CN112613888A - Fraud suspicion identification method and device based on APP list analysis - Google Patents

Fraud suspicion identification method and device based on APP list analysis Download PDF

Info

Publication number
CN112613888A
CN112613888A CN202011565864.XA CN202011565864A CN112613888A CN 112613888 A CN112613888 A CN 112613888A CN 202011565864 A CN202011565864 A CN 202011565864A CN 112613888 A CN112613888 A CN 112613888A
Authority
CN
China
Prior art keywords
fraud suspicion
score
fraud
suspicion
threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011565864.XA
Other languages
Chinese (zh)
Other versions
CN112613888B (en
Inventor
江汉祥
黄勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Meiya Pico Information Co Ltd
Original Assignee
Xiamen Meiya Pico Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Meiya Pico Information Co Ltd filed Critical Xiamen Meiya Pico Information Co Ltd
Priority to CN202011565864.XA priority Critical patent/CN112613888B/en
Publication of CN112613888A publication Critical patent/CN112613888A/en
Application granted granted Critical
Publication of CN112613888B publication Critical patent/CN112613888B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches

Abstract

The invention belongs to the technical field of computers, and particularly relates to a fraud suspicion identification method and device based on APP list analysis. Through an empirical model obtained by researching and analyzing the phishing molecule APP list, the APP list is divided into a plurality of forward suspicion major classes and a plurality of reverse suspicion major classes, each major class is given a certain classification threshold according to the importance degree of each major class on the analysis result, and finally, the final fraud suspicion value is obtained through weighted statistics and fraud suspicion judgment is carried out. The defects of confusion and hysteresis in identification and judgment of fraud suspicion in the prior art can be effectively overcome.

