the relationship between the social clusters of the same type and the victim social cluster.
According to the embodiment of the invention, the social identity information of the key called party and the fraud information of the calling party in the social cluster are obtained, the telecommunication fraud potential victim user based on the trust relationship can be effectively identified, and the telecommunication fraud potential victim user of a certain fraud type is further identified.
The embodiment of the invention also provides a method for establishing the social cluster.
Fig. 2 is a flowchart illustrating a method for establishing a social cluster according to an embodiment of the present invention.
As shown in fig. 2, the method for establishing a social cluster provided in the embodiment of the present invention specifically includes the following steps:
s21, screening out the same number as an effective call ticket of a called party in a specified period, wherein the effective call ticket is a call ticket of which the call duration exceeds T1;
the embodiment of the invention finds out the key called party based on the call ticket data, traverses the call ticket data of the same number in a certain period (for example, 3 months) in a real-time process, aggregates the number as the call ticket of the called party, and screens out effective call tickets, namely, the call tickets with the conversation duration exceeding a certain time T1 (for example, 2 minutes).
S22, screening out the calling with stable conversation relation with the same number from the effective ticket, wherein the calling with stable conversation relation with the same number is the calling with the conversation frequency of the same number exceeding N1 and the conversation time length exceeding T1 in the appointed period;
specifically, the same caller and the same callee who have more than N1 (e.g. 3) active calls in a specified period are said to have a stable call relationship, and therefore, the caller having a stable call relationship with the same number is the caller who has more than N1 times of calls and more than T1 times of calls with the same number in the specified period.
And S23, if the number of the calling parties with stable conversation relationship with the same number in the specified period reaches the specified number, establishing a social cluster which takes the same number as a key called party and comprises a plurality of calling parties with stable conversation relationship with the key called party.
The embodiment of the invention finds out the number of the calling parties with stable conversation relation with the called party according to the effective call bill of the same called party in a specified period, if the number of the calling parties exceeds a specified threshold value, a social cluster taking the called party as a center is established, and the called party is a key called party.
As shown in fig. 2, the step of establishing a social cluster further includes:
s24, determining the calling in the social cluster, which has the calling duration not less than T2 and the calling number not less than N2 within the specified period, as the inner ring calling of the social cluster, wherein T2> T1 and N2> N1;
and S25, determining other callers except the inner ring caller in the social cluster as the outer ring caller of the social cluster.
Because different calling parties and key called parties have different degrees of tightness and different degrees of trust, when abnormal conditions occur, the influence degree of the abnormal conditions on the social cluster and the influence of the abnormal conditions on the abnormal conditions are different, the embodiment of the invention divides different calling parties into an inner ring calling party and an outer ring calling party according to the degree of tightness, wherein the trust degree of the inner ring calling party is higher.
The embodiment of the invention divides the calling party which has relatively long calling time with the key called party, relatively more data of the number of calls and relatively close relationship with the key called party into the inner ring calling party; and dividing the calling party which has relatively less time for calling the key called party, relatively less data of the number of times of calling and relatively distant relation with the key called party into an outer ring calling party.
Specifically, by performing statistical analysis on the valid tickets, the caller can define an inner ring caller and an outer ring caller according to the following rules:
the inner ring calling: the call duration of the key called party is more than or equal to T2, and the call times are more than or equal to N2, since the inner ring calling party and the key called party have relatively close relationship, T2 is more than T1, and N2 is more than N1;
an outer ring calling: and taking other callers except the inner ring caller in the social cluster as the key called outer ring caller.
After a plurality of social clusters with different key called parties as centers are established and inner-ring users and outer-ring users of the social clusters are distinguished, the embodiment of the invention also provides a method for judging the relationship among the social clusters.
The method for judging the relationship among the social clusters provided by the embodiment of the invention specifically comprises the following steps:
if the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the first social cluster is not less than a first value, and the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the second social cluster is not less than the first value, judging that the first social cluster is equivalent to the second social cluster;
if the proportion of the number of the overlapped calling parties in the first social cluster and the second social cluster to the number of the calling parties in the first social cluster is smaller than a first numerical value, and the proportion of the number of the overlapped calling parties in the first social cluster and the second social cluster to the number of the calling parties in the second social cluster is not smaller than the first numerical value, judging that the first social cluster comprises the second social cluster;
if the proportion of the number of the overlapped calling in the first social cluster and the second social cluster to the number of the calling in the first social cluster is larger than or equal to a second value and smaller than a first value; and when the proportion of the number of the overlapped calling in the first social cluster and the second social cluster to the number of the calling in the second social cluster is larger than or equal to a second value and smaller than a first value, judging that the first social cluster is associated with the second social cluster.
