CN117715048A

CN117715048A - Telecommunication fraud recognition method, device, electronic equipment and storage medium

Info

Publication number: CN117715048A
Application number: CN202311740580.3A
Authority: CN
Inventors: 雷多萍
Original assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Current assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Priority date: 2023-12-18
Filing date: 2023-12-18
Publication date: 2024-03-15

Abstract

The disclosure provides a telecommunication fraud identification method, a device, electronic equipment and a storage medium, and relates to the technical field of communication. The method comprises the following steps: receiving an identification request sent by an IMS core network, wherein the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified; obtaining a media stream to be identified according to the IP address and the port number of the terminal to be identified; based on the AI judgment model, carrying out telecom fraud recognition on the media stream to be recognized to obtain a recognition result; and if the identification result is not passed, feeding back the identification result to a receiving terminal, wherein the receiving terminal is a terminal for carrying out video call or audio call with the terminal to be identified. According to the method and the device, the media stream to be identified is obtained through the IP address and the port number of the terminal to be identified, the media stream to be identified is identified, and an identification result is obtained, so that telecommunication fraud identification is realized. The method can prevent fraud implemented by changing faces or sounds and ensure property safety of people.

Description

Telecommunication fraud recognition method, device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a telecommunications fraud identification method, apparatus, electronic device, and computer readable storage medium.

Background

Telecommunication fraud means that lawbreakers compile false information through telephone, network and short message modes, set fraud bureau, implement remote and non-contact fraud on victims, induce victims to make criminal act of money or transfer to lawbreakers; among them, telecommunication fraud, particularly by telephone, is common.

With the popularity of VoLTE (Voice over Long Term Evolution, a data transmission technology) terminals, future video phones (such as micro-communication video phones, mobile video phones, etc.) are becoming popular with the public. However, lawbreakers implement telephone fraud with false identity through face-changing or voice-changing techniques, resulting in economic loss to victims.

How to improve the fraud prevention recognition of video phones is a problem to be solved.

Disclosure of Invention

The present disclosure provides a telecommunication fraud recognition method, apparatus, device and medium, which can prevent fraud implemented by face changing or sound changing at least to a certain extent, and ensure property safety of people.

Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.

According to one aspect of the present disclosure, there is provided a telecommunication fraud recognition method applied to a media processing device, the method comprising: receiving an identification request sent by an IMS core network of a network protocol multimedia subsystem, wherein the identification request carries an IP address and a port number of an Internet protocol of a terminal to be identified; obtaining a media stream to be identified according to the IP address and the port number of the terminal to be identified; based on an artificial intelligence AI judgment model, carrying out telecom fraud recognition on the media stream to be recognized to obtain a recognition result; and if the identification result is not passed, feeding back the identification result to a receiving terminal, wherein the receiving terminal is a terminal for carrying out video call or audio call with the terminal to be identified.

According to another aspect of the present disclosure, there is provided a telecommunication fraud recognition method applied to an IMS core network of a network protocol multimedia subsystem, including: sending an identification request to media processing equipment, wherein the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified, so that the media processing equipment obtains a media stream to be identified according to the IP address and the port number of the terminal to be identified, and performs telecom fraud identification on the media stream to be identified based on an Artificial Intelligence (AI) judgment model to obtain an identification result; receiving alarm information sent by the media processing device, wherein the alarm information is sent to the IMS core network by the media processing device under the condition that the identification result is not passed; the alarm information is sent to a big data platform; receiving a user alarm request sent by the big data platform, wherein the user alarm request is generated by the big data platform according to alarm information; and sending the user alarm request to the media processing device or the message platform so that the media processing device or the message platform feeds back the user alarm request to the receiving terminal.

According to still another aspect of the present disclosure, there is provided a telecommunication fraud recognition apparatus applied to a media processing device, the apparatus comprising: the first receiving module is used for receiving an identification request sent by an IMS core network of a network protocol multimedia subsystem, wherein the identification request carries an IP address and a port number of an Internet protocol of a terminal to be identified; the media stream obtaining module is used for obtaining the media stream to be identified according to the IP address and the port number of the terminal to be identified; the identification module is used for carrying out telecom fraud identification on the media stream to be identified based on an artificial intelligence AI judgment model to obtain an identification result; and the feedback module is used for feeding the identification result back to a receiving terminal when the identification result is not passed, wherein the receiving terminal is a terminal for carrying out video call or audio call with the terminal to be identified.

According to still another aspect of the present disclosure, there is provided a telecommunication fraud recognition apparatus applied to an IMS core network of a network protocol multimedia subsystem, comprising: the device comprises a sending module, a media processing device and a receiving module, wherein the sending module is used for sending an identification request to the media processing device, the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified, so that the media processing device obtains a media stream to be identified according to the IP address and the port number of the terminal to be identified, and performs telecom fraud identification on the media stream to be identified based on an Artificial Intelligence (AI) judgment model to obtain an identification result; the second receiving module is used for receiving the alarm information sent by the media processing equipment, wherein the alarm information is sent to the IMS core network by the media processing equipment under the condition that the identification result is not passed; the sending module is also used for sending the alarm information to a big data platform; the second receiving module is further configured to receive a user alarm request sent by the big data platform, where the user alarm request is generated by the big data platform according to alarm information; the sending module is further configured to send the user alarm request to the media processing device or the message platform, so that the media processing device or the message platform feeds back the user alarm request to the receiving terminal.

According to still another aspect of the present disclosure, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform any of the telecommunication fraud identification methods described above via execution of the executable instructions.

According to a further aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the telecommunication fraud recognition methods described above.

According to a further aspect of the present disclosure, there is provided a computer program product comprising a computer program or computer instructions, which are loaded and executed by a processor, to cause the computer to implement any of the telecommunication fraud identification methods described above.

The telecom fraud identification method, device, equipment and medium provided by the embodiment of the disclosure receive an identification request sent by an IMS core network, the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified, and a media stream to be identified is obtained according to the IP address and the port number of the terminal to be identified; carrying out telecom fraud recognition on the media stream to be recognized through an AI judgment model to obtain a recognition result; and feeding back the identification result to the receiving terminal under the condition that the identification result is not passed, thereby reminding the called user to prevent fraud. According to the method and the device, the media stream to be identified is obtained through the IP address and the port number of the terminal to be identified, the media stream to be identified is identified, and an identification result is obtained, so that telecommunication fraud identification is realized. The method can prevent fraud implemented by changing faces or sounds and ensure property safety of people.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.

FIG. 1 shows a schematic diagram of a telecommunications fraud identification system architecture in an embodiment of the present disclosure.

FIG. 2 shows a flow chart of a telecommunications fraud identification method in an embodiment of the present disclosure.

FIG. 3 shows a flow chart of a telecommunications fraud identification method in another embodiment of the present disclosure.

FIG. 4 shows a signaling diagram of a telecommunication fraud identification method in an embodiment of the present disclosure.

Fig. 5 shows a telecommunication fraud recognition method signaling diagram in another embodiment of the present disclosure.

Fig. 6 shows a signaling diagram of a telecommunication fraud recognition method in a further embodiment of the present disclosure.

FIG. 7 is a schematic diagram of a telecommunication fraud recognition apparatus according to an embodiment of the present disclosure.

FIG. 8 shows a schematic diagram of a telecommunications fraud recognition apparatus in another embodiment of the present disclosure.

Fig. 9 shows a block diagram of an electronic device in an embodiment of the disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.

For ease of understanding, the following first explains the several terms involved in this disclosure as follows:

IP (Internet Protocol ), which is a protocol for transmitting data in a network. The IMS (IP Multimedia Subsystem, network protocol multimedia subsystem) core network is an IP-based multimedia subsystem for providing rich multimedia communication services such as voice call, video call, real-time messaging, and multimedia conference, etc. The IMS core network typically serves as part of the network architecture of the telecommunications carrier, providing a basis for implementing various multimedia communication services.

The big data platform (Big Data Platform) is an integrated platform based on big data technology and architecture for processing, storing, managing and analyzing large-scale structured and unstructured data.

Media processing devices refer to specialized devices or systems for processing various types of media content (e.g., audio, video, images, etc.). These devices typically include hardware and software components that are intended to perform the functions of capturing, encoding, decoding, editing, storing, transmitting, and playing media content.

The message platform is a software platform providing instant messaging functions, which allows users to send and receive messages to and from each other over a network anywhere and anytime. The message platform is widely applied to the fields of enterprise internal communication, social media, online customer service and the like.

The following detailed description of embodiments of the present disclosure refers to the accompanying drawings.

FIG. 1 shows a schematic diagram of a telecommunication fraud recognition system architecture in which the telecommunication fraud recognition method or the telecommunication fraud recognition apparatus in various embodiments of the present disclosure may be applied.

As shown in fig. 1, the system architecture may include a terminal to be identified (calling terminal) 101, a receiving terminal (called terminal) 102, and a network device 103, where the terminal to be identified 101 and the receiving terminal 102 implement communication connection through a network, and the network may be a wired network or a wireless network.

Alternatively, the wireless network or wired network described above uses standard communication techniques and/or protocols. The network is typically the Internet, but may be any network including, but not limited to, a local area network (Local Area Network, LAN), metropolitan area network (Metropolitan Area Network, MAN), wide area network (Wide Area Network, WAN), mobile, wired or wireless network, private network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including HyperText Mark-up Language (HTML), extensible markup Language (Extensible MarkupLanguage, XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as secure sockets layer (Secure Socket Layer, SSL), transport layer security (Transport Layer Security, TLS), virtual private network (Virtual Private Network, VPN), internet protocol security (Internet ProtocolSecurity, IPsec), etc. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of or in addition to the data communication techniques described above.

The terminal to be identified 101 and the receiving terminal 102 may be various electronic devices including, but not limited to, smart phones, tablet computers, laptop portable computers, desktop computers, wearable devices, augmented reality devices, virtual reality devices, etc.

Alternatively, the clients of the applications installed in the different terminals 101 to be identified and the receiving terminal 102 may be the same or clients of the same type of application based on different operating systems. The specific form of the application client may also be different based on the different terminal platforms, for example, the application client may be a mobile phone client, a PC client, etc.

The network device 103 is a device for enabling communication between the terminal 101 to be identified and the receiving terminal 102, and the network device 103 may include an IMS core network, a big data platform, a media processing device, and a message platform.

The terminal to be identified 101 is used for initiating a video call or an audio call to the receiving terminal 102, the network device 103 performs telecom fraud identification on the initiated video call or audio call, and corresponding to the condition that fraud exists, performs user risk prompt to the receiving terminal 102, thereby preventing telecom fraud.

Those skilled in the art will appreciate that the number of terminals to be identified, network devices, and receiving terminals in fig. 1 is merely illustrative, and any number of terminals to be identified, network devices, and receiving terminals may be provided as desired. The embodiments of the present disclosure are not limited in this regard.

The present exemplary embodiment will be described in detail below with reference to the accompanying drawings and examples.

First, a telecommunication fraud recognition method is provided in the embodiments of the present disclosure, which may be performed by any electronic device having computing processing capabilities.

Fig. 2 illustrates a flowchart of a telecommunication fraud recognition method in an embodiment of the present disclosure, which is applied to a media processing device as illustrated in fig. 2, and may include the following S201 to S204.

S201, receiving an identification request sent by an IMS core network of a network protocol multimedia subsystem, wherein the identification request carries an IP address and a port number of a terminal to be identified.

In the disclosed embodiment, the IP address is a digital address used to uniquely identify and locate the device on the internet. With respect to what IP addresses are in particular, embodiments of the present disclosure are not limited. For example, the IP address may be IPv4 (an IP address version) or IPv6 (an IP address version).

In the disclosed embodiments, the port number is a digital identifier used to identify an application or service in network communications. It locates the device by IP address and then locates the specific application or service by port number.

It should be noted that, the IP address and the port number of the terminal to be identified may be stored in the user dynamic information table, and the IMS core network may query the corresponding IP address and port number according to the communication number of the terminal to be identified. The communication number may be a telecommunication number, a mobile number, a communication number, etc. that can uniquely identify the SIM (Subscriber Identity Module, smart card).

S202, obtaining the media stream to be identified according to the IP address and the port number of the terminal to be identified.

In the embodiment of the disclosure, the media stream to be identified may be a video stream and/or an audio stream, and when the receiving terminal and the terminal to be identified perform a video call (also called as video call), the audio/video stream (video stream and audio stream) may be obtained according to the IP address and the port number. When the receiving terminal and the terminal to be identified perform audio call (also called audio call), the audio stream can be obtained according to the IP address and the port number.

It should be noted that, the present disclosure does not limit how to obtain the media stream to be identified, and the media stream to be identified may be obtained through an IP address and a port number, or may be obtained through other media addresses.

In the embodiment of the disclosure, the media processing device may find a media stream to be identified that needs to be copied according to the IP address and the port number, and copy the media stream to be identified to a designated position according to the indication of the AI (Artificial Intelligence ) judgment model, for the AI judgment model to perform telecommunication fraud identification.

In the embodiment of the disclosure, the media stream to be identified is copied to the designated position, so that the user risk prompt can be realized on the premise of not influencing the video call or the audio call between the receiving terminal and the terminal to be identified, thereby preventing telecommunication fraud.

S203, based on the artificial intelligence AI judgment model, performing telecom fraud recognition on the media stream to be recognized to obtain a recognition result.

In the embodiment of the present disclosure, the AI decision model refers to a model constructed by using an artificial intelligence technique and an algorithm, and is used for classifying, judging or predicting input data, and the embodiment of the present disclosure is not limited as to what type of AI decision model is, and any model capable of recognizing a face change or a sound change may be used. For example, the AI decision model may be any neural network model capable of implementing a classification function. For another example, the AI decision model may be a model of multi-modal (multiple perception modes) recognition, which may use Convolutional Neural Networks (CNNs) to process video streams to derive facial features, for example. The audio stream may be processed using Long Short-Term Memory (LSTM) or convolutional neural networks (Convolutional Neural Network, CNN) to derive sound features. The last layer of the multimodal recognition model may fuse the face features and the voice features, and a full connection layer or other fusion method may be used. The step can combine the information of a plurality of sensing modes to obtain a comprehensive recognition result. For another example, the AI decision model may be a combination of OpenFace (an open-source face recognition and facial expression analysis toolkit) and deep speech (a speech recognition system).

The AI judgment model is a pre-trained model, and the training data set may be a video stream after AI face change and an original video stream (a real video stream without face change), or may be an audio stream after sound change and an original audio stream (a real audio stream).

And S204, if the identification result is not passed, feeding back the identification result to a receiving terminal, wherein the receiving terminal is a terminal for carrying out video call or audio call with the terminal to be identified.

In the embodiment of the disclosure, when the identification result is failed, the risk of telecommunication fraud is indicated, and the identification result needs to be fed back to the receiving terminal to remind the receiving terminal user of the telecommunication fraud in the received video call or audio call.

In an embodiment, after performing telecom fraud recognition on the media stream to be recognized based on the artificial intelligence AI judgment model to obtain a recognition result, the method may further include: if the identification result is passing, normal information is sent to the IMS core network, so that the IMS core network sends the normal information to the big data platform, and when a terminal to be identified or a receiving terminal hangs up, a communication ending signal is sent to the media processing equipment and the big data platform; and receiving a communication ending signal sent by the IMS core network, wherein the communication ending signal is used for indicating the AI judgment model to end telecommunication fraud recognition.

In the embodiment of the present disclosure, the normal information is used to characterize that there is no fraud risk, and the embodiment of the present disclosure is not limited as to what the normal information is. For example, the normal information may be "normal". For example, when the AI judgment model judges that the media stream to be identified does not change sound or face, the AI judgment model sends the media stream to the IMS core network normally, and the IMS core network periodically returns the result to the big data platform as "normal". The user hangs up, and the IMS core network notifies the big data platform and the media processing equipment of ending the call and ending the AI judgment, thereby saving the electric energy.

It should be noted that a media service module may be added to the media processing device, where the media service module may find a media stream to be identified to be copied according to a media address (IP address and port number) provided by the IMS core network, and communicate with an AI judgment model, and copy the media stream to be identified to a specified location according to an indication of the AI judgment model. The AI judgment model can allocate the storage media stream resources according to the requirements of the media service module and identify the telecom fraud on the media stream. The embodiment of the disclosure discovers possible fraud behaviors through the AI technology, and the method has little change to the existing network, needs few network elements to be upgraded and improved, has low realization cost and is convenient to realize.

According to the embodiment of the disclosure, the media stream to be identified is obtained through the IP address and the port number of the terminal to be identified, and the media stream to be identified is identified, so that an identification result is obtained, and the telecom fraud identification is realized. The method can prevent fraud implemented by changing faces or sounds and ensure property safety of people.

How to feed back the recognition result to the receiving terminal is explained below.

In an exemplary embodiment, in the case that the identification result is not passed, feeding back the identification result to the receiving terminal may include the following steps A1 to A3.

And A1, under the condition that the identification result is not passing, sending alarm information to the IMS core network so that the IMS core network sends the alarm information to the big data platform, and receiving a user alarm request sent by the big data platform, wherein the user alarm request is generated according to the alarm information, and the big data platform records abnormal call information under the condition that the alarm information is received.

In the disclosed embodiment, the alert information is used to characterize the existence of telecommunication fraud risk. The big data platform records the call abnormality information, which is favorable for perfecting a model (a fraud prevention model) so that the suspicious number can be judged more accurately and the accuracy of the identification result can be provided.

And step A2, receiving a user alarm request sent by the IMS core network.

In the embodiment of the disclosure, the user alarm request is a request for providing a risk prompt for the receiving terminal. The user alarm request can carry alarm template information, and the alarm template information is information on an alarm template. The alert template information may include alert information of different levels, for example, the alert information of different levels may be: the phone is a fraudulent user, the phone is a suspected fraudulent user, etc. As another example, the different levels of alert information may be: level 1 telecommunications fraud, level 2 telecommunications fraud, level 3 telecommunications fraud, etc., the higher the level the greater the likelihood of fraud. The alarm template can be used for sending the alarm template information to the receiving terminal in the form of a short message through the message platform so as to remind the called party of telecommunication fraud. The warning caption generated by the warning template information can be added to the video stream through the media processing equipment so as to remind the called party of telecommunication fraud. The alert template may also be used to notify a third party, through network operations, that telecommunications fraud is present in the callee, who may be the family of the callee, the department responsible for fraud (such as police office), etc., thereby enabling protection against telecommunications fraud.

And step A3, feeding back the user alarm request to the receiving terminal.

In an embodiment, the media stream to be identified may include a video stream, and the user alert request carries alert template information; when the receiving terminal performs video call with the terminal to be identified, the feedback of the user alarm request to the receiving terminal may include: generating warning subtitles according to the warning template information; and adding the warning subtitle to the video stream to prompt the receiving terminal that the user risk exists.

In the embodiment of the disclosure, when the identification result is not passed, the warning caption generated according to the warning template information is added to the video stream, so that the warning caption is seen in the video picture by the receiving terminal user, and telecommunication fraud is prevented. Illustratively, the warning subtitle is "fraud telephone, fraud level a", which is displayed in the picture of the video.

It should be noted that, at the time of the video call, the media stream to be identified may include a video stream and an audio stream. The video stream may be used to display video and the audio stream may be used to conduct a voice call.

In the embodiment of the disclosure, under the condition of video call, the warning caption generated by the warning template information is added to the video stream, so that a user is warned of telecommunication fraud risk in a video picture. The method can prevent fraud implemented by changing faces or sounds and ensure property safety of people.

In another exemplary embodiment, the media stream to be identified may comprise an audio stream; the obtaining the media stream to be identified according to the IP address and the port number of the terminal to be identified may include: and obtaining the audio stream according to the IP address and the port number of the terminal to be identified. If the identification result is not passed, feeding back the identification result to the receiving terminal may include: if the identification result is that the user alarm request does not pass, the user alarm request is sent to the IMS core network, so that the IMS core network sends the alarm information to the big data platform, and the user alarm request is received and generated according to the alarm information; when the receiving terminal and the terminal to be identified carry out audio call, the IMS core network sends a user alarm request to the message platform so that the message platform sends a user risk prompt message to the receiving terminal; and under the condition that the big data platform receives the alarm information, recording the call abnormality information.

For example, when the identification result is not passed and the receiving terminal and the terminal to be identified perform an audio call, the IMS core network sends a user alert request to the message platform, so that the message platform sends a user risk prompt message to the receiving terminal.

Under the condition of an audio call, the embodiment of the disclosure reminds a receiving terminal user of telecommunication fraud risk through a message (such as a short message), so that the prevention of voice fraud is realized, and the property safety of people is ensured.

Based on the same inventive concept, a telecommunication fraud recognition method is also provided in the embodiments of the present disclosure, as described in the following embodiments. Since the principle of solving the problem in this embodiment is similar to that of the above method embodiment, the implementation of this embodiment may refer to the implementation of the above method embodiment, and the repetition is omitted.

Fig. 3 illustrates a flowchart of a telecommunication fraud identification method in another embodiment of the present disclosure, as illustrated in fig. 3, applied to an IMS core network of a network protocol multimedia subsystem, the telecommunication fraud identification method provided in the embodiment of the present disclosure may include the following S301 to S305.

S301, sending an identification request to the media processing equipment, wherein the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified, so that the media processing equipment obtains a media stream to be identified according to the IP address and the port number of the terminal to be identified, and performs telecom fraud identification on the media stream to be identified based on an artificial intelligence AI judgment model to obtain an identification result.

In an embodiment, the method may further comprise the following steps B1 to B3 before sending the identification request to the media processing device.

And step B1, the communication number of the terminal to be identified is sent to a big data platform, so that the big data platform judges whether the communication number of the terminal to be identified is a suspicious number according to the fraud prevention model, and if the communication number is the suspicious number, an AI identification request is sent to an IMS core network.

In the embodiment of the disclosure, the fraud prevention model is used for judging whether the communication number of the terminal to be identified is a suspicious number. With respect to what the fraud prevention model is in particular a data model, embodiments of the present disclosure do not limit this. For example, the fraud prevention model may be a classification model, a neural network model, or a deep learning model.

The fraud prevention model is a model trained in advance, and the training data may be a communication number subjected to fraud or a communication number suspected to be fraud. In addition, when the terminal to be identified initiates communication to the receiving terminal, the calling and called numbers are sent to the IMS core network, and the IMS core network sends the calling and called numbers to the big data platform for the big data platform to judge whether the calling and called numbers are suspicious numbers.

And step B2, receiving an AI identification request sent by the big data platform, wherein the AI identification request carries the communication number of the terminal to be identified.

And B3, obtaining the IP address and the port number of the terminal to be identified according to the communication number of the terminal to be identified based on a preset user dynamic information table, and adding the IP address and the port number of the terminal to be identified to the identification request.

In the disclosed embodiment, the user dynamic information table is a data table for recording activities and behaviors of the user, and is used for recording calling and called numbers and corresponding media address information (such as an IP address and a port number).

According to the embodiment of the disclosure, the communication number of the terminal to be identified is subjected to suspicious judgment through the fraud prevention model of the big data platform, and if the communication number is the suspicious number, an identification request is initiated to the media processing equipment. According to the embodiment of the disclosure, the fraud prevention model and the AI judgment model are used for simultaneously performing fraud prevention recognition, so that the accuracy of telecommunication fraud recognition can be improved.

In another embodiment, the method may further comprise the following steps C1 to C3 before sending the identification request to the media processing device.

And step C1, judging whether the receiving terminal is a fraud prevention signing terminal according to the user signing information.

In the embodiment of the disclosure, the user subscription information is used for recording the communication number of the fraud prevention subscription terminal, the IMS core network judges whether the calling number is recorded on the user subscription information according to the calling number and the called number sent by the terminal to be identified, and if the calling number is recorded on the user subscription information, the IMS core network indicates that the receiving terminal is the fraud prevention subscription terminal. If the user subscription information is not recorded, the receiving terminal is not subscribed to the fraud prevention service.

And step C2, if the terminal is a fraud prevention contracted terminal, acquiring the communication number of the terminal to be identified.

And C3, obtaining the IP address and the port number of the terminal to be identified according to the communication number of the terminal to be identified based on a preset user dynamic information table, and adding the IP address and the port number of the terminal to be identified to the identification request.

In yet another embodiment, sending the identification request to the media processing device may include: and setting an AI service indicator for indicating that the receiving terminal is using the AI identification service.

The IMS core network queries a "user dynamic information table" according to a large data platform request (AI identification request) or user subscription information, extracts information such as an IP address and a port number corresponding to a communication number to be identified, requests the media processing device to identify a media stream to be identified, and sets an AI service indicator. The AI service indicator, when set, indicates that the user is using the AI-identifying service.

It should be noted that, the IMS core network may trigger the AI identification service to the media processing device according to the AI identification request of the big data platform.

The embodiment of the disclosure can judge whether the receiving terminal signs up for the fraud prevention service, and if so, can actively initiate an identification request to the media processing equipment, thereby ensuring the property safety of the receiving terminal.

S302, receiving alarm information sent by the media processing device, wherein the alarm information is sent to the IMS core network by the media processing device under the condition that the identification result is not passed.

S303, alarm information sent to the big data platform.

In the embodiment of the disclosure, the big data platform records the call anomaly information under the condition of receiving the alarm information, and the anomaly information can be used for training the fraud prevention model to train a more accurate fraud prevention model. The abnormal information can be one or more of a communication number, a user name and an identity card number of the terminal to be identified.

S304, receiving a user alarm request sent by the big data platform, wherein the user alarm request is generated by the big data platform according to the alarm information.

S305, the user alarm request is sent to the media processing device or the message platform, so that the media processing device or the message platform feeds back the user alarm request to the receiving terminal.

In an embodiment, the user alert request is sent to the media processing device or the message platform, which may include steps D1 through D4.

Step D1, obtaining calling information, wherein the calling information carries media information.

And D2, judging a call mode between the receiving terminal and the terminal to be identified according to the media information, wherein the call mode comprises video call and audio call.

And D3, when the receiving terminal and the terminal to be identified carry out video call, sending a user alarm request to the media processing equipment.

And D4, when the receiving terminal and the terminal to be identified carry out audio calling, the user alarm request is sent to the message platform, so that the message platform sends a user risk prompt message to the receiving terminal.

In the embodiment of the disclosure, the IMS core network determines according to media information carried in a call, and if the call is a video call, sends a user alarm request to media processing equipment, and carries alarm template information. The media processing device generates warning subtitles according to the warning template information, and synthesizes the subtitles onto the video stream to prompt the user for risk.

In the embodiment of the disclosure, the IMS core network determines according to media information carried in a call, and if the call is an audio call, sends a user alarm request to the message platform, so that the message platform sends a message to the receiving terminal to prompt the risk of the user.

The embodiment of the disclosure adopts different prompting modes aiming at different calling modes. When the video call is carried out, a subtitle warning mode is adopted, so that the method is more visual, and a receiving terminal user can find out the fraud prevention prompt in time. When in audio calling, the method of sending message is adopted to remind, the normal running of the call is not influenced, more messages of the terminal user to be identified can be obtained, and more information is provided for detecting telecommunication fraud.

The embodiment of the disclosure not only utilizes the big data information of the calling number and the called number, but also combines the audio and video media information in the calling to judge whether the possibility of fraudulent call exists.

The embodiment of the disclosure discovers possible fraud behaviors through the AI technology, and the method has little change to the existing network, needs few network elements to be upgraded and improved, has low realization cost and is convenient to realize.

The case of making a handover call between a video call and an audio call will be described below.

In an exemplary embodiment, the identification request may include an audio identification request and a video identification request; the media streams to be identified may include video streams and audio streams; wherein sending the identification request to the media processing device comprises: an audio identification request is sent to media processing equipment, wherein the audio identification request carries an IP address and a port number of a terminal to be identified, so that the media processing equipment obtains an audio stream according to the IP address and the port number of the terminal to be identified; and under the condition that the audio call is detected to be switched to the video call, sending a video identification request to the media processing equipment, wherein the video identification request carries the IP address and the port number of the terminal to be identified, so that the media processing equipment obtains the audio stream and the video stream according to the IP address and the port number of the terminal to be identified.

In the embodiment of the disclosure, when two terminals make an audio call, an IMS core network sends an audio identification request to media processing equipment, and when the IMS core network judges according to media information carried in the call, the two terminals switch from the audio call to the video call and then send a video identification request to the media processing equipment, so that the media processing equipment obtains an audio stream and a video stream according to the IP address and the port number of the terminal to be identified.

The embodiment of the disclosure can identify whether telecommunication fraud exists even if the audio call is switched to the video call, thereby increasing the application range of the disclosure and further ensuring the property safety of people.

In another exemplary embodiment, the identification request includes a video identification request and a stop video identification request; the media streams to be identified may include video streams and audio streams; wherein sending the identification request to the media processing device may include: sending a video identification request to media processing equipment, wherein the video identification request carries an IP address and a port number of a terminal to be identified, so that the media processing equipment obtains an audio stream and a video stream according to the IP address and the port number of the terminal to be identified; and under the condition that the video call is detected to be switched to the audio call, sending a video identification stopping request to the media processing equipment, wherein the video identification stopping request carries the IP address and the port number of the terminal to be identified, so that the media processing equipment stops acquiring the video stream according to the IP address and the port number of the terminal to be identified.

In the embodiment of the disclosure, when two terminals make a video call, an IMS core network sends a video identification request to a media processing device, and when the IMS core network makes a judgment according to media information carried in the call, after the two terminals switch from the video call to the audio call, the IMS core network sends a request for stopping video identification to the media processing device, so that the media processing device stops acquiring video streams according to the IP address and the port number of the terminal to be identified. That is, only the audio stream is acquired and only the audio stream is telecommunication fraud identified.

The embodiment of the disclosure can identify whether telecommunication fraud exists even if the video call is switched to the audio call, thereby increasing the application range of the disclosure and further ensuring the property safety of people.

The present disclosure is further illustrated by the following three examples.

In one embodiment, the audio video AI identification process 1: the initial call is a video call.

Fig. 4 shows a signaling diagram of a telecommunication fraud identification method according to an embodiment of the present disclosure, as shown in fig. 4, the telecommunication fraud identification method provided in the embodiment of the present disclosure includes the following steps:

s401, the IMS core network sends the communication number of the terminal to be identified to the big data platform. It should be noted that, the IMS core network may also send the communication number of the receiving terminal to the large data platform. The embodiments of the present disclosure are not limited in this regard.

S402, the big data platform judges whether the communication number of the terminal to be identified is a suspicious number according to the fraud prevention model, and if the communication number is the suspicious number, S403 is executed.

S403, the big data platform sends an AI identification request to the IMS core network. In the embodiment of the disclosure, the AI identification request carries the communication number of the terminal to be identified.

S404, the IMS core network obtains the IP address and the port number of the terminal to be identified according to the communication number of the terminal to be identified based on a preset user dynamic information table, and adds the IP address and the port number of the Internet protocol of the terminal to be identified to the identification request.

S405, the IMS core network sends an identification request to the media processing device.

And S406, the media processing equipment obtains the media stream to be identified according to the IP address and the port number of the terminal to be identified.

S407, the media processing device carries out telecom fraud recognition on the media stream to be recognized based on the AI judgment model to obtain a recognition result. When the recognition result is not passed, S408a is performed; when the identification result is pass, S408b is executed.

And S408a, the media processing device sends alarm information to the IMS core network when the identification result is not passed. S409a is performed.

And S408b, the media processing device sends normal information to the IMS core network when the identification result is passing. S409b is performed.

S409a, the IMS core network sends alarm information to the big data platform. S410a is performed.

And S409b, the IMS core network sends the normal information to the big data platform, and sends a communication ending signal to the media processing equipment and the big data platform when the terminal to be identified or the receiving terminal hangs up.

S410a, the big data platform generates a user alarm request according to the alarm information and records the call abnormality information. S411a is performed.

S411a, the big data platform sends the user alarm request to the IMS core network.

And S412a, acquiring media information, and judging a call mode between the receiving terminal and the terminal to be identified according to the media information, wherein the call mode comprises video call and audio call. If the video call is made, S413a-1 is executed; if it is an audio call, S413a-2 is performed.

The ims core network transmits a user alert request to the media processing device S413 a-1. S414a-1 is performed.

S413a-2, the IMS core network sends the user alarm request to the message platform. S414a-2 is performed.

S414a-1, the media processing equipment generates warning subtitles according to the warning template information; and adding the warning caption to the video stream to prompt the receiving terminal that the user risk exists.

S414a-2, the message platform sends a user risk prompting message to the receiving terminal.

It should be noted that, after S414a-1 or S414a-2, the embodiment of the disclosure may further include that the big data platform sends an instruction to stop AI identification to the IMS core network, and the IMS core network sends an instruction to stop AI identification to the media processing device, and the media processing device releases the corresponding resource.

The above-mentioned AI-identification decision process is initiated for the big data platform, and if the user signs up for AI-identification service, the AI-identification decision process is directly initiated by the IMS core network (starting from S403). If the media processing device returns the result as "normal information", the IMS core network may not feed back to the big data platform. If the media processing equipment returns the result of alarm information, the IMS core network needs to report the information such as the calling number and the called number, the abnormal number and the like when sending the result to the big data platform.

Aiming at suspicious calls, the media processing device copies video or audio media streams from suspicious directions to an AI judgment module (AI judgment model), and the AI judgment module judges whether the audio/video has the face change and sound change conditions or not, if the audio/video has the face change or sound change behaviors, an alarm notification big data platform is generated, and meanwhile, an alarm is sent to another user.

In another embodiment, the audio video AI identification process 2: the initial call is an audio call and the session is switched to a video call.

Fig. 5 shows a telecommunication fraud recognition method signaling diagram in another embodiment of the present disclosure. As shown in fig. 5, the telecommunication fraud recognition method provided in the embodiment of the present disclosure includes the following steps:

and S501, the IMS core network sends the communication number of the terminal to be identified to a big data platform. It should be noted that, the IMS core network may also send the communication number of the receiving terminal to the large data platform. The embodiments of the present disclosure are not limited in this regard.

S502, the big data platform judges whether the communication number of the terminal to be identified is a suspicious number according to the fraud prevention model, and if the communication number is the suspicious number, S503 is executed.

S503, the big data platform sends an AI identification request to the IMS core network. In the embodiment of the disclosure, the AI identification request carries the communication number of the terminal to be identified.

S504, the IMS core network obtains the IP address and the port number of the terminal to be identified according to the communication number of the terminal to be identified based on a preset user dynamic information table, adds the IP address and the port number of the terminal to be identified to the identification request, and sets the AI service instruction word.

S505, the IMS core network sends an audio identification request to the media processing device.

And S506, the media processing equipment obtains the audio stream according to the IP address and the port number of the terminal to be identified.

S507, the audio call is switched to the video call.

S508, the IMS core network judges that the user uses the AI identification service according to the AI service instruction, inquires a user dynamic information table, extracts an IP address and a port number corresponding to the communication number of the terminal to be identified, and adds the IP address and the port number into the video identification request.

S509, the IMS core network sends a video identification request to the media processing device.

S510, the media processing device obtains an audio stream and a video stream according to the IP address and the port number.

The subsequent flow of S510 is identical to the video call flow of the "audio/video AI identification flow 1" (S407, S408, S409, S410a, S411a, S412a, S413a-1, and S414 a-1).

In yet another embodiment, the audio video AI identification flow 3: the initial call is a video call and the session is switched to an audio call.

Fig. 6 shows a signaling diagram of a telecommunication fraud recognition method in a further embodiment of the present disclosure. As shown in fig. 6, the telecommunication fraud recognition method provided in the embodiment of the present disclosure includes the following steps:

s601, the IMS core network sends the communication number of the terminal to be identified to the big data platform. It should be noted that, the IMS core network may also send the communication number of the receiving terminal to the large data platform. The embodiments of the present disclosure are not limited in this regard.

S602, the big data platform judges whether the communication number of the terminal to be identified is a suspicious number according to the fraud prevention model, and if the communication number is the suspicious number, S603 is executed.

And S603, the big data platform sends an AI identification request to the IMS core network. In the embodiment of the disclosure, the AI identification request carries the communication number of the terminal to be identified.

S604, the IMS core network obtains the IP address and the port number of the terminal to be identified according to the communication number of the terminal to be identified based on a preset user dynamic information table, adds the IP address and the port number of the terminal to be identified to the video identification request, and sets the AI service instruction word.

S605, the IMS core network sends a video identification request to the media processing device.

And S606, the media processing equipment obtains an audio stream and a video stream according to the IP address and the port number of the terminal to be identified.

S607, the video call is switched to the audio call.

And S608, the IMS core network judges that the user uses the AI identification service according to the AI service instruction, inquires a user dynamic information table, extracts an IP address and a port number corresponding to the communication number of the terminal to be identified, and adds the IP address and the port number into the stop video identification request.

S609, the IMS core network sends a stop video identification request to the media processing device.

And S610, the media processing equipment stops acquiring the video stream according to the IP address and the port number of the terminal to be identified. That is, the service module of the media processing device stops the copying of the video stream according to the IP address and the port number, and notifies the AI-identifying module to release the corresponding resource.

The subsequent flow of S610 is identical to the audio call flow of the "audio/video AI recognition flow 1" (S407, S408, S409, S410a, S411a, S412a, S413a-2, and S414 a-2).

Based on the same inventive concept, a telecommunication fraud recognition device is also provided in the embodiments of the present disclosure, as described in the following embodiments. Since the principle of solving the problem of the embodiment of the device is similar to that of the embodiment of the method, the implementation of the embodiment of the device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

Fig. 7 shows a schematic diagram of a telecommunication fraud recognition apparatus in an embodiment of the present disclosure, as shown in fig. 7, applied to a media processing device, the telecommunication fraud recognition apparatus including a first receiving module 71, a media stream obtaining module 72, a recognition module 73 and a feedback module 74. The first receiving module 71 may be configured to receive an identification request sent by an IMS core network, where the identification request carries an IP address and a port number of a terminal to be identified; the media stream obtaining module 72 may be configured to obtain a media stream to be identified according to the IP address and the port number of the terminal to be identified; the identifying module 73 may be configured to perform telecom fraud identification on the media stream to be identified based on the artificial intelligence AI judgment model, so as to obtain an identification result; the feedback module 74 may be configured to, if the identification result is not passed, feed back the identification result to the receiving terminal, where the receiving terminal is a terminal that makes a video call or an audio call with the terminal to be identified.

In an embodiment, the feedback module 74 is further configured to send, if the identification result is not passing, an alarm message to the IMS core network, so that the IMS core network sends the alarm message to the big data platform, and receives a user alarm request sent by the big data platform, where the user alarm request is generated according to the alarm message, and the big data platform records call abnormality information when receiving the alarm message; receiving a user alarm request sent by an IMS core network; and feeding back the user alarm request to the receiving terminal.

In one embodiment, the media stream to be identified comprises a video stream, and the user alarm request carries alarm template information; the feedback module 74 may also be configured to generate an alert subtitle according to alert template information when the receiving terminal makes a video call with the terminal to be identified; and adding the warning subtitle to the video stream to prompt the receiving terminal that the user risk exists.

In an embodiment, the media stream to be identified comprises an audio stream; the media stream obtaining module 72 may also be configured to obtain an audio stream according to the IP address and the port number of the terminal to be identified. The feedback module 74 may be further configured to send, if the identification result is not passing, an alarm message to the IMS core network, so that the IMS core network sends the alarm message to the big data platform, and receives a user alarm request sent by the big data platform, where the user alarm request is generated according to the alarm message; when the receiving terminal and the terminal to be identified carry out audio call, the IMS core network sends a user alarm request to the message platform so that the message platform sends a user risk prompt message to the receiving terminal; and under the condition that the big data platform receives the alarm information, recording the call abnormality information.

In an embodiment, the feedback module 74 may be further configured to send normal information to the IMS core network if the identification result is passing, so that the IMS core network sends the normal information to the big data platform, and send a communication end signal to the media processing device and the big data platform when the terminal to be identified or the receiving terminal hangs up; and receiving a communication ending signal sent by the IMS core network, wherein the communication ending signal is used for indicating the AI judgment model to end telecommunication fraud recognition.

The telecom fraud recognition device disclosed by the embodiment of the disclosure discovers possible fraud behaviors through the AI technology, and the disclosure has little change to the current network, needs few network elements to be upgraded and reformed, has low realization cost and is convenient to realize.

Further, the media stream to be identified is obtained through the IP address and the port number of the terminal to be identified, and the media stream to be identified is identified, so that an identification result is obtained, and the telecom fraud identification is realized. The method can prevent fraud implemented by changing faces or sounds and ensure property safety of people.

Based on the same inventive concept, a telecommunication fraud recognition device is also provided in the embodiments of the present disclosure, as follows. Since the principle of solving the problem of the embodiment of the device is similar to that of the embodiment of the method, the implementation of the embodiment of the device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

FIG. 8 shows a schematic diagram of a telecommunications fraud recognition apparatus in another embodiment of the present disclosure. As shown in fig. 7, the telecommunication fraud recognition apparatus is applied to an IMS core network of a network protocol multimedia subsystem, and includes a transmitting module 81 and a second receiving module 82. The sending module 81 may be configured to send an identification request to the media processing device, where the identification request carries an IP address and a port number of a terminal to be identified, so that the media processing device obtains a media stream to be identified according to the IP address and the port number of the terminal to be identified, and performs telecom fraud identification on the media stream to be identified based on the artificial intelligence AI judgment model, to obtain an identification result; the second receiving module 82 may be configured to receive alarm information sent by the media processing device, where the alarm information is alarm information sent by the media processing device to the IMS core network if the identification result is not passed; the sending module 81 may also be used for sending alarm information to the big data platform; the second receiving module 82 is further configured to receive a user alarm request sent by the big data platform, where the user alarm request is generated by the big data platform according to the alarm information; the sending module 81 may be further configured to send the user alert request to the media processing device or the message platform, so that the media processing device or the message platform feeds back the user alert request to the receiving terminal.

In an embodiment, the sending module 81 may be further configured to obtain call information, where the call information carries media information; judging a call mode between the receiving terminal and the terminal to be identified according to the media information, wherein the call mode comprises video call and audio call; when the receiving terminal and the terminal to be identified carry out video call, a user alarm request is sent to media processing equipment; when the receiving terminal and the terminal to be identified carry out audio call, the user alarm request is sent to the message platform, so that the message platform sends a user risk prompt message to the receiving terminal.

In an embodiment, before sending the identification request to the media processing device, the sending module 81 may be further configured to send the communication number of the terminal to be identified to the big data platform, so that the big data platform determines, according to the fraud prevention model, whether the communication number of the terminal to be identified is a suspicious number, and if the communication number is the suspicious number, sends an AI identification request to the IMS core network; receiving an AI identification request sent by a big data platform, wherein the AI identification request carries a communication number of a terminal to be identified; based on a preset user dynamic information table, obtaining an Internet Protocol (IP) address and a port number of the terminal to be identified according to the communication number of the terminal to be identified, and adding the IP address and the port number of the terminal to be identified to the identification request.

In an embodiment, before sending the identification request to the media processing device, the sending module 81 may be further configured to determine, according to the user subscription information, whether the receiving terminal is a fraud prevention subscription terminal; if the terminal is the fraud prevention signing terminal, acquiring a communication number of the terminal to be identified; based on a preset user dynamic information table, obtaining an Internet Protocol (IP) address and a port number of the terminal to be identified according to the communication number of the terminal to be identified, and adding the IP address and the port number of the terminal to be identified to the identification request.

In an embodiment, the identification request includes an audio identification request and a video identification request; the media stream to be identified comprises a video stream and an audio stream; the sending module 81 may be further configured to send an audio identification request to the media processing device, where the audio identification request carries an IP address and a port number of the terminal to be identified, so that the media processing device obtains an audio stream according to the IP address and the port number of the terminal to be identified; and under the condition that the audio call is detected to be switched to the video call, sending a video identification request to the media processing equipment, wherein the video identification request carries an Internet Protocol (IP) address and a port number of the terminal to be identified, so that the media processing equipment obtains an audio stream and a video stream according to the IP address and the port number of the terminal to be identified.

In one embodiment, the identification request includes a video identification request and a stop video identification request; the media stream to be identified comprises a video stream and an audio stream; the sending module 81 may be further configured to send a video identification request to the media processing device, where the video identification request carries an IP address and a port number of a terminal to be identified, so that the media processing device obtains an audio stream and a video stream according to the IP address and the port number of the terminal to be identified; and under the condition that the video call is detected to be switched to the audio call, sending a video identification stopping request to the media processing equipment, wherein the video identification stopping request carries the IP address and the port number of the terminal to be identified, so that the media processing equipment stops acquiring the video stream according to the IP address and the port number of the terminal to be identified.

In an embodiment, the sending module 81 may be further configured to set an AI service indicator for indicating that the receiving terminal is using AI-identifying service.

Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.

An electronic device 900 according to such an embodiment of the present disclosure is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.

As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one storage unit 920, and a bus 930 connecting the different system components (including the storage unit 920 and the processing unit 910).

Wherein the storage unit stores program code that is executable by the processing unit 910 such that the processing unit 910 performs steps according to various exemplary embodiments of the present disclosure described in the above-described "exemplary methods" section of the present specification.

The storage unit 920 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 9201 and/or cache memory 9202, and may further include Read Only Memory (ROM) 9203.

The storage unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 include, but are not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

The bus 930 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 900 may also communicate with one or more external devices 940 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 900, and/or any devices (e.g., routers, modems, etc.) that enable the electronic device 900 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 950. Also, electronic device 900 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 960. As shown, the network adapter 960 communicates with other modules of the electronic device 900 over the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 900, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, a computer-readable storage medium, which may be a readable signal medium or a readable storage medium, is also provided. On which a program product is stored which enables the implementation of the method described above of the present disclosure.

In some possible implementations, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the detailed description section of the disclosure, when the program product is run on the terminal device.

More specific examples of the computer readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

In this disclosure, a computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

In particular implementations, the program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

Embodiments of the present disclosure provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of the computer device, which executes the computer instructions, causing the computer device to perform the telecommunication fraud recognition method provided in the various alternatives in any of the embodiments of the present disclosure.

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope of the disclosure being indicated by the following claims.

Claims

1. A telecommunications fraud identification method, applied to a media processing device, comprising:

receiving an identification request sent by an IMS core network of a network protocol multimedia subsystem, wherein the identification request carries an IP address and a port number of an Internet protocol of a terminal to be identified;

obtaining a media stream to be identified according to the IP address and the port number of the terminal to be identified;

based on an artificial intelligence AI judgment model, carrying out telecom fraud recognition on the media stream to be recognized to obtain a recognition result;

and if the identification result is not passed, feeding back the identification result to a receiving terminal, wherein the receiving terminal is a terminal for carrying out video call or audio call with the terminal to be identified.

2. The method according to claim 1, wherein feeding back the identification result to the receiving terminal in case the identification result is not passing, comprises:

when the identification result is that the information does not pass, alarm information is sent to the IMS core network, so that the IMS core network sends the alarm information to a big data platform, and receives a user alarm request sent by the big data platform, wherein the user alarm request is generated according to the alarm information, and the big data platform records abnormal calling information under the condition that the alarm information is received;

receiving the user alarm request sent by the IMS core network;

and feeding back the user alarm request to the receiving terminal.

3. The method of claim 2, wherein the media stream to be identified comprises a video stream, and the user alert request carries alert template information;

when the receiving terminal and the terminal to be identified carry out video call, the user alarm request is fed back to the receiving terminal, and the method comprises the following steps:

generating warning subtitles according to the warning template information;

and adding the warning subtitle to the video stream to prompt the receiving terminal that the user risk exists.

4. The method of claim 1, wherein the media stream to be identified comprises an audio stream;

the method for obtaining the media stream to be identified according to the IP address and the port number of the terminal to be identified comprises the following steps:

obtaining the audio stream according to the IP address and the port number of the terminal to be identified;

and feeding back the identification result to the receiving terminal when the identification result is not passed, wherein the method comprises the following steps:

if the identification result is that the user alarm request does not pass, sending alarm information to the IMS core network so that the IMS core network sends the alarm information to a big data platform, and receiving a user alarm request sent by the big data platform, wherein the user alarm request is generated according to the alarm information; when the receiving terminal and the terminal to be identified carry out audio call, the IMS core network sends the user alarm request to a message platform so that the message platform sends a user risk prompt message to the receiving terminal;

and under the condition that the alarm information is received, the big data platform records the call abnormality information.

5. The method of claim 1, wherein after performing telecom fraud recognition on the media stream to be recognized based on an artificial intelligence AI decision model, obtaining a recognition result, the method further comprises:

If the identification result is that the identification result is passed, normal information is sent to the IMS core network, so that the IMS core network sends the normal information to a big data platform, and when the terminal to be identified or a receiving terminal hangs up, a communication ending signal is sent to the media processing equipment and the big data platform;

and receiving the communication ending signal sent by the IMS core network, wherein the communication ending signal is used for indicating the AI judgment model to end telecommunication fraud recognition.

6. A telecommunications fraud identification method, characterized by being applied to an IMS core network of a network protocol multimedia subsystem, comprising:

sending an identification request to media processing equipment, wherein the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified, so that the media processing equipment obtains a media stream to be identified according to the IP address and the port number of the terminal to be identified, and performs telecom fraud identification on the media stream to be identified based on an Artificial Intelligence (AI) judgment model to obtain an identification result;

receiving alarm information sent by the media processing device, wherein the alarm information is sent to the IMS core network by the media processing device under the condition that the identification result is not passed;

The alarm information is sent to a big data platform;

receiving a user alarm request sent by the big data platform, wherein the user alarm request is generated by the big data platform according to alarm information;

and sending the user alarm request to the media processing device or the message platform so that the media processing device or the message platform feeds back the user alarm request to the receiving terminal.

7. The method of claim 6, wherein sending the user alert request to the media processing device or message platform comprises:

acquiring call information, wherein the call information carries media information;

judging a call mode between the receiving terminal and the terminal to be identified according to the media information, wherein the call mode comprises video call and audio call;

when the receiving terminal and the terminal to be identified carry out video call, the user alarm request is sent to the media processing equipment;

and when the receiving terminal and the terminal to be identified carry out audio calling, the user alarm request is sent to the message platform, so that the message platform sends a user risk prompt message to the receiving terminal.

8. The method of claim 6, wherein prior to sending the identification request to the media processing device, the method further comprises:

the communication number of the terminal to be identified is sent to the big data platform, so that the big data platform judges whether the communication number of the terminal to be identified is a suspicious number according to the fraud prevention model, and if the suspicious number is the suspicious number, an AI identification request is sent to the IMS core network;

receiving the AI identification request sent by the big data platform, wherein the AI identification request carries the communication number of the terminal to be identified;

based on a preset user dynamic information table, obtaining the IP address and the port number of the terminal to be identified according to the communication number of the terminal to be identified, and adding the IP address and the port number of the terminal to be identified to the identification request.

9. The method of claim 6, wherein prior to sending the identification request to the media processing device, the method further comprises:

judging whether the receiving terminal is a fraud prevention signing terminal according to the user signing information;

if the terminal is the fraud prevention signing terminal, acquiring a communication number of the terminal to be identified;

10. The method of claim 6, wherein the identification request comprises an audio identification request and a video identification request; the media stream to be identified comprises a video stream and an audio stream;

wherein the sending the identification request to the media processing device comprises:

the audio identification request is sent to the media processing equipment, and the audio identification request carries the IP address and the port number of the terminal to be identified, so that the media processing equipment obtains the audio stream according to the IP address and the port number of the terminal to be identified;

and under the condition that the audio call is detected to be switched to the video call, sending the video identification request to the media processing equipment, wherein the video identification request carries the IP address and the port number of the terminal to be identified, so that the media processing equipment obtains the audio stream and the video stream according to the IP address and the port number of the terminal to be identified.

11. The method of claim 6, wherein the identification request comprises a video identification request and a stop video identification request; the media stream to be identified comprises a video stream and an audio stream;

The video identification request is sent to the media processing equipment, wherein the video identification request carries an IP address and a port number of a terminal to be identified, so that the media processing equipment obtains the audio stream and the video stream according to the IP address and the port number of the terminal to be identified;

and under the condition that the video call is detected to be switched to the audio call, sending the video identification stopping request to the media processing equipment, wherein the video identification stopping request carries the IP address and the port number of the terminal to be identified, so that the media processing equipment stops acquiring the video stream according to the IP address and the port number of the terminal to be identified.

12. The method of any of claims 8 to 11, wherein the sending an identification request to a media processing device comprises:

and setting an AI service indicator for indicating that the receiving terminal is using the AI identification service.

13. A telecommunications fraud recognition apparatus, applied to a media processing device, comprising:

the first receiving module is used for receiving an identification request sent by an IMS core network of a network protocol multimedia subsystem, wherein the identification request carries an IP address and a port number of an Internet protocol of a terminal to be identified;

The media stream obtaining module is used for obtaining the media stream to be identified according to the IP address and the port number of the terminal to be identified;

the identification module is used for carrying out telecom fraud identification on the media stream to be identified based on an artificial intelligence AI judgment model to obtain an identification result;

and the feedback module is used for feeding the identification result back to a receiving terminal when the identification result is not passed, wherein the receiving terminal is a terminal for carrying out video call or audio call with the terminal to be identified.

14. A telecommunications fraud recognition device, characterized by being applied to an IMS core network of a network protocol multimedia subsystem, comprising:

the device comprises a sending module, a media processing device and a receiving module, wherein the sending module is used for sending an identification request to the media processing device, the identification request carries an Internet Protocol (IP) address and a port number of a terminal to be identified, so that the media processing device obtains a media stream to be identified according to the IP address and the port number of the terminal to be identified, and performs telecom fraud identification on the media stream to be identified based on an Artificial Intelligence (AI) judgment model to obtain an identification result;

the second receiving module is used for receiving the alarm information sent by the media processing equipment, wherein the alarm information is sent to the IMS core network by the media processing equipment under the condition that the identification result is not passed;

The sending module is also used for sending the alarm information to a big data platform;

the second receiving module is further configured to receive a user alarm request sent by the big data platform, where the user alarm request is generated by the big data platform according to alarm information;

the sending module is further configured to send the user alarm request to the media processing device or the message platform, so that the media processing device or the message platform feeds back the user alarm request to the receiving terminal.

15. An electronic device, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the telecommunication fraud identification method of any of claims 1-12 via execution of the executable instructions.

16. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program, when executed by a processor, implements the telecommunication fraud identification method of any of claims 1-12.