Description

Fraud suspicion identification method and device based on APP list analysis
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a fraud suspicion identification method and device based on APP list analysis.
Background
With the rapid development of economy and the deepening of social integrated management in China, particularly the wide application of new technologies such as big data, artificial intelligence and the like, the traditional crimes in China are reduced year by year, and the social security environment is continuously improved. However, phishing is growing against the trend, criminal means are renewed continuously, life housekeeping of people is seriously affected, and huge economic losses of individuals and society are caused. Identification of fraud suspicion, especially precautionary identification, is therefore important.
At present, fraud suspicion identification is judged through relevant models such as bill analysis, domain name keywords, article virtual and real relations and the like. These analyses all have certain effects, but still have certain limitations, firstly, the analysis results are possibly confused, thereby confusing marketing promotion and fraud, secondly, the analysis results have certain hysteresis, and the analysis can generate corresponding data for analysis only after the analysis occurs, so that the requirement of early prevention cannot be met.
For the reasons mentioned above, new analysis parameters were adopted: a list of APPs. The list of APPs seems to be very simple, but is actually a comprehensive embodiment of the phishing network application, and the phishing molecules are distinguished from the regular ones in their APP application for the purpose of carrying out the fraud and anti-detection effects. However, no complete research and mature model in this respect is available at present.
Disclosure of Invention
An object of the embodiments of the present application is to provide an improved method and apparatus for generating a file, so as to solve the technical problems mentioned in the above background.
In a first aspect, an embodiment of the present application provides a fraud suspicion identification method based on APP list analysis, where the method includes: obtaining APP list data; constructing a fraud suspicion score calculation model; and outputting a total fraud suspicion value by using a value calculation model based on the APP list data, carrying out fraud suspicion judgment, and outputting a fraud suspicion judgment result. The method for constructing the score calculation model specifically comprises the following steps: s1: setting a keyword group, wherein the keyword group comprises a forward keyword group and a reverse keyword group, and S2: setting fraud suspicion scores corresponding to each keyword in the keyword group, wherein the fraud suspicion scores corresponding to the keywords in the forward keyword group are positive numbers, and the fraud suspicion scores corresponding to the keywords in the reverse keyword group are negative numbers, S3: identifying the number of APPs hit per keyword, S4: performing weighted accumulation on the fraud suspicion score corresponding to each keyword and the number of hit APPs of the keyword to obtain the fraud suspicion score corresponding to the keyword, S5: the fraud suspicion scores of all keywords are added to obtain a total fraud suspicion score.
In some embodiments, the method for calculating the fraud suspicion score corresponding to each keyword comprises: the keywords are classified according to functions, a classification threshold value of each classification is set, the weight of each keyword under each classification is set, and the fraud suspicion score of each classification is calculated. The keywords are classified, different weights can be given to the score calculation model according to the influence degrees of different classifications on the result, and the calculation result is more scientific and reliable.
In some embodiments, the fraud suspicion score for each category is calculated by the formula:
Figure BDA0002861726050000031
a mathematical model is established to facilitate the calculation of the score calculation model, so that the calculation process is more accurate and rapid.
Wherein i is a natural number greater than 1, f (i) is the fraud suspicion score of the ith classification, a is the number of keywords of the classification, m is the fraud suspicion score corresponding to a certain keyword under the classification, and TnThe number of APPs hit for that keyword.
In some embodiments, f (i) and f (i) are both provided with corresponding threshold values, when the score of f (i) calculated by the above formula exceeds the corresponding threshold value, the value of f (i) is taken as the corresponding threshold value, when the threshold value is a positive number, the threshold value is the maximum value of f (i), and when the threshold value is a negative number, the threshold value is the minimum value of f (i). The classification threshold value of each classification can be set to prevent the APP of a certain classification belonging to the reverse key phrase from being downloaded too much and shielding the APP of the forward key phrase, so that the calculation result is more scientific and reliable.
In some embodiments, the total fraud suspicion score is calculated by adding the fraud suspicion scores of the respective classifications, and the calculation formula is:
Figure BDA0002861726050000032
a mathematical model is established to facilitate the calculation of the score calculation model, so that the calculation process is more accurate and rapid.
Where F (i) is the total fraud suspicion score, b is the number of classifications, and f (i) is the fraud suspicion score for a certain classification.
In some embodiments, there are several sub-classifications for each classification, each keyword under a classification is assigned to one of the sub-classifications, and keywords assigned to the same sub-classification have the same fraud suspicion score. The classification can be further reclassified according to the actual application condition, so that the score calculation model is more refined and has stronger pertinence.
In some embodiments, the total fraud suspicion score has a first threshold and a second threshold, the total fraud suspicion score being counted equal to the first threshold when the total fraud suspicion score is greater than the first threshold, the total fraud suspicion score being counted equal to the second threshold when the total fraud suspicion score is below the second threshold. The total fraud suspicion value is controlled within a certain threshold value range, the influence of extreme values is reduced, and the establishment of a judgment result model is facilitated.
In some embodiments, the total fraud suspicion score also has a first intermediate threshold and a second intermediate threshold, the first result being determined when the total fraud suspicion score is equal to or greater than the first intermediate threshold and equal to or less than the first threshold, the second result being determined when the total fraud suspicion score is equal to or greater than the second intermediate threshold and less than the first intermediate threshold, the third result being determined when the total fraud suspicion score is equal to or greater than the second threshold and equal to or less than the second intermediate threshold. By setting an intermediate threshold value, a judgment result model is established, so that the calculated total fraud suspicion score can correspond to the judgment result.
In some embodiments, the fraud suspicion determination results include high, medium, and low suspicion. The judgment result is popular and easy to understand and is combined with the reality, so that the method is more practical.
In some embodiments, a third intermediate threshold is set in the score calculation model of fraud suspicion, and when the sum of fraud suspicion scores corresponding to keywords in the forward keyword group is greater than the third intermediate threshold, the sum of fraud suspicion scores corresponding to the reverse keyword group is counted to be zero. According to experimental test results, some fraud suspects have behaviors of downloading reverse key phrases APP intentionally by reducing fraud suspects, in order to avoid the fraud suspects from interfering with the analysis results of the algorithm to download the reverse key phrases APP intentionally, a third intermediate threshold value is set, when the sum of the fraud suspects calculated by the forward key phrases is greater than the third intermediate threshold value, the sum of the fraud suspects corresponding to the reverse key phrases is counted to be zero, the action of the suspects of the reverse key phrases is not considered any more, the score calculation model is more scientific and reasonable, and the calculation results are more practical.
In a second aspect, an embodiment of the present application provides a fraud suspicion recognition apparatus based on APP list analysis, including: the acquisition module is used for acquiring APP list data; the analysis module is used for constructing a fraud suspicion score calculation model and calculating; and the output module is used for outputting a total fraud suspicion value by utilizing the value calculation model based on the APP list data, carrying out fraud suspicion judgment and outputting a fraud suspicion judgment result.
In a third aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method as described in any implementation manner of the first aspect.
According to the fraud suspicion identification method and device based on APP list analysis, the APP list is divided into a plurality of forward suspicion large classes and a plurality of reverse suspicion large classes through an experience model obtained through research and analysis on the phishing molecule APP list, each large class is given a certain threshold value according to the importance degree of each large class on the influence of the analysis result, and finally, the final fraud suspicion value is obtained through weighted statistics and fraud suspicion judgment is carried out. The defects of confusion and hysteresis in identification and judgment of fraud suspicion in the prior art can be effectively overcome.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary basic flow diagram according to an embodiment of the present invention;
FIG. 2 is a flow diagram of fraud suspicion identification method steps 200 based on APP List analysis, according to one embodiment of the present invention;
FIG. 3 is a flow chart of fraud suspicion identification method steps 200 based on APP List analysis, according to another embodiment of the present invention;
FIG. 4 is a flowchart of fraud suspicion identification method steps 200 based on APP List analysis, according to yet another embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a fraud suspicion identification apparatus based on APP List analysis according to an embodiment of the present invention.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
FIG. 1 shows an exemplary basic flow diagram according to an embodiment of the present invention.
As shown in fig. 1, the basic process includes:
step 100, obtaining APP list data;
in step 100, in practice, the APP list data can be obtained through a specific APP, or the APP list data information can be analyzed through traffic in an online obtaining manner, or the APP list data information can be completely obtained through direct mobile phone information acquisition in an offline obtaining manner.
Step 200, constructing a fraud suspicion score calculation model;
and 300, outputting a total fraud suspicion value by using the value calculation model based on the APP list data, judging fraud suspicion, and outputting a fraud suspicion judgment result.
The fraud suspicion determination step in step 300 is as follows:
setting a first threshold and a second threshold of total fraud suspicion score, counting the total fraud suspicion score equal to the first threshold when the total fraud suspicion score is greater than the first threshold, and counting the total fraud suspicion score equal to the second threshold when the total fraud suspicion score is lower than the second threshold.