According to the embodiment of the invention, on the basis of establishing the social clusters and dividing the inner ring calling party and the outer ring calling party in each social cluster, the relevance of the trust groups of different key called parties is searched, so that the relevance of each social cluster is searched. According to the proportion of the number of the mutually overlapped calling parties in each social cluster to the number of the calling parties in each social cluster, the relevance among the social clusters is divided into three types: including, equivalent, and related.
Specifically, if the number of the calling party of the key called party a is Sa, the number of the calling party of the key called party B is Sb, and the number of the calling party of the key called party a overlapping with the number of the calling party of the key called party B is Sab, the relationship rule between the social cluster a and the social cluster B is as follows:
equivalence: social cluster a is equivalent to social cluster B if Sab/Sb 100% > (L% (default 80%) and Sab/Sa 100% > (L% (default 80%).
Comprises the following steps: social cluster a includes social cluster B if Sab/Sb 100% > (L% (default 80%), and Sab/Sa 100% < L% (default 80%).
And (3) association: social cluster a associates social cluster B if Sab/Sb 100% < L% (default 80%) and Sab/Sb 100% > (K% (default 30%), and Sab/Sa 100% < L% (default 80%) and Sab/Sa 100% > (K% (default 30%).
On the basis of the foregoing embodiment, S11 specifically includes:
determining the corresponding relation between the number and the social identity in the number social identity information base through the network yellow page and the operation analysis system of the telecom operator;
and acquiring the social identity of the key called party in each social cluster according to the number social identity information base.
The embodiment of the invention tracks the social identity information (such as teachers, company leaders and the like) of numbers, and is mainly used for determining the social identity of key called parties in a social cluster. The number social identity information can be acquired through various channels, such as a network yellow page, an operation analysis system of a telecom operator and the like, and a number social identity information base is established based on the acquired information. Therefore, the embodiment of the invention acquires the social identity information of the key called party in the social cluster from the number social information base.
Table 1 shows a number social identity information base proposed by an embodiment of the present invention.
TABLE 1
Figure BDA0001764181830000061
Figure BDA0001764181830000071
Referring to table 1, the number social identity information base shows the correspondence between each number and the social identity. The social identity information of the key called party in a certain social cluster can be obtained by inquiring the number social identity information base.
Specifically, S11 further includes:
determining the corresponding relation between the victim number in the number victim information base and the frequency of receiving telecommunication fraud information through a reporting system of a telecommunication operator, a bad information reporting system and the reporting and marking information of the Internet;
and acquiring the number of the calling parties receiving the telecommunication fraud information in each social cluster according to the number victim information base.
The embodiment of the invention tracks the number damage condition and is mainly used for determining the overall damage condition and trend of the social cluster. The number damage condition can also be obtained through various channels, such as a reporting system of a telecommunication operator, a bad information treatment system, the reporting and marking of the internet and the like. Based on the obtained information, a number victim information base can be established. Therefore, the embodiment of the invention acquires the information of the number of victims and the number of victims of the calling in the social cluster from the number victimization information base.
Table 2 shows a number victim information base proposed in the embodiment of the present invention.
TABLE 2
Number of times of receiving fraud messages Number of times of receipt of fraudulent calls
135xxxx1111
136xxxx2222
137xxxx3333
Referring to table 2, the number victim information base shows the correspondence of each number with the number of times of receiving fraud messages and the number of times of receiving fraud calls. The number victim information base can be queried to obtain the information of the deceased callers in a certain social cluster, including the number of the deceased callers, the number of victims of the deceased callers, and the like.
The number social identity information tracking provided by the embodiment of the invention provides support for determining the type of the social cluster which is easy to be swindled, the number victimized information tracking provides support for determining the overall victimization condition of the social cluster, and the combination of the number social identity information tracking and the number victimization information can identify potential victimized users in the social cluster.
On the basis of the foregoing embodiment, S12 specifically includes:
counting the victim ratio of the calling in the social cluster according to the number of the inner ring calling and the number of the outer ring calling which receive the telecommunication fraud information in the social cluster;
when the victim proportion of the calling in the social cluster is larger than a first threshold value, the social cluster is marked as a victim social cluster, and the calling which does not receive the telecom fraud information in the social cluster is determined as a potential victim user.
According to the method and the device for obtaining the overall damage ratio of the calling user in the social cluster, the damage condition of the calling user in the social cluster is obtained through the number damage information base, the overall damage ratio of the calling user in one social cluster can be obtained through analysis, and if the damage ratio exceeds a certain threshold value, other calling users in the social cluster are potential damage users.
Fig. 3 shows a flowchart of a method for identifying a potential victim user in a social cluster according to the victim information of a caller in the social cluster according to an embodiment of the present invention.
Referring to fig. 3, the method for identifying a potential victim user in a social cluster according to the victim information of a caller in the social cluster provided by the embodiment of the present invention specifically includes the following steps:
for a social cluster A, firstly, acquiring all the victim information of calling numbers through a number victim information base, wherein the victim information comprises the number of inner-ring calling victims and the number of outer-ring calling victims;
and counting the calling damage proportion Ha of the social cluster A, and considering different influences of the inner ring calling and the outer ring calling in the social cluster, so that different weight values K1 and K2 are given to the inner ring calling and the outer ring calling. The calculation formula is as follows:
ha ═ K1 inner ring number of calling victims + K2 outer ring number of calling victims)/number of calling of social cluster a;
judging whether the calculated calling damage proportion Ha is larger than or equal to a preset threshold Hmin or not, and if the calling damage proportion Ha is smaller than the preset threshold Hmin, determining that the social cluster is a normal social cluster; and if the calling damage proportion is larger than or equal to Hmin, the social cluster is a damaged social cluster, and the social cluster is marked as the damaged social cluster.
For callers in victim social cluster a, other callers are potential victim users in addition to the victim caller with the victim tag. In combination with the social identity information of the key callee a, a potentially victim user of a certain fraud type can be further identified.
On the basis of the foregoing embodiment, S12 specifically further includes:
screening out social clusters of the same type as the victim social cluster according to the social identity information of the key called party of the victim social cluster;
if the victim social cluster is equivalent to the screened social clusters of the same type, judging the calling user in the screened social clusters of the same type as a potential victim user;
if the victim social cluster contains the screened social clusters of the same type, judging that the inner-ring calling users in the screened social clusters of the same type are potential victim users;
and if the damaged social cluster is associated with the screened social clusters of the same type, judging that the outer ring calling user in the screened social clusters of the same type is a potential damaged user.
The embodiment of the invention provides a method for identifying and discovering potential victim users based on the relationship of the same type of social clusters in consideration of the spreading of fraud and the transitivity of a social network.
Fig. 4 is a flowchart illustrating a method for identifying potential victim users based on relationships of the same-type social clusters according to an embodiment of the present invention.
Referring to fig. 4, the method for identifying a potential victim user based on a relationship of social clusters of the same type provided by the embodiment of the present invention specifically includes the following steps:
for the social cluster i marked as a victim social cluster, firstly, screening out the social cluster with the same type as the social cluster i according to the social identity of a key called party of the social cluster i, namely screening out the social cluster with the identity information of the key called party being the same as the social identity of the key called party of the social cluster i, and referring to the social cluster j;
for each social cluster j, judging whether a potential victim user exists according to the relation type with the social cluster i;
if the social cluster i is equivalent to the social cluster j, the calling user of the social cluster j is a potential victim user of the type of fraud;
if the social cluster i contains a social cluster j, the inner ring calling user of the social cluster j is a potential victim user of the type of fraud;
and if the social cluster i is associated with the social cluster j, the calling user of the social cluster j is a normal user.
According to the method for identifying potential victim users based on the relationship of the same type of social clusters, provided by the embodiment of the invention, the potential communication information fraud victim users with similar characteristics can be identified according to the type of the victim social clusters and the relationship among the same type of social clusters, so that the social clusters needing important protection or enhanced protection are identified.
The embodiment of the invention also provides a device for identifying telecommunication fraud potential victim users.
FIG. 5 shows a schematic structural diagram of an apparatus for identifying a telecom fraud potential victim user provided by an embodiment of the present invention.
Referring to fig. 5, the apparatus for identifying a telecom fraud potential victim user provided by the embodiment of the present invention comprises an acquisition module 11 and an identification module 12, wherein:
the obtaining module 11 is configured to obtain social identity information of a key called party in a social cluster and obtain victim information of a calling party in the social cluster, where the social cluster includes the key called party and a plurality of calling parties having a stable call relationship with the key called party;
specifically, the social cluster is a model based on a user trust relationship, which is constructed based on call behaviors of call ticket data. By finding out a trusted object in a group of people as a key called party and finding out a group of people who trust the key called party as a calling party, a trust circle with a stable social relationship is formed by taking the key called party as a center and surrounding the key called party by a plurality of calling parties.
The embodiment of the invention discovers potential telecommunication fraud victim users based on the social cluster, and firstly obtains the social identity information of key called parties in the social cluster so as to pertinently determine the types of the potential victim users; and acquiring victim information of each caller in the social cluster, such as the number of received fraud information, so as to clarify the overall victim situation and trend of the social cluster.
The identifying module 12 is configured to identify potential victim users in the social cluster according to the victim information of the caller in the social cluster, and identify potential victim users in other social clusters according to the social identity information of the key callee in the social cluster and the relationship between the social clusters.
According to the embodiment of the invention, the overall damage condition and trend of the social cluster are determined according to the damage information of each calling party in the social cluster, so that potential damage users are identified according to the internal relation of the social cluster.
According to the embodiment of the invention, the spreading of fraud and the transitivity of the social network are considered, the social clusters of the same type as the damaged social cluster are screened out based on the social identity information of the key called party in the social cluster, and more potential damaged users with similar characteristics are identified according to the relationship between the social clusters of the same type and the damaged social cluster.
According to the embodiment of the invention, the social identity information of the key called party and the fraud information of the calling party in the social cluster are obtained, the telecommunication fraud potential victim user based on the trust relationship can be effectively identified, and the telecommunication fraud potential victim user of a certain fraud type is further identified.
The embodiment of the invention also provides a device for establishing the social cluster.
Fig. 6 is a schematic structural diagram illustrating an apparatus for establishing a social cluster according to an embodiment of the present invention.
Referring to fig. 6, the apparatus for establishing a social cluster includes a first filtering module 21, a second filtering module 22, and an establishing module 23, wherein:
the first screening module 21 is configured to screen out an effective ticket of the same number as a called party in a specified period, where the effective ticket is a ticket whose call duration exceeds T1;
the embodiment of the invention finds out the key called party based on the call ticket data, traverses the call ticket data of the same number in a certain period (for example, 3 months) in a real-time process, aggregates the number as the call ticket of the called party, and screens out effective call tickets, namely, the call tickets with the conversation duration exceeding a certain time T1 (for example, 2 minutes).
The second screening module 22 is configured to screen out a caller having a stable call relationship with the same number from the valid telephone bills, where the caller having the stable call relationship with the same number is a caller having a call time exceeding N1 and a call duration exceeding T1 with the same number within the specified period;
specifically, the same caller and the same callee who have more than N1 (e.g. 3) active calls in a specified period are said to have a stable call relationship, and therefore, the caller having a stable call relationship with the same number is the caller who has more than N1 times of calls and more than T1 times of calls with the same number in the specified period.
The establishing module 23 is configured to establish a social cluster that uses the same number as a key called party and includes a plurality of callers with stable conversation relationships with the key called party if the number of callers with stable conversation relationships with the same number in the specified period reaches a specified number.
The embodiment of the invention finds out the number of the calling parties with stable conversation relation with the called party according to the effective call bill of the same called party in a specified period, if the number of the calling parties exceeds a specified threshold value, a social cluster taking the called party as a center is established, and the called party is a key called party.
Specifically, referring to fig. 6, the apparatus for establishing a social cluster further includes a first determining module 24 and a second determining module 25, wherein:
the first determining module 24 is configured to determine, as an inner ring caller of the social cluster, a caller in the social cluster, whose call duration with the key called in the specified period is not less than T2 and whose call number is not less than N2, where T2> T1 and N2> N1;
the second determining module 25 is configured to determine other callers in the social cluster except the inner ring caller as the outer ring caller of the social cluster.
Because different calling parties and key called parties have different degrees of tightness and different degrees of trust, when abnormal conditions occur, the influence degree of the abnormal conditions on the social cluster and the influence of the social cluster on the abnormal conditions are different, so that the calling parties which have relatively long conversation time with the key called parties, relatively more data of conversation times and relatively close relation with the key called parties are divided into inner-ring calling parties; and dividing the calling party which has relatively less time for calling the key called party, relatively less data of the number of times of calling and relatively distant relation with the key called party into an outer ring calling party.
The embodiment of the invention also provides a device for judging the relation among the social clusters.
Specifically, the apparatus for establishing a social cluster provided in the embodiment of the present invention includes: first judge module, second judge module and third judge module, wherein:
the first judging module is used for judging that the first social cluster is equivalent to the second social cluster if the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the first social cluster is not less than a first numerical value and the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the second social cluster is not less than the first numerical value;
the second determination module is configured to determine that the first social cluster includes the second social cluster if a ratio of the number of the overlapped callers in the first social cluster to the number of the callers in the first social cluster is smaller than a first value, and a ratio of the number of the overlapped callers in the first social cluster and the second social cluster to the number of the callers in the second social cluster is not smaller than the first value;
the third judging module is used for judging whether the ratio of the number of the calling parties overlapped in the first social cluster and the second social cluster to the number of the calling parties in the first social cluster is larger than or equal to a second value and smaller than a first value; and when the proportion of the number of the overlapped calling in the first social cluster and the second social cluster to the number of the calling in the second social cluster is larger than or equal to a second value and smaller than a first value, judging that the first social cluster is associated with the second social cluster.
According to the embodiment of the invention, on the basis of establishing the social clusters and dividing the inner ring calling party and the outer ring calling party in each social cluster, the relevance of the trust groups of different key called parties is searched, so that the relevance of each social cluster is searched. According to the proportion of the number of the mutually overlapped calling parties in each social cluster to the number of the calling parties in each social cluster, the relevance among the social clusters is divided into three types: including, equivalent, and related.
Specifically, the obtaining module 11 includes: a first determination submodule and a first acquisition submodule, wherein:
the first determining submodule is used for determining the corresponding relation between the number and the social identity in the number social identity information base through the network yellow page and the operation analysis system of the telecom operator;
and the first obtaining submodule is used for obtaining the social identity of the key called party in each social cluster according to the number social identity information base.
The embodiment of the invention tracks the social identity information (such as teachers, company leaders and the like) of numbers, and is mainly used for determining the social identity of key called parties in a social cluster. The number social identity information can be acquired through various channels, such as a network yellow page, an operation analysis system of a telecom operator and the like, and a number social identity information base is established based on the acquired information. Therefore, the embodiment of the invention acquires the social identity information of the key called party in the social cluster from the number social information base.
Specifically, the obtaining module 11 further includes: a second determining submodule and a second obtaining submodule, wherein:
the second determining submodule is used for determining the corresponding relation between the victim number in the number victim information base and the frequency of receiving the telecommunication fraud information through a reporting system of a telecommunication operator, a bad information reporting system and the reporting and marking information of the Internet;
and the second obtaining submodule is used for obtaining the number of the calling parties receiving the telecommunication fraud information in each social cluster according to the number victim information base.
The embodiment of the invention tracks the number damage condition and is mainly used for determining the overall damage condition and trend of the social cluster. The number damage condition can also be acquired through various channels, such as a reporting system of a telecommunication operator, a bad information treatment system, the reporting and marking of the internet and the like, and a number damage information base can be established based on the acquired information. Therefore, the embodiment of the invention acquires the information of the number of victims and the number of victims of the calling in the social cluster from the number victimization information base.
In particular, the identification module 12 comprises: a statistics submodule, a labeling submodule, and a first decision submodule, wherein:
the statistic submodule is used for counting the victim ratio of the calling in the social cluster according to the number of the inner ring calling and the number of the outer ring calling which receive the telecommunication fraud information in the social cluster;
the marking sub-module is used for marking the social cluster as a victim social cluster when the victim proportion of the calling in the social cluster is larger than a first threshold;
the first determining submodule is used for determining that the calling party in the social cluster which does not receive the telecom fraud information is a potential victim user.
According to the method and the device for obtaining the overall damage ratio of the calling user in the social cluster, the damage condition of the calling user in the social cluster is obtained through the number damage information base, the overall damage ratio of the calling user in one social cluster can be obtained through analysis, and if the damage ratio exceeds a certain threshold value, other calling users in the social cluster are potential damage users.
Specifically, the identification module 12 further includes: screening submodule piece and second judge submodule piece, wherein:
the screening submodule is used for screening out the social clusters with the same type as the victim social cluster according to the social identity information of the key called party of the victim social cluster;
the second judging submodule is used for judging the calling user in the selected social cluster of the same type as a potential damaged user if the damaged social cluster is equivalent to the selected social cluster of the same type; if the victim social cluster comprises the selected social cluster equivalence of the same type, judging that the inner ring calling users in the selected social cluster of the same type are potential victim users; and if the social clusters of the same type screened by the victim social cluster association are equivalent, judging that the outer ring calling users in the screened social clusters of the same type are potential victim users.
According to the method and the device for identifying the social cluster, the potential communication information fraud victim users with similar characteristics can be identified by combining the relationship among the social clusters of the same type according to the type of the victim social cluster, so that the social cluster needing important protection or enhanced protection is identified.
The functional modules in the embodiments of the present invention may be implemented by a hardware processor (hardware processor), and the embodiments of the present invention are not described again.
The embodiment of the invention also provides a system for identifying telecommunication fraud potential victim users.
FIG. 7 shows a schematic structural diagram of a system for identifying a telecom fraud potential victim user according to an embodiment of the present invention.
Referring to fig. 7, the system for identifying a telecom fraud potential victim user according to the embodiment of the present invention includes: the system comprises a social cluster analysis unit, a number tracking unit, a number social identity information base, a number victim base and a potential victim user identification unit, wherein the number tracking unit is connected with the number social identity information base and the number victim information base, and the system comprises:
the social cluster analysis unit is used for analyzing the dialogue list data and analyzing a social cluster taking a key called party as a core based on the conversation relationship; the system is also used for analyzing the trust of each calling party and each key called party and dividing an inner ring calling party and an outer ring calling party; and analyzing the degree of close association among the social clusters, including equivalence, inclusion and association relations among the social clusters;
the number tracking unit comprises two parts of information tracking: the method comprises the steps that first, number social identity information (such as teachers, company leaders and the like) is tracked through a number social identity information base and is mainly used for determining the social identity of key called parties in a social cluster; and secondly, tracking the number damage condition through a number damage information base, and mainly determining the overall damage condition and trend of the social cluster. The acquisition of the number social identity information can be realized through various channels, such as a network yellow page, an operation analysis system of a telecom operator and the like; the number damage condition can also be obtained through various channels, such as a reporting system of a telecom operator, a bad information treatment system, the reporting and marking of the internet and the like;
the potential victim user identification unit is used for determining a potential fraud type of a social cluster taking a key called as a core based on the social identity of the key called, identifying a potential victim user of the social cluster based on the victim condition of the social cluster, analyzing a social relationship cluster needing important protection or enhanced protection based on the victim trend in the social cluster of the same type, and identifying a potential communication information fraud victim user.
The implementation steps of each unit in the system for identifying a telecommunication fraud potential victim user provided by the embodiment of the present invention correspond to the steps of the method for identifying a telecommunication fraud potential victim user provided by the embodiment of the present invention, and are not described herein again.
An embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the method shown in fig. 1 is implemented.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
As shown in fig. 8, the electronic device provided by the embodiment of the present invention includes a memory 31, a processor 32, a bus 33, and a computer program stored on the memory 31 and executable on the processor 32. The memory 31 and the processor 32 complete communication with each other through the bus 33.
The processor 32 is used for calling the program instructions in the memory 31 to implement the method of fig. 1 when executing the program.
For example, the processor implements the following method when executing the program:
the method comprises the steps of obtaining social identity information of key called parties in a social cluster and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called parties and a plurality of calling parties with stable conversation relations with the key called parties;
and identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters, and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters.
According to the electronic device provided by the embodiment of the invention, the telecommunication fraud potential victim user based on the trust relationship can be effectively identified by acquiring the social identity information of the key called party and the fraud information of the calling party in the social cluster, and the telecommunication fraud potential victim user of a certain fraud type can be further identified.
Embodiments of the present invention also provide a non-transitory computer readable storage medium, on which a computer program is stored, and the program, when executed by a processor, implements the steps of fig. 1.
For example, the processor implements the following method when executing the program:
the method comprises the steps of obtaining social identity information of key called parties in a social cluster and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called parties and a plurality of calling parties with stable conversation relations with the key called parties;
and identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters, and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters.
The non-transitory computer readable storage medium provided by the embodiment of the invention can effectively identify telecom fraud potential victim users based on trust relationship by acquiring the social identity information of key called parties and the fraud information of calling parties in a social cluster, and further identify potential victim users of a certain fraud type.
An embodiment of the present invention discloses a computer program product, the computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which when executed by a computer, enable the computer to perform the methods provided by the above-mentioned method embodiments, for example, including:
the method comprises the steps of obtaining social identity information of key called parties in a social cluster and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called parties and a plurality of calling parties with stable conversation relations with the key called parties;
and identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters, and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters.
Those skilled in the art will appreciate that although some embodiments described herein include some features included in other embodiments instead of others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (6)

1. A method of identifying telecommunication fraud potential victim users, characterized in that the method comprises: the method comprises the steps of obtaining social identity information of key called parties in a social cluster and obtaining victim information of calling parties in the social cluster, wherein the social cluster comprises the key called parties and a plurality of calling parties with stable conversation relations with the key called parties; identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters, and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters; the method further comprises the following steps: establishing a social cluster: screening out an effective call ticket of the same number as a called party in a specified period, wherein the effective call ticket is a call ticket of which the call duration exceeds T1; screening out a calling party having a stable conversation relationship with the same number from the effective call tickets, wherein the calling party having the stable conversation relationship with the same number is a calling party having a conversation time exceeding N1 and a conversation time exceeding T1 with the same number in the specified period; if the number of the calling parties with stable conversation relations with the same number in the specified period reaches a specified number, establishing a social cluster which takes the same number as a key called party and comprises a plurality of calling parties with stable conversation relations with the key called party; the obtaining of the social identity information of the key called party in the social cluster comprises: determining the corresponding relation between the number and the social identity in the number social identity information base through the network yellow page and the operation analysis system of the telecom operator; obtaining the social identity of the key called party in each social cluster according to the number social identity information base; the obtaining of the victim information of the caller in the social cluster includes: determining the corresponding relation between the victim number in the number victim information base and the frequency of receiving telecommunication fraud information through a reporting system of a telecommunication operator, a bad information reporting system and the reporting and marking information of the Internet; obtaining the number of calling parties receiving telecommunication fraud information in each social cluster according to the number victim information base; judging the relationship among the social clusters: if the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the first social cluster is not less than a first value, and the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the second social cluster is not less than the first value, judging that the first social cluster is equivalent to the second social cluster; if the proportion of the number of the overlapped calling parties in the first social cluster and the second social cluster to the number of the calling parties in the first social cluster is smaller than a first numerical value, and the proportion of the number of the overlapped calling parties in the first social cluster and the second social cluster to the number of the calling parties in the second social cluster is not smaller than the first numerical value, judging that the first social cluster comprises the second social cluster; if the proportion of the number of the overlapped calling in the first social cluster and the second social cluster to the number of the calling in the first social cluster is larger than or equal to a second value and smaller than a first value; when the proportion of the number of the overlapped calling parties in the first social cluster and the second social cluster to the number of the calling parties in the second social cluster is larger than or equal to a second value and smaller than a first value, judging that the first social cluster is associated with the second social cluster; the identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters comprises: screening out social clusters of the same type as the victim social cluster according to the social identity information of the key called party of the victim social cluster; if the victim social cluster is equivalent to the screened social clusters of the same type, judging the calling user in the screened social clusters of the same type as a potential victim user; if the victim social cluster contains the screened social clusters of the same type, judging that the inner-ring calling users in the screened social clusters of the same type are potential victim users; and if the damaged social cluster is associated with the screened social clusters of the same type, judging that the outer ring calling user in the screened social clusters of the same type is a potential damaged user.
2. The method of claim 1, wherein the step of establishing a social cluster further comprises: determining a caller in the social cluster, which has a call duration not less than T2 and a call number not less than N2 within the specified period, as an inner ring caller of the social cluster, wherein T2> T1 and N2> N1; and determining other callers except the inner ring caller in the social cluster as the outer ring caller of the social cluster.
3. The method of claim 1, wherein the identifying potential victim users in the social cluster from the victim information of callers in the social cluster comprises: counting the victim ratio of the calling in the social cluster according to the number of the inner ring calling and the number of the outer ring calling which receive the telecommunication fraud information in the social cluster; when the victim proportion of the calling in the social cluster is larger than a first threshold value, the social cluster is marked as a victim social cluster, and the calling which does not receive the telecom fraud information in the social cluster is determined as a potential victim user.
4. An apparatus for identifying a telecommunication fraud potential victim user, the apparatus comprising: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring social identity information of a key called party in a social cluster and acquiring victim information of calling parties in the social cluster, and the social cluster comprises the key called party and a plurality of calling parties with stable conversation relations with the key called party; the identification module is used for identifying potential victim users in the social clusters according to the victim information of the calling party in the social clusters and identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters; the device further comprises: the first screening module is used for screening out an effective call ticket of the same number as a called party in a specified period, wherein the effective call ticket is a call ticket of which the call duration exceeds T1; the second screening module is used for screening out the calling party with stable conversation relation with the same number from the effective call bill, wherein the calling party with stable conversation relation with the same number is the calling party with the conversation frequency exceeding N1 and the conversation time length exceeding T1 with the same number in the specified period; the establishing module is used for establishing a social cluster which takes the same number as a key called party and comprises a plurality of calling parties with stable conversation relations with the key called party if the number of the calling parties with stable conversation relations with the same number in the specified period reaches a specified number; the obtaining of the social identity information of the key called party in the social cluster comprises: determining the corresponding relation between the number and the social identity in the number social identity information base through the network yellow page and the operation analysis system of the telecom operator; obtaining the social identity of the key called party in each social cluster according to the number social identity information base; the obtaining of the victim information of the caller in the social cluster includes: determining the corresponding relation between the victim number in the number victim information base and the frequency of receiving telecommunication fraud information through a reporting system of a telecommunication operator, a bad information reporting system and the reporting and marking information of the Internet; obtaining the number of calling parties receiving telecommunication fraud information in each social cluster according to the number victim information base; the device further comprises: the first judging module is used for judging that the first social cluster is equivalent to the second social cluster if the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the first social cluster is not smaller than a first numerical value and the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the second social cluster is not smaller than the first numerical value; the second judging module is used for judging that the first social cluster comprises the second social cluster if the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the first social cluster is smaller than a first numerical value and the proportion of the number of the overlapped calling in the first social cluster to the number of the calling in the second social cluster is not smaller than the first numerical value; a third judging module, configured to, if the ratio of the number of the overlapped callers in the first social cluster and the second social cluster to the number of the callers in the first social cluster is greater than or equal to a second value and smaller than the first value; when the proportion of the number of the overlapped calling parties in the first social cluster and the second social cluster to the number of the calling parties in the second social cluster is larger than or equal to a second value and smaller than a first value, judging that the first social cluster is associated with the second social cluster; the identifying potential victim users in other social clusters according to the social identity information of the key called party in the social clusters and the relationship among the social clusters comprises: screening out social clusters of the same type as the victim social cluster according to the social identity information of the key called party of the victim social cluster; if the victim social cluster is equivalent to the screened social clusters of the same type, judging the calling user in the screened social clusters of the same type as a potential victim user; if the victim social cluster contains the screened social clusters of the same type, judging that the inner-ring calling users in the screened social clusters of the same type are potential victim users; and if the damaged social cluster is associated with the screened social clusters of the same type, judging that the outer ring calling user in the screened social clusters of the same type is a potential damaged user.
5. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the steps of the method for identifying a telecommunication fraud potential victim user according to any one of claims 1 to 3.
6. A non-transitory computer readable storage medium, having a computer program stored thereon, wherein the computer program, when being executed by a processor, implements the steps of the method for identifying telecommunication fraud potential victim users as claimed in any one of claims 1 to 3.
CN201810920834.2A 2018-08-14 2018-08-14 Method and device for identifying telecommunication fraud potential victim user Active CN110830664B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810920834.2A CN110830664B (en) 2018-08-14 2018-08-14 Method and device for identifying telecommunication fraud potential victim user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810920834.2A CN110830664B (en) 2018-08-14 2018-08-14 Method and device for identifying telecommunication fraud potential victim user

Publications (2)

Publication Number Publication Date
CN110830664A CN110830664A (en) 2020-02-21
CN110830664B true CN110830664B (en) 2021-03-05

Family

ID=69547099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810920834.2A Active CN110830664B (en) 2018-08-14 2018-08-14 Method and device for identifying telecommunication fraud potential victim user

Country Status (1)

Country Link
CN (1) CN110830664B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112669187B (en) * 2020-12-31 2024-04-02 深圳云天励飞技术股份有限公司 Identity recognition method and device, electronic equipment and related products

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002320033A (en) * 2001-04-24 2002-10-31 Ntt Docomo Inc Data analysis processing system and program, and recording medium
CN104469025A (en) * 2014-11-26 2015-03-25 杭州东信北邮信息技术有限公司 Clustering-algorithm-based method and system for intercepting fraud phone in real time
CN106331390A (en) * 2016-11-23 2017-01-11 杭州东信北邮信息技术有限公司 Method and system for identifying fraud number based on call data
CN106791220A (en) * 2016-11-04 2017-05-31 国家计算机网络与信息安全管理中心 Prevent the method and system of telephone fraud
CN106897619A (en) * 2016-12-14 2017-06-27 中国移动通信集团设计院有限公司 Mobile terminal from malicious software cognitive method and device
CN108156336A (en) * 2018-02-01 2018-06-12 天津市国瑞数码安全系统股份有限公司 A kind of control system based on multiple features weighted model analysis ticket number

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002320033A (en) * 2001-04-24 2002-10-31 Ntt Docomo Inc Data analysis processing system and program, and recording medium
CN104469025A (en) * 2014-11-26 2015-03-25 杭州东信北邮信息技术有限公司 Clustering-algorithm-based method and system for intercepting fraud phone in real time
CN106791220A (en) * 2016-11-04 2017-05-31 国家计算机网络与信息安全管理中心 Prevent the method and system of telephone fraud
CN106331390A (en) * 2016-11-23 2017-01-11 杭州东信北邮信息技术有限公司 Method and system for identifying fraud number based on call data
CN106897619A (en) * 2016-12-14 2017-06-27 中国移动通信集团设计院有限公司 Mobile terminal from malicious software cognitive method and device
CN108156336A (en) * 2018-02-01 2018-06-12 天津市国瑞数码安全系统股份有限公司 A kind of control system based on multiple features weighted model analysis ticket number

Also Published As

Publication number Publication date
CN110830664A (en) 2020-02-21

Similar Documents

Publication Publication Date Title
US11343375B2 (en) Systems and methods for automatically conducting risk assessments for telephony communications
CN108924333B (en) Fraud telephone identification method, device and system
US7895154B2 (en) Communication reputation
CN106534463B (en) Strange call processing method and device, terminal and server
CN107197463A (en) A kind of detection method of telephone fraud, storage medium and electronic equipment
CN102368853B (en) Communication event processing method and system thereof
CN107770777B (en) Method for identifying recorded fraud calls
CN110493476B (en) Detection method, device, server and storage medium
CN112866192B (en) Method and device for identifying abnormal aggregation behaviors
CN107092651B (en) Key character mining method and system based on communication network data analysis
CN107231494A (en) A kind of acquisition methods of user communication characteristic, storage medium and electronic equipment
CN108810290B (en) Method and system for recognizing fraud calls
CN110113748B (en) Crank call monitoring method and device
CN113206909A (en) Crank call interception method and device
CN110830664B (en) Method and device for identifying telecommunication fraud potential victim user
CN105704337A (en) Number-marking method and system
CN110213449B (en) Method for identifying roaming fraud number
CN111368858B (en) User satisfaction evaluation method and device
CN109951609B (en) Malicious telephone number processing method and device
CN108769434A (en) Call processing method, apparatus and system
CN114338915A (en) Caller ID risk identification method, caller ID risk identification device, caller ID risk identification equipment and storage medium
CN108874619A (en) A kind of information monitoring method, storage medium and server
CN113596260B (en) Abnormal telephone number detection method and electronic equipment
Bordjiba et al. Data-driven approach for automatic telephony threat analysis and campaign detection
CN112671982B (en) Crank call identification method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant