CN102378180A - Method and device for determining user identity - Google Patents

Method and device for determining user identity Download PDF

Info

Publication number
CN102378180A
CN102378180A CN2011103780497A CN201110378049A CN102378180A CN 102378180 A CN102378180 A CN 102378180A CN 2011103780497 A CN2011103780497 A CN 2011103780497A CN 201110378049 A CN201110378049 A CN 201110378049A CN 102378180 A CN102378180 A CN 102378180A
Authority
CN
China
Prior art keywords
user
monitoring
rule
short messages
threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011103780497A
Other languages
Chinese (zh)
Inventor
李冠军
储昊明
庞磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2011103780497A priority Critical patent/CN102378180A/en
Publication of CN102378180A publication Critical patent/CN102378180A/en
Priority to PCT/CN2012/074640 priority patent/WO2013075462A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明公开了一种用户身份的确定方法和装置。其中,该方法包括:统计规则时长内用户发送的短消息个数是否满足流量门限;如果是,统计规则时长内该用户首次下发短消息的失败率;如果失败率满足比值监控门限,确定该用户为黑名单用户。本发明解决了捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,提高了短消息监控系统的整体性能。

The invention discloses a user identity determination method and device. Wherein, the method includes: counting whether the number of short messages sent by the user within the rule duration meets the flow threshold; if so, counting the failure rate of the user's first short message within the rule duration; if the failure rate meets the ratio monitoring threshold, determine the The user is a blacklist user. The invention solves the problem that the strategy for capturing suspicious users is too simple, and the recall rate and precision rate are contradictory, and improves the overall performance of the short message monitoring system.

Description

用户身份的确定方法和装置Method and device for determining user identity

技术领域 technical field

本发明涉及通信领域,具体而言,涉及一种用户身份的确定方法和装置。The present invention relates to the communication field, in particular, to a method and device for determining user identity.

背景技术 Background technique

目前,通讯领域的消息中心功能日臻壮大:应用范围从短消息中心、到多媒体消息中心、再到邮件中心;并且用户也日益增多;各个运营商、盈利集团和个人利用消息中心进行促销的手段也层出不穷;各网络之间互联互通的活动如火如荼;网上流动的消息量也随之成几何级数增长。在这种市场环境下,不可避免的会出现大量的垃圾消息、恶意消息、广告消息等,而发出这些消息的集体或个人就被认为是可疑用户,甚至是黑名单用户。短时间内的大量垃圾消息能够导致运营商的运营环境瘫痪;某些恶意用户甚至利用运营商计费系统的延迟,在接近欠费时发送大量短消息,进而使运营商蒙受巨额的经济损失。不仅如此,频繁的垃圾广告、恶意消息也会使用户烦不胜烦。At present, the function of the message center in the communication field is growing day by day: the application scope is from the short message center, to the multimedia message center, and then to the mail center; Emerging in endlessly; the interconnection and intercommunication activities between various networks are in full swing; the amount of information flowing on the Internet has also increased exponentially. In this market environment, it is inevitable that there will be a large number of spam messages, malicious messages, advertising messages, etc., and the groups or individuals who send these messages are considered suspicious users, or even blacklisted users. A large number of spam messages in a short period of time can lead to the paralysis of the operator's operating environment; some malicious users even take advantage of the delay of the operator's billing system to send a large number of short messages when they are close to arrears, thereby causing the operator to suffer huge economic losses. Not only that, frequent spam advertisements and malicious messages will also annoy users.

鉴于此,垃圾短消息监控系统也就应运而生,其功能主要是能根据大量的受监控的短消息来自动地发现可疑用户,进而限制可疑用户发送短消息的行为。虽然目前市场上有很多商用的垃圾短消息监控系统,但就其核心功能“发现可疑用户”而言,判断的依据仍然比较简单,通常都是基于监控规则来判断用户在单位时间内发送的消息量是否达到了预设的监控门限,如果是,则认为该用户是可疑用户(这里预设的监控门限和单位时间的长度都是由监控规则来规定的),进而限制该可疑用户发送短消息的行为。这种监控方法的缺陷在于,仅简单的对用户在单位时间内发送的消息量进行计数,判断是否达到预设的门限值。通常情况下,为了满足正常用户的通信需求,对于规则中的流量违规门限通常不会设置太小,这样就使得一些恶意用户,利用系统的这种特性,长时间的以较低频率持续发送垃圾短信,从而逃脱系统的监控,相应垃圾监控的查全率就会降低,查准率相应提高;同时为了应对用户的垃圾短信投诉,对于规则中的流量违规门限又要避免设置太大,以确保监控到更多的可疑用户,这样使得一些发送正常短信的用户,例如发送商贸往来、换号、出生祝福等短信的用户被误判为可疑用户,甚至黑名单用户,从而被关停短信功能,相应垃圾监控的查全率就会提高,但是查准率会相应降低。In view of this, a spam short message monitoring system has emerged as the times require. Its main function is to automatically discover suspicious users based on a large number of monitored short messages, and then restrict suspicious users from sending short messages. Although there are many commercial spam monitoring systems on the market, the basis for judgment is still relatively simple in terms of its core function of "finding suspicious users", usually based on monitoring rules to judge the messages sent by users within a unit time If so, the user is considered to be a suspicious user (here the preset monitoring threshold and the length of the unit time are all regulated by the monitoring rules), and then the suspicious user is restricted from sending short messages the behavior of. The defect of this monitoring method is that it simply counts the amount of messages sent by the user within a unit time, and judges whether it reaches the preset threshold value. Usually, in order to meet the communication needs of normal users, the traffic violation threshold in the rules is usually not set too small, which makes some malicious users take advantage of this feature of the system to continue sending spam at a low frequency for a long time SMS, so as to escape the monitoring of the system, the recall rate of the corresponding spam monitoring will be reduced, and the precision rate will be increased accordingly; at the same time, in order to deal with users’ spam SMS complaints, the traffic violation threshold in the rules should not be set too large to ensure More suspicious users are monitored, so that some users who send normal text messages, such as those who send business contacts, number changes, birth blessings, etc., are misjudged as suspicious users, or even blacklisted users, and the text message function is turned off. The recall rate of the corresponding garbage monitoring will increase, but the precision rate will decrease accordingly.

针对相关技术中捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,目前尚未提出有效的解决方案。Aiming at the problem that the strategy for capturing suspicious users in related technologies is too simple, and the recall rate and precision rate are contradictory, no effective solution has been proposed yet.

发明内容 Contents of the invention

针对捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,本发明提供了一种用户身份的确定方法和装置,以至少解决上述问题。Aiming at the problem that the strategy for capturing suspicious users is too simple and the recall rate and precision rate are contradictory, the present invention provides a method and device for determining user identity to at least solve the above problems.

根据本发明的一个方面,提供了一种用户身份的确定方法,包括:统计规则时长内用户发送的短消息个数是否满足流量门限;如果是,统计规则时长内该用户首次下发短消息的失败率;如果失败率满足比值监控门限,确定该用户为黑名单用户。According to one aspect of the present invention, a method for determining user identity is provided, including: counting whether the number of short messages sent by the user within the rule time meets the traffic threshold; if so, counting the number of short messages sent by the user for the first time within the rule time Failure rate; if the failure rate meets the ratio monitoring threshold, it is determined that the user is a blacklist user.

优选地,统计规则时长内上述用户发送的短消息个数是否满足流量门限之前,上述方法还包括:配置首次下发失败率的比值监控门限和至少一条监控规则;其中,监控规则包括规则时长、时间粒度和规则时长内按流量监控的流量门限,规则时长为时间粒度的整数倍。Preferably, before counting the number of short messages sent by the above-mentioned users within the duration of the rule to meet the traffic threshold, the method also includes: configuring the ratio monitoring threshold of the first delivery failure rate and at least one monitoring rule; wherein, the monitoring rule includes rule duration, Time granularity and the traffic threshold monitored by traffic within the rule duration, and the rule duration is an integer multiple of the time granularity.

优选地,统计规则时长内上述用户发送的短消息个数是否满足流量门限包括:当配置多条监控规则时,基于配置的各个监控规则分别对该用户发送的短消息进行计数统计。Preferably, counting whether the number of short messages sent by the user within the rule duration meets the traffic threshold includes: when multiple monitoring rules are configured, counting and counting the short messages sent by the user based on each configured monitoring rule.

优选地,基于配置的各个监控规则分别对上述用户发送的短消息进行计数统计包括:逐一从多个监控规则中选取一个监控规则;以时间粒度为单位,对选取的监控规则的规则时长内该用户发送的短消息个数进行计数;如果当前时间粒度内该用户的计数达到流量门限,则确定规则时长内该用户的短消息个数满足流量门限;继续选取下一个监控规则进行计数,直至多个监控规则选取完毕。Preferably, counting and counting the short messages sent by the above-mentioned users based on each monitoring rule configured includes: selecting a monitoring rule from a plurality of monitoring rules one by one; The number of short messages sent by the user is counted; if the count of the user reaches the traffic threshold in the current time granularity, it is determined that the number of short messages of the user in the rule duration meets the traffic threshold; continue to select the next monitoring rule to count until more than A monitoring rule is selected.

优选地,统计规则时长内上述用户首次下发短消息的失败率包括:对该用户在规则时长内发送的所有短消息数进行计算;对该用户在规则时长内所有首次下发短消息失败的次数进行计算;计算首次下发短消息失败的次数与所有短消息数的比值,将比值作为规则时长内该用户首次下发短消息的失败率。Preferably, counting the failure rate of the first short message sent by the above-mentioned user within the regular time period includes: calculating the number of all short messages sent by the user within the regular time period; Calculate the number of times; calculate the ratio of the number of failed short messages sent for the first time to the number of all short messages, and use the ratio as the failure rate of the user's first short message sent within the rule period.

优选地,如果失败率不满足比值监控门限,上述方法还包括:获取规则时长内上述用户发送的短消息的关联信息,其中,关联信息至少包括以下之一:起呼频次、内容长度一致率、关键字出现频率和目的号码连续率;其中,起呼频次、内容长度一致率、关键字出现频率和目的号码连续率分别配置有一个关联门限;如果关联信息中有一个满足对应的关联门限,确定该用户为黑名单用户。Preferably, if the failure rate does not meet the ratio monitoring threshold, the above method further includes: acquiring associated information of the short messages sent by the above-mentioned users within the specified duration, wherein the associated information includes at least one of the following: calling frequency, content length consistency rate, Keyword occurrence frequency and destination number continuity rate; among them, frequency of initiating calls, content length consistency rate, keyword occurrence frequency and destination number continuity rate are respectively configured with an association threshold; if one of the association information satisfies the corresponding association threshold, determine This user is a blacklist user.

根据本发明的另一方面,提供了一种用户身份的确定装置,包括:流量统计模块,用于统计规则时长内用户发送的短消息个数是否满足流量门限;失败率统计模块,用于如果流量统计模块统计的结果为短消息个数满足流量门限,统计规则时长内该用户首次下发短消息的失败率;身份确定模块,用于如果失败率统计模块统计的结构为失败率满足比值监控门限,确定该用户为黑名单用户。According to another aspect of the present invention, a device for determining a user identity is provided, including: a traffic statistics module, used to count whether the number of short messages sent by a user within a rule period meets the traffic threshold; a failure rate statistics module, used to count if The statistical result of the traffic statistics module is that the number of short messages meets the traffic threshold, and the failure rate of the user sending short messages for the first time within the time period of the statistical rule; the identity determination module is used to monitor if the failure rate statistics module’s statistical structure is that the failure rate satisfies the ratio Threshold, determine that the user is a blacklist user.

优选地,上述装置还包括:配置模块,用于配置首次下发失败率的比值监控门限和至少一条监控规则;其中,监控规则包括规则时长、时间粒度和规则时长内按流量监控的流量门限,规则时长为时间粒度的整数倍。Preferably, the above device further includes: a configuration module, configured to configure a ratio monitoring threshold of the failure rate of the first delivery and at least one monitoring rule; wherein, the monitoring rule includes rule duration, time granularity, and a flow threshold for monitoring traffic within the rule duration, The rule duration is an integer multiple of the time granularity.

优选地,上述流量统计模块包括:流量统计单元,用于当配置模块配置多条监控规则时,基于配置的各个监控规则分别对上述用户发送的短消息进行计数统计。Preferably, the above-mentioned traffic statistics module includes: a traffic statistics unit, configured to count and count the short messages sent by the above-mentioned users based on each configured monitoring rule when the configuration module configures multiple monitoring rules.

优选地,上述失败率统计模块包括:短消息数计算单元,用于对上述用户在规则时长内发送的所有短消息数进行计算;失败次数计算单元,用于对该用户在规则时长内所有首次下发短消息失败的次数进行计算;失败率计算单元,用于计算失败次数计算单元计算的首次下发短消息失败的次数与短消息数计算单元计算的所有短消息数的比值,将比值作为规则时长内该用户首次下发短消息的失败率。Preferably, the above-mentioned failure rate statistics module includes: a short message number calculation unit, used to calculate the number of all short messages sent by the above-mentioned user within the regular time period; a failure count calculation unit, used for all the first-time Send the number of times that short message fails to calculate; Failure rate calculation unit, the ratio of the number of times that the failure rate calculation unit calculates and the number of all short messages calculated by the calculation unit for sending short messages for the first time is calculated, and the ratio is used as The failure rate of the user sending short messages for the first time within the rule duration.

优选地,上述装置还包括:关联信息获取模块,用于如果失败率统计模块统计的失败率不满足比值监控门限,获取规则时长内上述用户发送的短消息的关联信息,其中,关联信息至少包括以下之一:起呼频次、内容长度一致率、关键字出现频率和目的号码连续率;其中,起呼频次、内容长度一致率、关键字出现频率和目的号码连续率分别配置有一个关联门限;身份再次确认模块,用于如果关联信息获取模块获取的关联信息中有一个满足对应的关联门限,确定该用户为黑名单用户。Preferably, the above-mentioned device further includes: an associated information acquisition module, used to obtain the associated information of the short messages sent by the above-mentioned users within the specified time period if the failure rate counted by the failure rate statistics module does not meet the ratio monitoring threshold, wherein the associated information includes at least One of the following: calling frequency, content length consistency rate, keyword occurrence frequency, and destination number continuity rate; wherein, each of the origination call frequency, content length consistency rate, keyword occurrence frequency, and destination number continuity rate is configured with an associated threshold; The identity reconfirmation module is used to determine that the user is a blacklisted user if one of the associated information obtained by the associated information obtaining module satisfies the corresponding associated threshold.

通过本发明,采用在流量监控的基础上结合首发失败率的监控,解决了捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,进而提高了短消息监控系统的整体性能。Through the present invention, on the basis of traffic monitoring combined with the monitoring of the first failure rate, the strategy of capturing suspicious users is too simple, and the problem of contradiction between the recall rate and the precision rate is solved, and the overall performance of the short message monitoring system is improved. .

附图说明 Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention and constitute a part of the application. The schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute improper limitations to the present invention. In the attached picture:

图1是根据本发明实施例的用户身份的确定方法流程图;Fig. 1 is a flowchart of a method for determining a user identity according to an embodiment of the present invention;

图2是根据本发明实施例的用户身份的确定装置的结构框图;Fig. 2 is a structural block diagram of a device for determining a user identity according to an embodiment of the present invention;

图3是根据本发明实施例的优选用户身份的确定装置的结构框图;Fig. 3 is a structural block diagram of a device for determining a preferred user identity according to an embodiment of the present invention;

图4是根据本发明实施例的另一优选用户身份的确定装置的结构框图;Fig. 4 is a structural block diagram of another device for determining a preferred user identity according to an embodiment of the present invention;

图5是根据本发明实施例的失败率统计模块的结构框图;Fig. 5 is the structural block diagram of the failure rate statistical module according to the embodiment of the present invention;

图6是根据本发明实施例的再一优选用户身份的确定装置的结构框图;Fig. 6 is a structural block diagram of another device for determining a preferred user identity according to an embodiment of the present invention;

图7是根据本发明优选实施例的短消息监控系统的示意图;Figure 7 is a schematic diagram of a short message monitoring system according to a preferred embodiment of the present invention;

图8是根据本发明优选实施例的短消息监控系统的架构示意图;Fig. 8 is a schematic diagram of the architecture of a short message monitoring system according to a preferred embodiment of the present invention;

图9是根据本发明优选实施例的短消息监控方法的流程图;Fig. 9 is the flow chart of the short message monitoring method according to the preferred embodiment of the present invention;

图10是根据本发明优选实施例的基于多条监控规则对用户发送的短消息进行计数的流程图。Fig. 10 is a flow chart of counting short messages sent by users based on multiple monitoring rules according to a preferred embodiment of the present invention.

具体实施方式 Detailed ways

下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。Hereinafter, the present invention will be described in detail with reference to the drawings and examples. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

本发明实施例针对垃圾短信群发的特征,通常被叫号码中可能存在一部分无效号码(停机、无此号码等),发到这些号码的消息都会下发失败,提供了一种用户身份的确定方法和装置。下面通过具体实施例进行说明。The embodiment of the present invention is aimed at the characteristics of mass sending of spam short messages. Generally, there may be some invalid numbers (shutdown, no such number, etc.) in the called number, and the messages sent to these numbers will fail to be delivered, and a method for determining the identity of the user is provided. and device. The following will be described through specific examples.

如图1所示的根据本发明实施例的用户身份的确定方法流程图,该方法可以在短消息监控系统中实现,包括以下步骤:As shown in Figure 1, according to the flow chart of the method for determining user identity according to an embodiment of the present invention, the method can be implemented in a short message monitoring system, and includes the following steps:

步骤S102,统计规则时长内用户发送的短消息个数是否满足流量门限;如果是,执行步骤S104;如果否,执行步骤S108。Step S102, counting whether the number of short messages sent by the user within the specified period of time meets the traffic threshold; if yes, execute step S104; if not, execute step S108.

步骤S104,统计上述规则时长内该用户首次下发短消息的失败率。Step S104, counting the failure rate of the user sending short messages for the first time within the specified time period.

步骤S106,如果上述失败率满足比值监控门限,确定该用户为黑名单用户。Step S106, if the failure rate meets the ratio monitoring threshold, it is determined that the user is a blacklist user.

步骤S108,确定该用户为合法用户。Step S108, determining that the user is a legitimate user.

本实施例通过在流量监控的基础上结合首发失败率的监控,可以限制长时间以较低频率持续发送垃圾短信的行为,又可以避免误监控的出现,同时提高了查全率和查准率,解决了相关技术中捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,提高了短消息监控系统的整体性能。In this embodiment, by combining the monitoring of the first failure rate on the basis of traffic monitoring, the behavior of continuously sending spam messages at a low frequency for a long time can be limited, and the occurrence of false monitoring can be avoided, and the recall rate and precision rate are improved at the same time The method solves the problem that the strategy for capturing suspicious users is too simple and the recall rate and precision rate are contradictory in related technologies, and improves the overall performance of the short message monitoring system.

当统计规则时长内用户发送的短消息个数是否满足上述流量门限时,可以暂时确定该用户可能为可疑用户,如果该可疑用户的上述首发的失败率也满足设定的比值监控门限,则可以确定该用户为可疑用户,即该用户为上述黑名单用户。When the number of short messages sent by the user within the time period of the statistical rule meets the above traffic threshold, it can be temporarily determined that the user may be a suspicious user. It is determined that the user is a suspicious user, that is, the user is the above-mentioned blacklisted user.

上述规则时长指一条监控规则的监控时长,本实施例的规则时长是时间粒度的倍数,它以时间粒度为计算单位。例如1个时间粒度、2个时间粒度等。因此一个规则时长内可以包含有1个或多个时间粒度。而时间粒度用来表示设定的时间长度,它是监控时长的基本单位,如10分钟、1小时等。本实施例的时间粒度用粒度开始时间和粒度结束时间界定,粒度开始时间为时间粒度的起始时间;粒度结束时间为时间粒度的起始时间加上时间粒度。The above-mentioned rule duration refers to the monitoring duration of a monitoring rule. The rule duration in this embodiment is a multiple of the time granularity, and the time granularity is used as the calculation unit. For example, 1 time granularity, 2 time granularities, etc. Therefore, one or more time granularities can be included in a rule duration. The time granularity is used to indicate the set time length, which is the basic unit of monitoring time, such as 10 minutes, 1 hour, etc. The time granularity in this embodiment is defined by the granularity start time and the granularity end time, the granularity start time is the start time of the time granularity; the granularity end time is the time granularity plus the time granularity start time.

在进行上述统计规则时长内用户发送的短消息个数是否满足流量门限之前,可以根据需要对系统进行配置,例如:配置首次下发失败率的比值监控门限和至少一条监控规则;其中,监控规则包括规则时长、时间粒度和规则时长内按流量监控的流量门限,该规则时长为时间粒度的整数倍。这种配置方式可以根据系统的实际监控需要进行配置,使配置的参数更符合监控要求,增加了系统的灵活性。当然,对于普遍适用的场景,也可以采用系统默认的配置进行,即不需要单独进行上述配置。Before the number of short messages sent by the user meets the traffic threshold within the above statistical rules, you can configure the system according to your needs, for example: configure the ratio monitoring threshold of the failure rate of the first delivery and at least one monitoring rule; among them, the monitoring rule Including the rule duration, time granularity and the traffic threshold monitored by traffic within the rule duration, the rule duration is an integer multiple of the time granularity. This configuration method can be configured according to the actual monitoring needs of the system, so that the configured parameters can better meet the monitoring requirements and increase the flexibility of the system. Of course, for generally applicable scenarios, the default configuration of the system can also be used, that is, the above configuration does not need to be performed separately.

当配置多条监控规则时,可以基于配置的各个监控规则分别对用户发送的短消息进行计数统计。例如:逐一从多个监控规则中选取一个监控规则;以时间粒度为单位,对选取的监控规则的规则时长内用户发送的短消息个数进行计数;如果当前时间粒度内用户的计数达到流量门限,则确定规则时长内用户的短消息个数满足流量门限;继续选取下一个监控规则进行计数,直至多个监控规则选取完毕。通过配置多条监控规则,可以更加准确地确定用户的身份。When multiple monitoring rules are configured, the short messages sent by the user can be counted and counted based on each configured monitoring rule. For example: select a monitoring rule from multiple monitoring rules one by one; take time granularity as the unit, count the number of short messages sent by users within the rule duration of the selected monitoring rule; if the count of users in the current time granularity reaches the traffic threshold , it is determined that the number of short messages of the user within the rule duration satisfies the traffic threshold; continue to select the next monitoring rule to count until multiple monitoring rules are selected. By configuring multiple monitoring rules, the user's identity can be determined more accurately.

本实施例可以通过短消息中心记录的用户的短消息发送情况,统计规则时长内用户首次下发短消息的失败率,具体采用下述过程完成:1)对该用户在规则时长内发送的所有短消息数进行计算;2)对该用户在规则时长内所有首次下发短消息失败的次数进行计算;3)计算首次下发短消息失败的次数与所有短消息数的比值,将该比值作为规则时长内用户首次下发短消息的失败率。这种统计方式采用先取出一条监控规则,基于该监控规则对用户发送的短消息进行计数,然后,确定还存在其他监控规则时,再次取出一条监控规则,再基于该监控规则对用户发送的短消息数进行计数。这种统计方式比较有序,便于实现。In this embodiment, the user's short message sending situation recorded by the short message center can be used to count the failure rate of the user sending short messages for the first time in the rule time length. Specifically, the following process is used to complete: Calculate the number of short messages; 2) calculate the number of times that the user fails to send short messages for the first time in the rule duration; 3) calculate the ratio of the number of times that the first time the short message fails to send short messages to the number of all short messages, and use the ratio as The failure rate of the user sending short messages for the first time within the rule duration. This statistical method first takes out a monitoring rule, counts the short messages sent by the user based on the monitoring rule, and then takes out another monitoring rule when it is determined that there are other monitoring rules, and then counts the short messages sent by the user based on the monitoring rule. The number of messages is counted. This statistical method is relatively orderly and easy to implement.

由上述方案可知,本实施例的流量监控指对规则时长内的短消息量进行监控,它以预先设置的按流量监控的门限作为监控基础,分为单纯流量监控和复合流量监控。单纯流量监控主要是指直接将预先设置的按流量监控的门限作为可疑门限来进行监控,即当用户在规则时长内发送的短消息量大于或等于按流量监控的门限时,就认为相应用户为可疑用户,进而限制可疑用户发送短消息的行为。复合流量监控是指在单纯流量监控的基础上结合监控类型进行后续监控,即首先判断用户在规则时长内发送的短消息量是否达到按流量监控的门限,在达到了该按流量监控的门限的基础上,再根据不同的监控类型对已在规则时长内监控到的短消息进行后续监控。As can be seen from the above scheme, the flow monitoring in this embodiment refers to monitoring the amount of short messages within a regular duration, and it uses the preset threshold for monitoring by flow as the monitoring basis, and is divided into simple flow monitoring and composite flow monitoring. Simple flow monitoring mainly refers to directly monitoring the preset threshold of monitoring by flow as the suspicious threshold, that is, when the amount of short messages sent by a user within the specified time is greater than or equal to the threshold of monitoring by flow, the corresponding user is considered as suspicious. Suspicious users, and then limit the behavior of suspicious users to send short messages. Composite traffic monitoring refers to follow-up monitoring combined with monitoring types on the basis of simple traffic monitoring, that is, to first judge whether the amount of short messages sent by users within the specified time reaches the threshold of traffic monitoring, and when the threshold of traffic monitoring is reached On this basis, follow-up monitoring is performed on the short messages that have been monitored within the specified time period according to different monitoring types.

上述后续监控是相对于实时的按流量监控来说,后续监控是在一个时间粒度结束时间之前,对该时间粒度内违反单纯流量监控的用户在规则时长内发送的所有短消息进行进一步地判断和分析。在后续监控的过程中,涉及到监控类型的问题,监控类型是每一条监控规则中的属性之一,标志该监控规则是基于哪种类型设置的,对于后续监控而言,其包括的监控类型可以为按起呼频次监控、按关键字频次监控、按号码连续性监控等。基于此,如果失败率不满足比值监控门限,上述方法还包括:获取规则时长内用户发送的短消息的关联信息,其中,关联信息至少包括以下之一:起呼频次、内容长度一致率、关键字出现频率和目的号码连续率;其中,起呼频次、内容长度一致率、关键字出现频率和目的号码连续率分别配置有一个关联门限;如果获取的关联信息中有一个满足对应的关联门限,则确定该用户为黑名单用户。这种监控方式更具有综合性,可以准确地捕获可疑用户,查全率和查准率均可以得到保证。The above-mentioned follow-up monitoring is relative to the real-time traffic monitoring. The follow-up monitoring is to further judge and analyze all the short messages sent by users who violate the pure flow monitoring within the time granularity before the end time of a time granularity. analyze. In the process of follow-up monitoring, the issue of monitoring type is involved. The monitoring type is one of the attributes in each monitoring rule, indicating which type the monitoring rule is based on. For subsequent monitoring, the monitoring type it includes It can be monitored by calling frequency, keyword frequency, number continuity, etc. Based on this, if the failure rate does not meet the ratio monitoring threshold, the above method also includes: obtaining the associated information of the short messages sent by the user within the rule duration, wherein the associated information includes at least one of the following: call frequency, content length consistency rate, key Word occurrence frequency and destination number continuity rate; among them, frequency of initiating calls, content length consistency rate, keyword occurrence frequency and destination number continuity rate are respectively configured with an association threshold; if one of the acquired association information satisfies the corresponding association threshold, Then it is determined that the user is a blacklist user. This monitoring method is more comprehensive, can accurately capture suspicious users, and both recall and precision can be guaranteed.

在实际实现时,可以按照下述方式设置监控规则:将上述步骤S102中的统计规则时长内用户发送的短消息个数与流量门限的关系对应的规则作为父规则,将上述步骤S104-S106中的统计上述规则时长内该用户首次下发短消息的失败率与比值监控门限的关系作为子规则,其中,父规则指一个规则簇中,如果规则A需要在规则B之前执行,则称规则A是规则B的父规则。上述单纯流量监控规则就是后续监控的父规则。子规则指一个规则簇中,如果规则A需要在规则B之后执行,则称规则A是规则B的子规则。后续监控就是单纯流量监控规则的子规则。During actual implementation, the monitoring rules can be set in the following manner: the rule corresponding to the relationship between the number of short messages sent by the user and the traffic threshold in the statistical rule duration in the above-mentioned steps S102 is used as a parent rule, and the above-mentioned steps S104-S106 The relationship between the failure rate of the user's first short message delivery and the ratio monitoring threshold within the duration of the above rules is used as a sub-rule. The parent rule refers to a rule cluster. If rule A needs to be executed before rule B, it is called rule A. is the parent rule of rule B. The above simple traffic monitoring rule is the parent rule for subsequent monitoring. A sub-rule refers to a rule cluster. If rule A needs to be executed after rule B, then rule A is said to be a sub-rule of rule B. Subsequent monitoring is a sub-rule of the simple traffic monitoring rule.

上述黑名单指对于在一定时间内发送次数超过一定门限或发送关键字超过门限的用户定义为黑名单用户,该用户将被关闭短消息发送功能。相对于黑名单而言,监控系统中还有白名单,该白名单中的用户为不被监控的用户,即无论该用户如何发送短消息都不会被监控。The above-mentioned blacklist refers to users whose sending times exceed a certain threshold or send keywords exceeding a threshold within a certain period of time are defined as blacklist users, and the short message sending function will be turned off for this user. Compared with the blacklist, there is also a whitelist in the monitoring system, and the users in the whitelist are users who are not monitored, that is, no matter how the user sends a short message, they will not be monitored.

上述用户身份的确定方法可以应用在短消息监控方法中,首先,基于监控规则对用户发送的短消息数进行计数,在一个时间粒度内,用户发送的短消息数达到规则时长内按流量监控的门限后,在该时间粒度结束内,记录该粒度结束时间之前的规则时长内用户发送的所有短消息;其次,该用户每发一条短消息,对首次终呼失败次数/所有短消息数(相当于上述用户首次下发短消息的失败率)进行计算,当计算得到的比值达到首次下发失败率监控门限时,将该用户标识为可疑用户。进而限制该可疑用户的发送行为。The determination method of the above-mentioned user identity can be applied in the short message monitoring method. First, the number of short messages sent by the user is counted based on the monitoring rules. After the threshold, within the end of the time granularity, record all the short messages sent by the user in the regular duration before the end time of the granularity; secondly, every time the user sends a short message, the number of failed calls/all short messages for the first time (equivalent to The calculation is performed on the basis of the failure rate of the first delivery of the short message by the above user, and when the calculated ratio reaches the monitoring threshold of the failure rate of the first delivery, the user is identified as a suspicious user. Further, the sending behavior of the suspicious user is restricted.

通过引入对用户短消息首次下发失败情况的判断,可以针对群发,被叫号码中可能存在一部分无效号码(停机、无此号码等)的特征进行有效地监控,如果终呼失败比例较高,则认为有发垃圾短信的嫌疑。由于首次下发失败率监控是在流量监控筛选的基础上进行的,因此配置较低流量门限时,既可以限制长时间的以较低频率持续发送垃圾短信的行为,又可以避免误监控的出现,同时提高查全率和查准率。总之,通过首次下发失败情况的判断,这样就达到了更全面的捕获可疑用户的监控效果,同时也提高了短消息监控系统的整体性能。By introducing the judgment of the failure of the user's short message delivery for the first time, it is possible to effectively monitor the characteristics of some invalid numbers (shutdown, no such number, etc.) among the group sending and called numbers. If the proportion of terminal call failures is high, It is considered to be suspected of sending spam messages. Since the first delivery failure rate monitoring is based on traffic monitoring and screening, when configuring a lower traffic threshold, it can not only limit the behavior of sending spam messages at a lower frequency for a long time, but also avoid false monitoring. , while improving recall and precision. In a word, by judging the failure of the first delivery, a more comprehensive monitoring effect of capturing suspicious users is achieved, and at the same time, the overall performance of the short message monitoring system is improved.

对应于上述用户身份的确定方法,本实施例还提供了一种用户身份的确定装置。如图2所示的根据本发明实施例的用户身份的确定装置的结构框图,该装置可以设置在短消息监控系统中,该装置包括:流量统计模块22、失败率统计模块24、身份确定模块26。下面具体介绍上述模块的结构:Corresponding to the method for determining the user identity described above, this embodiment also provides a device for determining the user identity. As shown in Figure 2, the structural block diagram of the device for determining user identity according to the embodiment of the present invention, the device can be set in the short message monitoring system, and the device includes: traffic statistics module 22, failure rate statistics module 24, identity determination module 26. The following describes the structure of the above modules in detail:

流量统计模块22,用于统计规则时长内用户发送的短消息个数是否满足流量门限;失败率统计模块24,与流量统计模块22相连,用于如果流量统计模块22统计的结果为短消息个数满足流量门限,统计规则时长内用户首次下发短消息的失败率;身份确定模块26,与失败率统计模块24相连,用于如果失败率统计模块24统计的结构为失败率满足比值监控门限,确定用户为黑名单用户。Traffic statistics module 22, whether the number of short messages sent by the user in the time length of the statistics rule meets the traffic threshold; Failure rate statistics module 24, connected with the traffic statistics module 22, is used for if the result of traffic statistics module 22 statistics is the number of short messages The number meets the traffic threshold, and the failure rate of the user's first short message in the statistical rule time length; the identity determination module 26 is connected with the failure rate statistics module 24, and is used for if the structure of the failure rate statistics module 24 statistics is that the failure rate meets the ratio monitoring threshold , to determine that the user is a blacklist user.

本实施例的装置通过在流量统计模块22进行流量监控的基础上结合失败率统计模块24对首发失败率的监控,可以限制长时间以较低频率持续发送垃圾短信的行为,又可以避免误监控的出现,同时提高了查全率和查准率,解决了相关技术中捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,提高了短消息监控系统的整体性能。The device of this embodiment can limit the behavior of continuously sending spam messages at a lower frequency for a long time by combining the monitoring of the failure rate statistics module 24 on the basis of traffic monitoring by the traffic statistics module 22, and can avoid false monitoring. The appearance of the system improves the recall rate and precision rate at the same time, solves the problem that the strategy for capturing suspicious users in related technologies is too simple, and the recall rate and precision rate have contradictions, and improves the overall performance of the short message monitoring system.

如图3所示的根据本发明实施例的优选用户身份的确定装置的结构框图,上述装置还可以包括:配置模块32,与流量统计模块22和身份确定模块26相连,用于配置首次下发失败率的比值监控门限和至少一条监控规则;其中,监控规则包括规则时长、时间粒度和规则时长内按流量监控的流量门限,规则时长为时间粒度的整数倍。As shown in FIG. 3, the structural block diagram of the device for determining the preferred user identity according to the embodiment of the present invention, the above-mentioned device may also include: a configuration module 32, connected to the traffic statistics module 22 and the identity determination module 26, for configuring the first delivery The ratio monitoring threshold of the failure rate and at least one monitoring rule; wherein, the monitoring rule includes the rule duration, time granularity and traffic threshold monitored by traffic within the rule duration, and the rule duration is an integer multiple of the time granularity.

如图4所示的根据本发明实施例的另一优选用户身份的确定装置的结构框图,流量统计模块22可以包括:流量统计单元222,与配置模块32相连,用于当配置模块32配置多条监控规则时,基于配置的各个监控规则分别对用户发送的短消息进行计数统计。As shown in FIG. 4 , according to the structural block diagram of another device for determining a preferred user identity according to an embodiment of the present invention, the traffic statistics module 22 may include: a traffic statistics unit 222, which is connected with the configuration module 32, and is used when the configuration module 32 configures multiple When there are no monitoring rules, count and count the short messages sent by users based on each configured monitoring rule.

如图5所示的根据本发明实施例的失败率统计模块24的结构框图,失败率统计模块24可以包括:As shown in Figure 5 according to the structural block diagram of the failure rate statistical module 24 of the embodiment of the present invention, the failure rate statistical module 24 may include:

短消息数计算单元242,用于对用户在规则时长内发送的所有短消息数进行计算;The number of short messages calculation unit 242 is used to calculate the number of all short messages sent by the user within the regular duration;

失败次数计算单元244,用于对用户在规则时长内所有首次下发短消息失败的次数进行计算;The number of times of failure calculation unit 244 is used to calculate the number of times that the user fails to send short messages for the first time within the rule duration;

失败率计算单元246,与短消息数计算单元242和失败次数计算单元244相连,用于计算失败次数计算单元244计算的首次下发短消息失败的次数与短消息数计算单元242计算的所有短消息数的比值,将比值作为规则时长内用户首次下发短消息的失败率。The failure rate calculation unit 246 is connected with the number of short messages calculation unit 242 and the number of times of failure calculation unit 244, and is used to calculate the number of times that the number of failures calculation unit 244 calculates the number of failed short messages sent for the first time and all short messages calculated by the number of short messages calculation unit 242. The ratio of the number of messages, and the ratio is used as the failure rate of the user sending a short message for the first time within the rule time.

如图6所示的根据本发明实施例的再一优选用户身份的确定装置的结构框图,上述装置还可以包括:As shown in FIG. 6, a structural block diagram of another device for determining a preferred user identity according to an embodiment of the present invention, the above-mentioned device may also include:

关联信息获取模块62,与失败率统计模块24相连,用于如果失败率统计模块24统计的失败率不满足比值监控门限,获取规则时长内用户发送的短消息的关联信息,其中,关联信息至少包括以下之一:起呼频次、内容长度一致率、关键字出现频率和目的号码连续率;其中,起呼频次、内容长度一致率、关键字出现频率和目的号码连续率分别配置有一个关联门限;Associated information obtaining module 62, is connected with failure rate statistics module 24, is used for if the failure rate of failure rate statistics module 24 statistics does not meet the ratio monitoring threshold, obtains the associated information of the short message that user sends in the rule duration, wherein, associated information is at least Including one of the following: call frequency, content length consistency rate, keyword appearance frequency and destination number continuity rate; among them, the origination call frequency, content length consistency rate, keyword appearance frequency and destination number continuity rate are respectively configured with an associated threshold ;

身份再次确认模块64,与关联信息获取模块62相连,用于如果关联信息获取模块62获取的关联信息中有一个满足对应的关联门限,确定用户为黑名单用户。The identity reconfirmation module 64 is connected with the association information acquisition module 62, and is used to determine that the user is a blacklist user if one of the association information acquired by the association information acquisition module 62 meets the corresponding association threshold.

下面将结合一个优选实施例进行详细说明,该优选实施例结合了上述实施例及优选实施方式。A detailed description will be given below in conjunction with a preferred embodiment, which combines the above-mentioned embodiments and preferred implementation modes.

在本优选实施例中,提供了上述用户身份的确定装置的另一种划分方式,如图7所示的根据本发明优选实施例的短消息监控系统的示意图,该系统包括:配置模块70、初步分析模块72、后续分析模块74、显示模块76。其中,配置模块70,用于配置首次下发失败率监控门限、以及配置至少一条监控规则,其中,监控规则包括:规则时长内按流量监控的门限、规则时长和时间粒度,并且规则时长为时间粒度的整数倍,并且将配置好的监控规则发送给初步分析模块72、以及将配置好的用户级别监控门限发送给后续分析模块76;初步分析模块72,与配置模块70相连,用于对用户发送的短消息数进行计数,当在一个时间粒度内,用户发送的短消息数达到规则时长内按流量监控的门限后,记录用户的用户信息,并且在该时间粒度结束内,记录粒度结束时间之前的规则时长内用户发送的所有短消息并发送给后续分析模块74;后续分析模块74,与配置模块70和初步分析模块72相连,用于对所有短消息和首次终呼失败次数进行计算,当计算首次终呼失败次数/所有短消息数达到首次下发失败率监控门限时,将用户标识为可疑用户;显示模块76,与后续分析模块74相连,用于显示可疑用户的用户信息。In this preferred embodiment, another division method of the device for determining the above-mentioned user identity is provided, as shown in FIG. A preliminary analysis module 72 , a subsequent analysis module 74 , and a display module 76 . Among them, the configuration module 70 is used to configure the monitoring threshold of the failure rate for the first delivery, and configure at least one monitoring rule, wherein the monitoring rule includes: the threshold, rule duration and time granularity of traffic monitoring within the rule duration, and the rule duration is time Integer multiples of the granularity, and the configured monitoring rules are sent to the preliminary analysis module 72, and the configured user level monitoring threshold is sent to the follow-up analysis module 76; the preliminary analysis module 72 is connected with the configuration module 70 for user The number of short messages sent is counted. When the number of short messages sent by a user reaches the threshold of traffic monitoring within a specified time period within a time granularity, the user information of the user is recorded, and within the end of the time granularity, the end time of the record granularity is recorded. All short messages sent by the user in the previous rule duration are also sent to the follow-up analysis module 74; the follow-up analysis module 74 is connected with the configuration module 70 and the preliminary analysis module 72, and is used to calculate all short messages and the first number of times of terminal call failures, When calculating the number of failed calls/all short messages for the first time and reaching the monitoring threshold of the failure rate for the first time, the user is identified as a suspicious user; the display module 76 is connected with the follow-up analysis module 74 for displaying the user information of the suspicious user.

该优选实施例增加了后续分析模块74,即引入了后续的首次下发失败率监控,因此配置较低流量门限时,既可以限制长时间的以较低频率持续发送垃圾短信的行为,又可以避免误监控的出现,同时提高查全率和查准率,这样就实现了提高监控系统可靠性的目的。This preferred embodiment has increased the follow-up analysis module 74, namely introduced follow-up first delivery failure rate monitoring, so when configuring a lower traffic threshold, it can limit the behavior of continuously sending spam short messages with a lower frequency for a long time, and can also Avoid false monitoring, and improve the recall rate and precision rate at the same time, so as to achieve the purpose of improving the reliability of the monitoring system.

配置模块70配置了多条监控规则时,初步分析模块72具体用于基于配置的各监控规则分别对用户发送的短消息进行计数,更具体地,取出一条监控规则,基于该监控规则分别对用户发送的短消息进行计数,确定存在其他监控规则时,再次取出一条监控规则,基于该监控规则对用户发送的短消息数进行计数。When the configuration module 70 has configured a plurality of monitoring rules, the preliminary analysis module 72 is specifically used to count the short messages sent by the user based on the configured monitoring rules, and more specifically, take out a monitoring rule, and based on the monitoring rule, respectively count the short messages sent by the user. The short messages sent are counted, and when it is determined that there are other monitoring rules, another monitoring rule is taken out, and the number of short messages sent by the user is counted based on the monitoring rule.

后续分析模块76具体包括:计算单元,用于对用户在一个规则时长内发送的所有短消息数和首次终呼失败次数进行计算;比较单元,用于将首次终呼失败次数/所有短消息数与首次下发失败率监控门限进行比较,当计算得到的值达到首次下发失败率监控门限时,将该用户标识为可疑用户。The follow-up analysis module 76 specifically includes: a calculation unit, used to calculate the number of all short messages sent by the user within a regular period of time and the number of failed call terminations for the first time; Compared with the first delivery failure rate monitoring threshold, when the calculated value reaches the first delivery failure rate monitoring threshold, the user is identified as a suspicious user.

对应于上述的短消息监控系统,本优选实施例还提供了一种短消息监控系统的架构。如图8所示的根据本发明优选实施例的短消息监控系统的架构示意图,该系统包括:Corresponding to the above short message monitoring system, this preferred embodiment also provides a short message monitoring system architecture. As shown in Figure 8, according to the schematic diagram of the structure of the short message monitoring system of the preferred embodiment of the present invention, the system includes:

控制台(人机交互界面)80,用于数据的配置以及用户信息的显示,即该控制台结合了如图7所示的短消息监控系统中的配置模块70和显示模块76的功能,在该控制台上,既可以进行数据的配置,如监控规则、首次下发失败率监控门限的配置,又可以将监控系统所监控到的可疑用户的用户信息进行显示。控制台的数据配置完成后,将同步给分析模块和数据库管理操作模块。Console (human-computer interaction interface) 80, is used for the configuration of data and the display of user information, promptly this console has combined the function of configuration module 70 and display module 76 in the short message monitoring system as shown in Figure 7, in On the console, you can configure data, such as monitoring rules and the configuration of the monitoring threshold for the failure rate of the first delivery, and display the user information of suspicious users monitored by the monitoring system. After the data configuration of the console is completed, it will be synchronized to the analysis module and the database management operation module.

分析模块82,其功能与如图7所示的短消息监控系统中的初步分析模块72的功能基本相同,用于负责接收短消息中心的消息,按照控制台配置的监控规则进行计数,当达到控制台配置的父规则-达到按流量监控的门限时,就将该用户的用户信息发送给数据库管理操作模块84进行插入数据库86操作,目的在于对用户信息进行记录。用户的短消息在一个时间粒度结束内把在该时间粒度被拦截用户在规则时长内发送的所有短消息发送给数据库管理操作模块,目的在于对所有短消息进行记录。Analysis module 82, its function is basically the same as the function of preliminary analysis module 72 in the short message monitoring system as shown in Figure 7, is used for being responsible for receiving the message of short message center, counts according to the monitoring rule of console configuration, when reaching When the parent rule configured by the console reaches the threshold of traffic monitoring, the user information of the user is sent to the database management operation module 84 to be inserted into the database 86 for the purpose of recording the user information. The user's short message sends all short messages sent by the intercepted user within the specified time period to the database management operation module within a time granularity, so as to record all short messages.

数据库管理操作模块86,该模块的功能与如图7所示的短消息监控系统中的后续分析模块74的功能基本相同,主要用于接收到分析模块82的数据后进行插入数据库86操作,并且进行后续分析,后续分析包括调用存储过程取出数据库86中该用户在一个规则时长内的发送的短消息和首次终呼失败次数进行计算,并判断首次终呼失败次数/所有短消息数是否达到首次下发失败率监控门限。Database management operation module 86, the function of this module is basically the same as the function of follow-up analysis module 74 in the short message monitoring system as shown in Figure 7, is mainly used for inserting database 86 operations after receiving the data of analysis module 82, and Carry out follow-up analysis, follow-up analysis includes calling the stored procedure to take out the short message that this user sends in the database 86 within a regular period of time and calculate the number of failures of the first call termination, and judge whether the number of failures of the first call failure/all short messages reaches the first time. Delivery failure rate monitoring threshold.

基于上述短消息监控系统及其架构,本优选实施例还提供了一种短消息监控方法。如图9所示的根据本发明优选实施例的短消息监控方法的流程图,该方法包括:Based on the above short message monitoring system and its architecture, this preferred embodiment also provides a short message monitoring method. As shown in Figure 9, according to the flow chart of the short message monitoring method of the preferred embodiment of the present invention, the method includes:

步骤S900,配置首次下发失败率监控门限、以及配置至少一条监控规则,其中,监控规则包括:规则时长内按流量监控的门限、规则时长和时间粒度,并且规则时长为时间粒度的整数倍。Step S900, configure the monitoring threshold for the failure rate of the first delivery, and configure at least one monitoring rule, wherein the monitoring rule includes: the threshold for traffic monitoring within the rule duration, rule duration and time granularity, and the rule duration is an integer multiple of the time granularity.

对于首次下发失败率监控门限而言,如果配置的监控规则为多条,对于不同的监控规则,按流量监控的门限、规则时长、时间粒度三项中的至少一项是不同的。例如,配置有两条不同的监控规则,其中一条监控规则配置的参数为:按流量监控的门限是100条短消息,规则时长是10分钟;另一条监控规则配置的参数为:按流量监控的门限是200条短消息,规则时长是15分钟。For the first delivery failure rate monitoring threshold, if multiple monitoring rules are configured, at least one of the three items of traffic monitoring threshold, rule duration, and time granularity is different for different monitoring rules. For example, two different monitoring rules are configured, and the parameters configured in one monitoring rule are: the threshold of monitoring by traffic is 100 short messages, and the rule duration is 10 minutes; the parameters configured in the other monitoring rule are: monitoring by traffic The threshold is 200 short messages, and the rule duration is 15 minutes.

步骤S902,从上述配置的至少一条监控规则中取出一条监控规则。取出的该条监控规则将为以下的计数过程提供依据。Step S902, extracting one monitoring rule from at least one monitoring rule configured above. The retrieved monitoring rule will provide the basis for the following counting process.

步骤S904,对用户发送的短消息数进行计数,并且实时判断在一个时间粒度内用户发送的短消息数是否达到规则时长内按流量监控的门限,如果是,则执行步骤S906;如果否,则结束。Step S904, counting the number of short messages sent by the user, and judging in real time whether the number of short messages sent by the user within a time granularity reaches the threshold of monitoring according to the flow rate in the regular time period, if yes, then perform step S906; if not, then Finish.

步骤S906,记录该用户的用户信息,并且在时间粒度结束内,记录粒度结束时间之前的规则时长内用户发送的所有短消息。Step S906, record the user information of the user, and record all short messages sent by the user within the regular time period before the end of the time granularity within the end of the time granularity.

具体地,可以通过将用户信息利用数据库管理模块插入数据库的方式来完成用户信息的记录;同样可以通过将所有短消息利用数据库管理模块插入数据库的方式来完成短消息的记录。Specifically, the recording of user information can be completed by inserting user information into the database using the database management module; similarly, the recording of short messages can be completed by inserting all short messages into the database using the database management module.

该过程可以认为是前述复合流量监控中的单纯流量监控,即只是判断用户在规则时长内发送的短消息数是否达到了按流量监控的门限。在该过程中,所有用户的计数过程都是在流量计数内存库中进行的,即流量内存库中保存有用户的计数记录,所以,在计数之前,要对用户的计数记录进行初始化设置,如果流量计数内存库中不存在该用户的计数记录,在初始化设置之前还需要在该流量计数内存库中生成一条该用户的计数记录,用于之后对该用户发送的短消息数进行计数。This process can be regarded as the simple flow monitoring in the above-mentioned composite flow monitoring, that is, it is only judged whether the number of short messages sent by the user within the specified time reaches the threshold of flow monitoring. In this process, the counting process of all users is carried out in the flow counting memory bank, that is, the counting records of users are stored in the flow memory bank, so before counting, the user's counting records should be initialized, if There is no counting record of the user in the traffic counting memory bank, and a counting record of the user needs to be generated in the traffic counting memory bank before the initialization setting, which is used to count the number of short messages sent by the user later.

步骤S908,对记录的首次终呼失败次数/所有短消息数进行计算,当计算得到的值达到与首次下发失败率监控门限时,将该用户标识为可疑用户。Step S908, calculate the recorded number of failed first call terminations/number of all short messages, and when the calculated value reaches the monitoring threshold for the failure rate of the first delivery, identify the user as a suspicious user.

该过程可以认为是后续监控,即在单纯流量监控的基础上,再对已在规则时长内监控到的短消息进行首次下发失败率监控。This process can be regarded as follow-up monitoring, that is, on the basis of simple traffic monitoring, the failure rate of the first delivery of short messages that have been monitored within the specified time period is monitored.

步骤S910,显示上述可疑用户的用户信息。对于可疑用户,其发送短消息的行为将会受到限制,并且该可疑用户的用户信息会被显示出来。Step S910, displaying the user information of the above-mentioned suspicious user. For suspicious users, their behavior of sending short messages will be restricted, and the user information of the suspicious users will be displayed.

该优选实施例在按流量监控的基础上,引入了后续的首次下发失败率监控,因此配置较低流量门限时,既可以限制长时间的以较低频率持续发送垃圾短信的行为,又可以避免误监控的出现,同时提高查全率和查准率,进而可以更全面的捕获可疑用户。On the basis of flow monitoring, this preferred embodiment introduces subsequent first delivery failure rate monitoring, so when a lower flow threshold is configured, it can limit the behavior of continuously sending spam messages at a lower frequency for a long time, and can also Avoid false monitoring, improve recall and precision, and capture suspicious users more comprehensively.

从上述的短消息监控方法的步骤S900可以看出,配置的监控规则可以为多条。配置了多条监控规则时,将基于各监控规则分别对用户发送的短消息进行计数。对于存在多条监控规则的情况,该短消息监控方法对某个用户进行流量计数的过程,将在以下结合图10做进一步的描述。It can be seen from step S900 of the above short message monitoring method that there may be multiple monitoring rules configured. When multiple monitoring rules are configured, the short messages sent by users will be counted based on each monitoring rule. For the case where there are multiple monitoring rules, the process of counting the traffic of a certain user in the short message monitoring method will be further described below in conjunction with FIG. 10 .

如图10所示的根据本发明优选实施例的基于多条监控规则对用户发送的短消息进行计数的流程图,当存在多条监控规则时,对用户发送的短消息进行计数的过程包括:As shown in Figure 10, according to the flowchart of counting the short messages sent by users based on multiple monitoring rules according to the preferred embodiment of the present invention, when there are multiple monitoring rules, the process of counting the short messages sent by users includes:

步骤S1002,从短消息中心获取短消息受控结构体,根据该短消息受控结构体解析出起呼用户号码;Step S1002, obtaining the short message controlled structure from the short message center, and analyzing the originating user number according to the short message controlled structure;

步骤S1004,分析模块从多条监控规则中取出一条监控规则;Step S1004, the analyzing module takes out one monitoring rule from the multiple monitoring rules;

步骤S1006,基于监控规则对该起呼用户发送的短消息进行计数,即在该起呼用户该时间粒度的该监控规则的计数数值加一(正常情况下计数器没有溢出);Step S1006, counting the short messages sent by the calling user based on the monitoring rule, that is, adding one to the counting value of the monitoring rule at the time granularity of the calling user (the counter does not overflow under normal circumstances);

步骤S1008,判断短消息计数数值是否达到按流量监控的门限,如果达到,则继续执行步骤S1010,如果未达到,则继续执行步骤S1012;Step S1008, judging whether the short message count value reaches the threshold of traffic monitoring, if so, proceed to step S1010, if not, proceed to step S1012;

步骤S1010,记录该起呼用户的用户号码,并且在该时间粒度结束内,记录粒度结束时间之前的规则时长内用户发送的所有短消息,具体可以采取将该用户号码以及所有短消息发送给数据库管理操作模块由其完成插入数据库操作的方式来实现;Step S1010, record the user number of the user who made the call, and record all short messages sent by the user within the regular time period before the end of the time granularity within the end of the time granularity. Specifically, the user number and all short messages can be sent to the database The management operation module is realized by the way it completes the operation of inserting into the database;

步骤S1012,判断是否存在其他监控规则,如果是,则返回到步骤S1004。Step S1012, judging whether there are other monitoring rules, if yes, return to step S1004.

通过该优选实施例,实现了在按流量监控的过程中,可以配置多条监控规则对用户发送的短消息进行监控,这样就有效地提高了监控的力度。Through this preferred embodiment, it is realized that in the process of traffic monitoring, multiple monitoring rules can be configured to monitor the short messages sent by users, thus effectively improving the intensity of monitoring.

从前面的描述可以知道,后续监控包括的监控类型有多种,可以为按内容长度一致性监控、按关键字频次监控、按号码连续性监控等。所以,下面将以监控类型为按首次下发失败率监控为例,对短消息监控方法做进一步的描述,该方法包括:It can be known from the foregoing description that follow-up monitoring includes various types of monitoring, such as monitoring by content length consistency, keyword frequency monitoring, and number continuity monitoring. Therefore, the following will take the monitoring type as monitoring based on the failure rate of the first delivery as an example to further describe the short message monitoring method, which includes:

步骤1,首先,在短消息监控的人机交互界面上进行监控规则的配置,包括配置父规则-按流量监控的门限,即当某一号码在规则时长内发送的短消息达到该值后才进行后续监控;接着配置子规则-首次下发失败率监控门限。配置完成后,将配置好的上述参数同步给分析模块和数据库管理操作模块。Step 1. First, configure the monitoring rules on the human-computer interaction interface of short message monitoring, including configuring the parent rule-the threshold of traffic monitoring, that is, when the short message sent by a certain number within the rule duration reaches this value, the Perform follow-up monitoring; then configure the sub-rule - the first delivery failure rate monitoring threshold. After the configuration is completed, the configured above parameters are synchronized to the analysis module and the database management operation module.

步骤2,对流量计数内存库中用户的计数记录进行初始化设置,如果存在不同的监控规则,基于每个规则进行计数的计数记录都要进行初始化设置,当然,如果流量计数内存库中不存在该用户的计数记录,则要在初始化之前在流量计数内存库中生成一条该用户的计数记录。Step 2. Initialize the counting records of users in the traffic counting memory bank. If there are different monitoring rules, the counting records counted based on each rule must be initialized. Of course, if the traffic counting memory does not exist in the User’s counting record, a counting record of the user should be generated in the traffic counting memory bank before initialization.

步骤3,获取待监控的短信受控结构体,在该结构体中必须包含起呼用户号码、消息体、首次终呼是否失败等用户信息。Step 3: Obtain the controlled structure of the short message to be monitored, which must contain user information such as the calling user number, message body, and whether the first call fails.

步骤4,根据获取的短信受控结构体,解析出起呼用户号码,并且在时间粒度内在流量计数内存库中基于各监控规则针对该起呼用户号码进行计数。Step 4: According to the obtained controlled structure of the short message, the number of the calling party is analyzed, and the number of the calling party is counted in the traffic counting memory base based on each monitoring rule within the time granularity.

步骤5,当在一个时间粒度内,流量计数内存库中的计数值达到子规则-首次下发失败率监控门限的父规则-按流量监控的门限后,即把该用户的用户信息发送给数据库管理操作模块进行物理数据库入库,目的在于记录该用户的用户信息。Step 5, when within a time granularity, the count value in the traffic counting memory bank reaches the subrule - the parent rule of the first delivery failure rate monitoring threshold - the threshold of traffic monitoring, the user information of the user is sent to the database The management operation module stores the physical database for the purpose of recording the user information of the user.

步骤6,当到达步骤5上述的粒度结束时间内,将该粒度结束时间之前的规则时长内用户发送的所有短消息进行记录,即将该用户在该粒度结束时间和该粒度结束时间向前倒退一个规则时长的时间范围内即一个规则时长内发送的所有短消息通知数据库管理操作模块,数据库管理操作模块会将所有短消息插入数据库。Step 6, when the granularity end time mentioned above in step 5 is reached, record all the short messages sent by the user within the regular duration before the granularity end time, that is, the user will move forward one step between the granularity end time and the granularity end time All short messages sent within the time range of the regular duration, that is, within a regular duration, notify the database management operation module, and the database management operation module inserts all short messages into the database.

步骤7,数据库管理操作模块调用存储过程取出物理数据库中该用户在一个规则时长内发送的所有短消息进行计算,对于首次下发失败率监控而言,此处需要分别对所有短消息进行求和、首次终呼失败次数进行求和计算,并且判断首次终呼失败次数/所有短消息数得到的值是否达到首次下发失败率监控门限,如果达到则将该用户标识为可疑用户,并且将该可疑用户的用户信息发送给显示模块进行显示,其发送短消息的行为将会受到限制。如果未达到,则表明相应用户不是可疑用户,不会对其发送短消息的行为进行限制。Step 7, the database management operation module calls the stored procedure to take out all the short messages sent by the user within a regular time period in the physical database for calculation. For the monitoring of the failure rate of the first delivery, it is necessary to sum all the short messages separately , The number of times of first-time call-out failures is summed, and it is judged whether the value obtained from the number of times of first-time call-out failures/the number of all short messages reaches the monitoring threshold for the failure rate of the first delivery. If so, the user is identified as a suspicious user, and the The user information of the suspicious user is sent to the display module for display, and his behavior of sending short messages will be restricted. If not, it indicates that the corresponding user is not a suspicious user, and the behavior of sending short messages will not be restricted.

该优选实施例中所涉及的首次下发失败率监控是复合流量监控中的后续监控,其不仅适用于监控类型为首次下发失败率的监控,同样适用于监控类型为按内容长度一致性监控、按关键字频次监控、按号码连续性监控等其他复合流量监控,在此我们不再一一进行描述。The first delivery failure rate monitoring involved in this preferred embodiment is the follow-up monitoring in composite traffic monitoring, which is not only applicable to the monitoring type of the first delivery failure rate, but also applicable to the monitoring type of content length consistency monitoring , monitoring by keyword frequency, monitoring by number continuity and other composite traffic monitoring, we will not describe them one by one here.

从以上的描述中可以看出,本发明实现了如下技术效果:引入对用户短消息首次下发失败情况的判断,可以针对群发,被叫号码中可能存在一部分无效号码(停机、无此号码等)的特征进行有效地监控,如果终呼失败比例较高,则认为有发垃圾短信的嫌疑。由于首次下发失败率监控是在流量监控筛选的基础上进行的,因此配置较低流量门限时,既可以限制长时间的以较低频率持续发送垃圾短信的行为,又可以避免误监控的出现,同时提高查全率和查准率,进而提高系统的可靠性。As can be seen from the above description, the present invention has achieved the following technical effects: the introduction of the judgment of the first delivery failure of the user's short message can be aimed at group sending, and there may be some invalid numbers (shutdown, no such number, etc.) in the called number. ) features are effectively monitored, and if the proportion of final call failures is high, it is considered that there is a suspicion of sending spam messages. Since the first delivery failure rate monitoring is based on traffic monitoring and screening, when configuring a lower traffic threshold, it can not only limit the behavior of sending spam messages at a lower frequency for a long time, but also avoid false monitoring. , while improving the recall rate and precision rate, thereby improving the reliability of the system.

综上所述可以看出,本实施例通过在流量监控的基础上结合首发失败率的监控,解决了相关技术中捕获可疑用户的策略过于简单,查全率和查准率存在矛盾的问题,提高了短消息监控系统的整体性能。To sum up, it can be seen that this embodiment solves the problem that the strategy for capturing suspicious users in related technologies is too simple and the recall rate and precision rate are contradictory by combining the monitoring of the initial failure rate on the basis of traffic monitoring. Improve the overall performance of the short message monitoring system.

显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that each module or each step of the above-mentioned present invention can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed in a network formed by multiple computing devices Alternatively, they may be implemented in program code executable by a computing device so that they may be stored in a storage device to be executed by a computing device, and in some cases in an order different from that shown here The steps shown or described are carried out, or they are separately fabricated into individual integrated circuit modules, or multiple modules or steps among them are fabricated into a single integrated circuit module for implementation. As such, the present invention is not limited to any specific combination of hardware and software.

以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (11)

1.一种用户身份的确定方法,其特征在于,包括:1. A method for determining user identity, comprising: 统计规则时长内用户发送的短消息个数是否满足流量门限;Whether the number of short messages sent by users within the duration of the statistical rule meets the traffic threshold; 如果是,统计所述规则时长内所述用户首次下发短消息的失败率;If yes, count the failure rate of the first short message sent by the user in the rule duration; 如果所述失败率满足比值监控门限,确定所述用户为黑名单用户。If the failure rate meets the ratio monitoring threshold, it is determined that the user is a blacklist user. 2.根据权利要求1所述的方法,其特征在于,统计规则时长内用户发送的短消息个数是否满足流量门限之前,所述方法还包括:2. method according to claim 1, it is characterized in that, before the number of short messages sent by the user in the statistical rule duration meets the traffic threshold, the method also includes: 配置首次下发失败率的比值监控门限和至少一条监控规则;其中,所述监控规则包括规则时长、时间粒度和所述规则时长内按流量监控的流量门限,所述规则时长为所述时间粒度的整数倍。Configure the ratio monitoring threshold of the failure rate of the first delivery and at least one monitoring rule; wherein, the monitoring rule includes a rule duration, a time granularity, and a traffic threshold monitored by traffic within the rule duration, and the rule duration is the time granularity Integer multiples of . 3.根据权利要求2所述的方法,其特征在于,统计规则时长内用户发送的短消息个数是否满足流量门限包括:3. The method according to claim 2, characterized in that whether the number of short messages sent by the user in the statistical rule duration meets the traffic threshold comprises: 当配置多条监控规则时,基于配置的各个监控规则分别对用户发送的短消息进行计数统计。When multiple monitoring rules are configured, the short messages sent by the user are counted and counted based on each configured monitoring rule. 4.根据权利要求3所述的方法,其特征在于,基于配置的各个监控规则分别对用户发送的短消息进行计数统计包括:4. method according to claim 3, it is characterized in that, based on each monitoring rule of configuration, counting the short message sent by user respectively comprises: 逐一从所述多个监控规则中选取一个监控规则;selecting a monitoring rule from the plurality of monitoring rules one by one; 以时间粒度为单位,对选取的所述监控规则的规则时长内用户发送的短消息个数进行计数;Taking time granularity as the unit, counting the number of short messages sent by the user within the rule duration of the selected monitoring rule; 如果当前时间粒度内所述用户的计数达到所述流量门限,则确定所述规则时长内所述用户的短消息个数满足流量门限;If the count of the user in the current time granularity reaches the traffic threshold, then determine that the number of short messages of the user in the rule duration satisfies the traffic threshold; 继续选取下一个监控规则进行计数,直至所述多个监控规则选取完毕。Continue to select the next monitoring rule for counting until the multiple monitoring rules are selected. 5.根据权利要求1所述的方法,其特征在于,统计所述规则时长内所述用户首次下发短消息的失败率包括:5. The method according to claim 1, characterized in that, counting the failure rate of the first short message sent by the user within the rule duration comprises: 对所述用户在所述规则时长内发送的所有短消息数进行计算;Calculate the number of all short messages sent by the user within the rule duration; 对所述用户在所述规则时长内所有首次下发短消息失败的次数进行计算;Calculate the number of times that the user fails to send short messages for the first time within the rule duration; 计算所述首次下发短消息失败的次数与所述所有短消息数的比值,将所述比值作为所述规则时长内所述用户首次下发短消息的失败率。Calculate the ratio of the number of times of failure to send short messages for the first time to the number of all short messages, and use the ratio as the failure rate of the user's first delivery of short messages within the regular time period. 6.根据权利要求1-5任一项所述的方法,其特征在于,如果所述失败率不满足比值监控门限,所述方法还包括:6. The method according to any one of claims 1-5, wherein if the failure rate does not meet the ratio monitoring threshold, the method further comprises: 获取所述规则时长内所述用户发送的短消息的关联信息,其中,所述关联信息至少包括以下之一:起呼频次、内容长度一致率、关键字出现频率和目的号码连续率;其中,所述起呼频次、所述内容长度一致率、所述关键字出现频率和所述目的号码连续率分别配置有一个关联门限;Obtaining the associated information of the short message sent by the user within the specified duration, wherein the associated information includes at least one of the following: call frequency, content length consistency rate, keyword occurrence frequency, and destination number continuity rate; wherein, The calling frequency, the content length consistency rate, the keyword occurrence frequency and the destination number continuity rate are respectively configured with an associated threshold; 如果所述关联信息中有一个满足对应的关联门限,确定所述用户为黑名单用户。If any of the association information satisfies a corresponding association threshold, it is determined that the user is a blacklist user. 7.一种用户身份的确定装置,其特征在于,包括:7. A device for determining a user identity, comprising: 流量统计模块,用于统计规则时长内用户发送的短消息个数是否满足流量门限;The traffic statistics module is used to count whether the number of short messages sent by users within the rule period meets the traffic threshold; 失败率统计模块,用于如果所述流量统计模块统计的结果为所述短消息个数满足所述流量门限,统计所述规则时长内所述用户首次下发短消息的失败率;A failure rate statistics module, used to count the failure rate of the first short message sent by the user within the rule duration if the statistics result of the traffic statistics module is that the number of short messages satisfies the traffic threshold; 身份确定模块,用于如果所述失败率统计模块统计的结构为所述失败率满足所述比值监控门限,确定所述用户为黑名单用户。The identity determination module is configured to determine that the user is a blacklist user if the failure rate statistical module counts the structure that the failure rate meets the ratio monitoring threshold. 8.根据权利要求7所述的装置,其特征在于,所述装置还包括:8. The device according to claim 7, further comprising: 配置模块,用于配置首次下发失败率的比值监控门限和至少一条监控规则;其中,所述监控规则包括规则时长、时间粒度和所述规则时长内按流量监控的流量门限,所述规则时长为所述时间粒度的整数倍。A configuration module, configured to configure the ratio monitoring threshold of the failure rate of the first delivery and at least one monitoring rule; wherein, the monitoring rule includes a rule duration, a time granularity, and a traffic threshold monitored by traffic within the rule duration, and the rule duration It is an integer multiple of the time granularity. 9.根据权利要求8所述的装置,其特征在于,所述流量统计模块包括:9. The device according to claim 8, wherein the traffic statistics module comprises: 流量统计单元,用于当所述配置模块配置多条监控规则时,基于配置的各个监控规则分别对用户发送的短消息进行计数统计。The traffic statistics unit is used for counting and counting the short messages sent by the user based on each configured monitoring rule when the configuration module configures multiple monitoring rules. 10.根据权利要求7所述的装置,其特征在于,所述失败率统计模块包括:10. The device according to claim 7, wherein the failure rate statistics module comprises: 短消息数计算单元,用于对所述用户在所述规则时长内发送的所有短消息数进行计算;A short message number calculation unit, configured to calculate the number of all short messages sent by the user within the regular time period; 失败次数计算单元,用于对所述用户在所述规则时长内所有首次下发短消息失败的次数进行计算;The number of failure calculation unit is used to calculate the number of times that the user fails to send short messages for the first time within the rule duration; 失败率计算单元,用于计算所述失败次数计算单元计算的所述首次下发短消息失败的次数与所述短消息数计算单元计算的所述所有短消息数的比值,将所述比值作为所述规则时长内所述用户首次下发短消息的失败率。A failure rate calculation unit, configured to calculate the ratio of the number of failed short messages delivered for the first time calculated by the failure times calculation unit to the number of all short messages calculated by the number of short messages calculation unit, and use the ratio as The failure rate of the user sending a short message for the first time within the rule duration. 11.根据权利要求7-10任一项所述的装置,其特征在于,所述装置还包括:11. The device according to any one of claims 7-10, wherein the device further comprises: 关联信息获取模块,用于如果所述失败率统计模块统计的所述失败率不满足比值监控门限,获取所述规则时长内所述用户发送的短消息的关联信息,其中,所述关联信息至少包括以下之一:起呼频次、内容长度一致率、关键字出现频率和目的号码连续率;其中,所述起呼频次、所述内容长度一致率、所述关键字出现频率和所述目的号码连续率分别配置有一个关联门限;An associated information acquisition module, configured to obtain associated information of short messages sent by the user within the rule duration if the failure rate counted by the failure rate statistics module does not meet the ratio monitoring threshold, wherein the associated information is at least Including one of the following: call frequency, content length consistency rate, keyword appearance frequency and destination number continuity rate; wherein, the call origination frequency, the content length consistency rate, the keyword appearance frequency and the destination number The continuity rate is configured with an associated threshold respectively; 身份再次确认模块,用于如果所述关联信息获取模块获取的所述关联信息中有一个满足对应的关联门限,确定所述用户为黑名单用户。An identity reconfirmation module, configured to determine that the user is a blacklisted user if one of the associated information obtained by the associated information obtaining module satisfies a corresponding associated threshold.
CN2011103780497A 2011-11-24 2011-11-24 Method and device for determining user identity Pending CN102378180A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2011103780497A CN102378180A (en) 2011-11-24 2011-11-24 Method and device for determining user identity
PCT/CN2012/074640 WO2013075462A1 (en) 2011-11-24 2012-04-25 User identity determination method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011103780497A CN102378180A (en) 2011-11-24 2011-11-24 Method and device for determining user identity

Publications (1)

Publication Number Publication Date
CN102378180A true CN102378180A (en) 2012-03-14

Family

ID=45796002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011103780497A Pending CN102378180A (en) 2011-11-24 2011-11-24 Method and device for determining user identity

Country Status (2)

Country Link
CN (1) CN102378180A (en)
WO (1) WO2013075462A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013075462A1 (en) * 2011-11-24 2013-05-30 中兴通讯股份有限公司 User identity determination method and device
CN103634797A (en) * 2013-12-06 2014-03-12 中国联合网络通信集团有限公司 Method and device for recognizing spam short messages

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105512094B (en) * 2015-12-04 2019-07-02 小米科技有限责任公司 Abnormal message template determines method and device
CN115865429A (en) * 2022-11-16 2023-03-28 招联消费金融有限公司 Access control method, device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140117A1 (en) * 2005-12-15 2007-06-21 Yahoo! Inc. Tracking and blocking of spam directed to clipping services
CN101043656A (en) * 2007-04-29 2007-09-26 中兴通讯股份有限公司 Method and system for monitoring suspicious user of rubbish SMS
CN101321070A (en) * 2008-07-16 2008-12-10 中兴通讯股份有限公司 System and method for monitoring suspicious users
CN101702801A (en) * 2009-10-30 2010-05-05 中兴通讯股份有限公司 Short message monitoring method and system
CN102231888A (en) * 2011-06-24 2011-11-02 中兴通讯股份有限公司 Monitoring method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378180A (en) * 2011-11-24 2012-03-14 中兴通讯股份有限公司 Method and device for determining user identity

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140117A1 (en) * 2005-12-15 2007-06-21 Yahoo! Inc. Tracking and blocking of spam directed to clipping services
CN101043656A (en) * 2007-04-29 2007-09-26 中兴通讯股份有限公司 Method and system for monitoring suspicious user of rubbish SMS
CN101321070A (en) * 2008-07-16 2008-12-10 中兴通讯股份有限公司 System and method for monitoring suspicious users
CN101702801A (en) * 2009-10-30 2010-05-05 中兴通讯股份有限公司 Short message monitoring method and system
CN102231888A (en) * 2011-06-24 2011-11-02 中兴通讯股份有限公司 Monitoring method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013075462A1 (en) * 2011-11-24 2013-05-30 中兴通讯股份有限公司 User identity determination method and device
CN103634797A (en) * 2013-12-06 2014-03-12 中国联合网络通信集团有限公司 Method and device for recognizing spam short messages

Also Published As

Publication number Publication date
WO2013075462A1 (en) 2013-05-30

Similar Documents

Publication Publication Date Title
CN100479572C (en) Method and system for monitoring suspicious user of rubbish SMS
EP3644260A1 (en) System architecture for fraud detection
GB2594107A (en) Network analytics
CN109327627A (en) Telephone number recognition methods, device and storage medium based on block chain
CN109756528B (en) Frequency control method and device, equipment, storage medium and server
CN110610376A (en) Behavior data response method and device, computer equipment and storage medium
CN101702801A (en) Short message monitoring method and system
WO2011076984A1 (en) Apparatus, method and computer-readable storage medium for determining application protocol elements as different types of lawful interception content
CN101321070B (en) Monitoring system and method for suspicious user
CN103888919A (en) Short message monitoring method and device thereof
CN104683313A (en) Multimedia business processing device, multimedia business processing method and multimedia business processing system
WO2016197646A1 (en) Method and device for monitoring crank call
CN102231888A (en) Monitoring method and device
CN106686265A (en) Service providing method and device based on communication records
CN101635894A (en) Monitoring system, monitoring method and information transmission method for junk information
CN102378180A (en) Method and device for determining user identity
CN107306200B (en) Network fault early warning method and gateway for network fault early warning
CN111314124B (en) Network problem analysis method, device, equipment and storage medium for high-speed rail network
CN107682316B (en) Method for generating dynamic password sending strategy and method for sending dynamic password
CN102905236B (en) A kind of junk short message monitoring method, Apparatus and system
CN103686833A (en) Mobile network voice quality assessment method and device
CN112954667B (en) Detection method and device for hotspot mobile terminal, computer equipment and storage medium
CN101827328A (en) Device and method for monitoring short-message
KR100996709B1 (en) IP application spam blocking device and method
CN101340693B (en) System and implementing method for monitoring rubbish short message based on content length

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120314