Setting a first intermediate threshold and a second intermediate threshold of the total fraud suspicion score, the first intermediate threshold, the second intermediate threshold, the first intermediate threshold, and the second intermediate threshold corresponding to: first threshold > first intermediate threshold > second threshold.
The first result is determined when the total fraud suspicion score is equal to or greater than a first intermediate threshold and equal to or less than a first threshold, the second result is determined when the total fraud suspicion score is equal to or greater than a second intermediate threshold and less than a first intermediate threshold, and the third result is determined when the total fraud suspicion score is equal to or greater than a second threshold and less than a second intermediate threshold.
The determination result in step 300 includes: high and medium suspicion degree. And respectively corresponding the high, medium and low suspicion degrees to a first result, a second result and a third result.
FIG. 2 shows a flowchart of fraud suspicion identification method steps 200 based on APP List analysis according to one embodiment of the present invention.
As shown in FIG. 2, in one embodiment of steps 200 of the fraud suspicion identification method based on APP List analysis of the present invention, the steps 200 include:
step 201: and setting key phrases which comprise forward key phrases and reverse key phrases. In this embodiment, through an empirical model obtained by researching and analyzing the phishing molecule APP list, APP keywords that are used by a fraud suspect at high frequency are defined as forward keyword groups, for example: exploring, YY, etc., and determining APP keywords frequently used by the general public as reverse keyword groups, for example: sports, home furnishing, and the like.
Step 202: setting fraud suspicion scores corresponding to all keywords in the keyword groups, wherein the fraud suspicion scores corresponding to the keywords in the forward keyword groups are positive numbers, and the fraud suspicion scores corresponding to the keywords in the reverse keyword groups are negative numbers.
In this embodiment, the keywords and the corresponding suspicion scores are set as shown in the following table:
Figure BDA0002861726050000071
Figure BDA0002861726050000081
(Table 1) fraud suspicion score corresponding to forward keyword group
Keyword Score of suspicion
Exercise of sports -2
Household -2
Aviation -1
(Table 2) fraud suspicion score corresponding to reverse keyword group
Step 203: the number of APPs hit per keyword is identified.
In this embodiment, it is assumed that the number of APPs hit by each keyword is as follows: the number of 'exploration' hits is 2, the number of 'YY' hits is 15, the number of 'borrow' hits is 3, the number of 'movement' hits is 9, the number of 'home' hits is 2, and the number of 'aviation' hits is 5.
Step 204: and carrying out weighted accumulation on the fraud suspicion score corresponding to each keyword and the number of hit APPs of the keyword to obtain the fraud suspicion score corresponding to the keyword.
In this embodiment, the fraud suspicion score corresponding to each keyword is as follows: the "probing" score is 3 × 2 ═ 6, "YY" score is 3 × 15 ═ 45, "borrow" score is 5 × 3 ═ 15, "sports" score-2 × 9 ═ -18, "home" score is-2 × 2 ═ -4, "aviation" score is-1 × 5 ═ -5.
Step 205: the fraud suspicion scores of all keywords are added to obtain a total fraud suspicion score.
In this embodiment, the total fraud suspicion score is the "probing" score plus the "YY" score plus the "borrowing" score plus the "sports" score plus the "home" score plus the "aviation" score is equal to: 6+45+15+ (-18) + (-4) + (-5) ═ 39.
FIG. 3 shows a flowchart of fraud suspicion identification method steps 200 based on APP List analysis according to another embodiment of the present invention.
As shown in fig. 3, in the present embodiment, step 200 includes step 211, step 212, step 213, step 214, step 215, and step 216.
Compared with the previous embodiment, step 211 is the same as step 201, step 212 is the same as step 202, and step 214 is the same as step 203, and thus the description is omitted.
Step 213, classifying the keywords according to the functions, setting a classification threshold of each classification, and setting a weight of each keyword under each classification (i.e., a suspicion score corresponding to each keyword). In this embodiment, it is assumed that the threshold values of the respective classifications are set as follows:
Figure BDA0002861726050000091
(Table 3) Classification threshold value corresponding to each Classification
Step 215, corresponding to each keywordThe fraud suspicion score and the number of hit APP are weighted and accumulated to obtain the fraud suspicion score corresponding to each classification, and the calculation formula is as follows:
Figure BDA0002861726050000092
wherein i is a natural number greater than 1, f (i) is the fraud suspicion score of the ith category, a is the number of keywords of the category, m is the fraud suspicion score corresponding to a certain keyword under the category, and Tn is the number of hits on APP by the keyword.
And when the score of f (i) calculated by the formula exceeds the corresponding classification threshold value, taking the value of f (i) as the corresponding maximum value or the corresponding minimum value.
In this embodiment, assuming that the fraud suspicion score and the number of hit APPs corresponding to each keyword are the same as those in the previous embodiment, the fraud suspicion score and the number of hit APPs are the same as those in the previous embodiment
The fraud suspicion score f (1) of the "social chat" classification is 3 × 2+3 × 15, 51, 30 is the maximum value of f (1) because 30 is a positive number, f (1) 51 is larger than the "social chat" classification threshold 30, so f (1) is finally taken to be 30,
the fraud suspicion score f (2) of the "financial" classification is 5 × 3 or 15,
the fraud suspicion score f (3) — 2 × 9+ (-2) × 2 ═ -22 for the "life housekeeping" classification, since-10 is a negative number, so-10 is the minimum value of f (3), since f (3) — 22 is smaller than the "life housekeeping" classification threshold-20, so finally f (3) — 20 is taken,
the fraud suspicion score f (4) — 1 × 5 ═ -5 for the "voyage trip" classification.
Step 215, summing all classified fraud suspicion scores to obtain a total fraud suspicion score. The calculation formula is as follows:
Figure BDA0002861726050000101
where F (i) is the total fraud suspicion score, b is the number of classifications, and f (i) is the fraud suspicion score for a certain classification.
In this embodiment, the total fraud suspicion score f (i) ═ f (1) + f (2) + f (3) + f (4) ═ 30+15+ (-20) + (-5) (-20).
FIG. 4 shows a flowchart of fraud suspicion identification method steps 200 based on APP List analysis according to still another embodiment of the present invention.
As shown in fig. 4, in the present embodiment, step 200 includes step 221, step 222, step 223, step 224, step 225, step 226, and step 227.
Compared with the previous embodiment, step 221 is the same as step 211, step 222 is the same as step 212, step 223 is the same as step 213, step 225 is the same as step 214, step 226 is the same as step 215, and step 227 is the same as step 216, and thus the description is omitted.
Step 224, for each classification, a plurality of sub-classifications are provided, each keyword under the sub-classification is assigned to one of the sub-classifications, and the keywords assigned to the same sub-classification have the same fraud suspicion score. For example:
Figure BDA0002861726050000111
(Table 4) major categories, minor categories, keywords and corresponding classification thresholds and suspicion scores of each keyword
Step 226, performing weighted accumulation on the fraud suspicion score corresponding to each keyword and the number of hit APPs to obtain a fraud suspicion score corresponding to each category.
It should be noted that: the major classes, minor classes, and keywords in all the tables are only illustrated individually, but not all columns. The major and minor classes are not limited to two-level limitation, and sub-classification under the minor classes can be performed according to actual conditions.
The 4000 mobile phone samples are tested by authorization desensitization of relevant departments, the accuracy of a first result corresponding to the total fraud suspicion value which is calculated by the method is higher when the total fraud suspicion value is greater than or equal to a first middle threshold value and less than or equal to the first threshold value and a third result corresponding to the total fraud suspicion value which is greater than or equal to a second middle threshold value and less than a second middle threshold value is quite high, the result can be completely used as a practical judgment reference, and a second result corresponding to the total fraud suspicion value which is greater than or equal to the second middle threshold value and less than the first middle threshold value has certain reference significance.
According to the experimental test results, it is found that there are behaviors of deliberately downloading reverse fraud suspicion values APPs such as "life housekeeping", "voyage travel" and the like in some fraud suspicion persons for reducing fraud suspicion values, in some executable embodiments of the present application, in order to avoid that a fraud suspicion person interferes with the analysis result of the algorithm, the reverse fraud suspicion values APPs such as "life housekeeping", "voyage travel" and the like are deliberately downloaded, a third intermediate threshold value can be set, when the sum of the fraud suspicion values calculated by forward key phrases is greater than the third intermediate threshold value, the sum of the fraud suspicion values corresponding to reverse key phrases is counted to be zero, and the role of the suspicion values of reverse key phrases is not considered any more.
In an alternative embodiment, the present application provides an example of fraud suspicion identification apparatus based on APP list analysis.
Fig. 5 shows a schematic structural diagram of a fraud suspicion identification apparatus based on APP list analysis according to an embodiment of the present invention.
As shown in fig. 5, the apparatus 400 for identifying fraud suspicion based on APP list analysis of the present embodiment includes an obtaining module 401, an analyzing module 402 and an output module 403. Wherein the content of the first and second substances,
in this embodiment, the obtaining module 401 is configured to obtain APP list data. The obtaining module 401 can perform online obtaining modes of obtaining APP list data through a specific APP in practical application or analyzing APP list data information through flow, and can also perform offline obtaining modes of obtaining complete information through direct mobile phone information collection.
In this embodiment, the analysis module 402 is used to construct and calculate a score calculation model of fraud suspicion. In practical application, the analysis module 402 may adjust in time according to an empirical model obtained by performing research and analysis on the fraud molecule APP list, and set different major and minor categories and keywords according to the characteristics of the suspected people to be detected, so as to perform calculation of the score calculation model of fraud suspicion.
In this embodiment, the output module 403 is configured to output a total fraud suspicion score and perform fraud suspicion determination based on the APP list data by using the score calculation model, and output a fraud suspicion determination result.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. The computer readable storage medium described herein may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present application may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes an acquisition module, an analysis module, and an output module. Wherein the names of the modules do not in some cases constitute a limitation of the module itself.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (12)

1. A fraud suspicion identification method based on APP list analysis is characterized by comprising the following steps: the method comprises the following steps:
obtaining APP list data;
constructing a score calculation model of fraud suspicion, and
outputting a total fraud suspicion value by utilizing the value calculation model based on the APP list data, judging fraud suspicion, and outputting a fraud suspicion judgment result;
the method for constructing the score calculation model specifically comprises the following steps:
s1: setting a key phrase, wherein the key phrase comprises a forward key phrase and a reverse key phrase,
s2: setting a fraud suspicion score corresponding to each keyword in the keyword group, wherein the fraud suspicion score corresponding to the keyword in the forward keyword group is a positive number, the fraud suspicion score corresponding to the keyword in the reverse keyword group is a negative number,
s3: identifying a number of APPs hit by each of the keywords,
s4: weighting and accumulating the fraud suspicion score corresponding to each keyword and the number of hit APPs of the keyword to obtain the fraud suspicion score corresponding to the keyword,
s5: the fraud suspicion scores of all keywords are added to obtain a total fraud suspicion score.
2. The method of claim 1, wherein: the method for calculating the fraud suspicion score corresponding to each keyword comprises the following steps: classifying the keywords according to functions, setting a classification threshold value of each classification, setting a weight of each keyword under each classification, and calculating a fraud suspicion score of each classification.
3. The method of claim 2, wherein: the formula for the calculation of the fraud suspicion score for each of the categories is:
Figure FDA0002861726040000011
wherein i is a natural number greater than 1, f (i) is the fraud suspicion score of the ith classification, a is the number of keywords of the classification, m is the fraud suspicion score corresponding to a certain keyword under the classification, and TnThe number of APPs hit for that keyword.
4. The method of claim 3, wherein: and f (i) are provided with corresponding threshold values, when the score of f (i) calculated by the above formula exceeds the corresponding threshold value, the value of f (i) is taken as the corresponding threshold value, when the threshold value is a positive number, the threshold value is the maximum value of f (i), and when the threshold value is a negative number, the threshold value is the minimum value of f (i). .
5. The method of claim 4, wherein: the total fraud suspicion score is calculated by adding the fraud suspicion scores of all the classifications, and the calculation formula is as follows:
Figure FDA0002861726040000021
where F (i) is the total fraud suspicion score, b is the number of classifications, and f (i) is the fraud suspicion score for a certain classification.
6. The method of claim 2, wherein: and aiming at each sub-classification, a plurality of sub-classifications are arranged, each keyword under the classification is assigned to one of the sub-classifications, and the keywords assigned to the same sub-classification have the same fraud suspicion score.
7. The method of claim 1, wherein: the total fraud suspicion score has a first threshold and a second threshold, the total fraud suspicion score is counted equal to the first threshold when the total fraud suspicion score is greater than the first threshold, the total fraud suspicion score is counted equal to the second threshold when the total fraud suspicion score is lower than the second threshold.
8. The method of claim 7, wherein: the total fraud suspicion score also has a first intermediate threshold and a second intermediate threshold, being determined as a first result when the total fraud suspicion score is equal to or greater than the first intermediate threshold and equal to or less than the first threshold, being determined as a second result when the total fraud suspicion score is equal to or greater than the second intermediate threshold and less than the first intermediate threshold, being determined as a third result when the total fraud suspicion score is equal to or greater than the second threshold and equal to or less than the second intermediate threshold.
9. The method of claim 1, wherein: the fraud suspicion judgment result comprises high suspicion degree, medium suspicion degree and low suspicion degree.
10. The method of claim 1, wherein: and a third intermediate threshold value is arranged in the fraud suspicion score calculation model, and when the sum of fraud suspicion scores corresponding to the keywords in the forward keyword group is greater than the third intermediate threshold value, the sum of fraud suspicion scores corresponding to the reverse keyword group is counted to be zero.
11. The utility model provides a fraud suspicion recognition device based on APP tabulation analysis which characterized in that: the device comprises:
the acquisition module is used for acquiring APP list data;
the analysis module is used for constructing a fraud suspicion score calculation model and calculating;
and the output module is used for outputting a total fraud suspicion value by utilizing the value calculation model based on the APP list data, carrying out fraud suspicion judgment and outputting a fraud suspicion judgment result.
12. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-10.
CN202011565864.XA 2020-12-25 2020-12-25 Fraud suspicion identification method and device based on APP list analysis Active CN112613888B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011565864.XA CN112613888B (en) 2020-12-25 2020-12-25 Fraud suspicion identification method and device based on APP list analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011565864.XA CN112613888B (en) 2020-12-25 2020-12-25 Fraud suspicion identification method and device based on APP list analysis

Publications (2)

Publication Number Publication Date
CN112613888A true CN112613888A (en) 2021-04-06
CN112613888B CN112613888B (en) 2022-09-02

Family

ID=75248184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011565864.XA Active CN112613888B (en) 2020-12-25 2020-12-25 Fraud suspicion identification method and device based on APP list analysis

Country Status (1)

Country Link
CN (1) CN112613888B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100257024A1 (en) * 2009-04-07 2010-10-07 Verisign, Inc. Domain Traffic Ranking
CN104427079A (en) * 2013-09-09 2015-03-18 中兴通讯股份有限公司 Early warning method and device of user voice calls
CN106453061A (en) * 2016-11-22 2017-02-22 北京锐安科技有限公司 Method and system for recognizing internet fraud behavior
CN106502879A (en) * 2015-09-07 2017-03-15 中国移动通信集团公司 A kind of method and device for realizing applications security detection
CN106709332A (en) * 2016-12-13 2017-05-24 江苏通付盾科技有限公司 Application detection method and device
CN108133061A (en) * 2018-02-01 2018-06-08 天津市国瑞数码安全系统股份有限公司 A kind of swindle Stock discrimination system
CN109446528A (en) * 2018-10-30 2019-03-08 南京中孚信息技术有限公司 The recognition methods of new fraudulent gimmick and device
CN110070875A (en) * 2019-04-29 2019-07-30 深圳市友杰智新科技有限公司 A kind of anti-telecommunication fraud method based on voice keyword detection and vocal print
CN110781811A (en) * 2019-10-24 2020-02-11 腾讯科技(深圳)有限公司 Abnormal work order identification method and device, readable storage medium and computer equipment
CN111062422A (en) * 2019-11-29 2020-04-24 上海观安信息技术股份有限公司 Method and device for systematic identification of road loan

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100257024A1 (en) * 2009-04-07 2010-10-07 Verisign, Inc. Domain Traffic Ranking
CN104427079A (en) * 2013-09-09 2015-03-18 中兴通讯股份有限公司 Early warning method and device of user voice calls
CN106502879A (en) * 2015-09-07 2017-03-15 中国移动通信集团公司 A kind of method and device for realizing applications security detection
CN106453061A (en) * 2016-11-22 2017-02-22 北京锐安科技有限公司 Method and system for recognizing internet fraud behavior
CN106709332A (en) * 2016-12-13 2017-05-24 江苏通付盾科技有限公司 Application detection method and device
CN108133061A (en) * 2018-02-01 2018-06-08 天津市国瑞数码安全系统股份有限公司 A kind of swindle Stock discrimination system
CN109446528A (en) * 2018-10-30 2019-03-08 南京中孚信息技术有限公司 The recognition methods of new fraudulent gimmick and device
CN110070875A (en) * 2019-04-29 2019-07-30 深圳市友杰智新科技有限公司 A kind of anti-telecommunication fraud method based on voice keyword detection and vocal print
CN110781811A (en) * 2019-10-24 2020-02-11 腾讯科技(深圳)有限公司 Abnormal work order identification method and device, readable storage medium and computer equipment
CN111062422A (en) * 2019-11-29 2020-04-24 上海观安信息技术股份有限公司 Method and device for systematic identification of road loan

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周伟杰: ""基于串接式拦截分析的诈骗电话管控系统"", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 *

Also Published As

Publication number Publication date
CN112613888B (en) 2022-09-02

Similar Documents

Publication Publication Date Title
CN107577688B (en) Original article influence analysis system based on media information acquisition
Yu et al. Attention-based convolutional approach for misinformation identification from massive and noisy microblog posts
CN112053221A (en) Knowledge graph-based internet financial group fraud detection method
CN109672674A (en) A kind of Cyberthreat information confidence level recognition methods
Lu et al. An efficient combined deep neural network based malware detection framework in 5G environment
CN105354216B (en) A kind of Chinese microblog topic information processing method
CN103902597A (en) Method and device for determining search relevant categories corresponding to target keywords
CN109800600A (en) Ocean big data susceptibility assessment system and prevention method towards privacy requirements
CN113420294A (en) Malicious code detection method based on multi-scale convolutional neural network
CN112053222A (en) Knowledge graph-based internet financial group fraud detection method
Kong et al. FCSCNN: Feature centralized Siamese CNN-based android malware identification
KR20200075120A (en) Business default prediction system and operation method thereof
CN113422761A (en) Malicious social user detection method based on counterstudy
Yang et al. A novel detection method for word-based DGA
CN111510368A (en) Family group identification method, device, equipment and computer readable storage medium
Abdine et al. Political communities on Twitter: case study of the 2022 French presidential election
Yu et al. Rumor identification with maximum entropy in micronet
CN112613888B (en) Fraud suspicion identification method and device based on APP list analysis
CN117131345A (en) Multi-source data parameter evaluation method based on data deep learning calculation
Elroy et al. Mining the discussion of monkeypox misinformation on Twitter using RoBERTa
CN109492924B (en) Influence evaluation method based on second order of self and behavior value of microblog user
Hu et al. Method of informational and psychological influence evaluation in social networks based on fuzzy logic
CN113011503B (en) Data evidence obtaining method of electronic equipment, storage medium and terminal
Bharathi et al. A supervised learning approach for criminal identification using similarity measures and K-Medoids clustering
Liu et al. An illegal billboard advertisement detection framework based on machine learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant