CN106791220B - Method and system for preventing telephone fraud - Google Patents

Method and system for preventing telephone fraud Download PDF

Info

Publication number
CN106791220B
CN106791220B CN201611082262.2A CN201611082262A CN106791220B CN 106791220 B CN106791220 B CN 106791220B CN 201611082262 A CN201611082262 A CN 201611082262A CN 106791220 B CN106791220 B CN 106791220B
Authority
CN
China
Prior art keywords
call
fraud
ticket
real
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611082262.2A
Other languages
Chinese (zh)
Other versions
CN106791220A (en
Inventor
万辛
李鹏
张震
安茂波
刘振业
侯伟
高圣翔
黄远
杨晶超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Publication of CN106791220A publication Critical patent/CN106791220A/en
Application granted granted Critical
Publication of CN106791220B publication Critical patent/CN106791220B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M11/00Telephonic communication systems specially adapted for combination with other electrical systems
    • H04M11/04Telephonic communication systems specially adapted for combination with other electrical systems with alarm systems, e.g. fire, police or burglar alarm systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Technology Law (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The invention discloses a method and a system for preventing telephone fraud, wherein the method comprises the following steps: acquiring a real-time ticket; extracting the number characteristics and/or behavior characteristics of the real-time call ticket; analyzing the number characteristics and/or behavior characteristics of the real-time call bill according to a preset fraud call identification model to determine whether the call behavior corresponding to the real-time call bill is a fraud call; and if the communication behavior corresponding to the real-time call ticket is a fraud call, sending an alarm prompt to the called number in the real-time call ticket, and sending the fraud call identification result to a third-party management system. The method and the system can accurately position the fraud calls, timely know the occurrence of the fraud calls, and timely send the alarm prompt to the called numbers corresponding to the fraud calls, thereby effectively improving the prevention and control capability of the user on harassment and fraud calls.

Description

Method and system for preventing telephone fraud
Technical Field
The present invention relates to the field of mobile communications technologies, and in particular, to a method and a system for preventing phone fraud.
Background
With the continuous development of mobile communication technology, mobile terminals such as mobile phones, IPADs, etc. are becoming more and more popular. However, the mobile communication technology brings convenience to life of people and crime activities, and particularly crime activities such as phone fraud are rampant increasingly.
At present, telephone fraud measures are more and more, people are made to be defenseless, and especially old people are easier to be cheated. Especially, in recent years, fraud modes using telephones have a tendency of outbreak, are wide in cheating range and huge in money amount, and communication fraud becomes a huge user pain point, thereby causing great influence on life of people.
At present, the mainstream fraud telephone fraud mode mainly adopts counterfeit public inspection, counterfeit electric company customer service, counterfeit bank, counterfeit operator, counterfeit social protection department, counterfeit bank, counterfeit airline company, counterfeit leader and acquaintance and the like, aiming at the criminal activities of the telephone fraud, the fraud mode is disclosed mainly through social propaganda, and people are helped to subjectively judge the authenticity of the telephone fraud information; in addition, the fraud telephone numbers are simply analyzed from the numbers, marked and shared and spread through media and other means, so that people are prevented from being cheated again, and the purpose of protecting the property safety of people is achieved.
The prior art has the following defects: firstly, social propaganda is inevitable in places where propaganda cannot be achieved, and meanwhile, the groups such as the old and the like are difficult to distinguish by depending on subjective judgment; secondly, the telephone number is marked, and the telephone number is simply analyzed from the number, so that the winning rate is very low, and the precaution effect cannot meet the requirements.
Disclosure of Invention
In view of the above problems, the present invention has been made to provide a method and system for preventing telephone fraud, which overcome the above problems or at least partially solve the above problems, and effectively improve the user's ability to prevent and control harassing and fraudulent calls.
In one aspect of the present invention, there is provided a method of preventing phone fraud, comprising:
acquiring a real-time ticket;
extracting the number characteristics and/or behavior characteristics of the real-time call ticket;
analyzing the number characteristics and/or behavior characteristics of the real-time call bill according to a preset fraud call identification model to determine whether the call behavior corresponding to the real-time call bill is a fraud call;
and if the communication behavior corresponding to the real-time call ticket is a fraud call, sending an alarm prompt to the called number in the real-time call ticket, and sending the fraud call identification result to a third-party management system.
Optionally, the method further comprises:
the method comprises the steps that a historical ticket in a preset time period is obtained in advance, wherein the historical ticket comprises a fraud call;
judging whether the call behavior corresponding to each historical ticket is a fraud call or not according to a preset malicious number library;
extracting the number characteristics and behavior characteristics of each historical ticket;
and taking the number characteristic and the behavior characteristic of each historical ticket and the conversation behavior type corresponding to the historical ticket as training data, and training the training data to obtain the fraud call identification model.
Optionally, after confirming that the conversation behavior corresponding to the real-time ticket is a fraud call, the method further includes:
and extracting OPC information carried in the real-time ticket, and tracing the source of the calling number of the fraud telephone according to the OPC information.
Optionally, after confirming that the conversation behavior corresponding to the real-time ticket is a fraud call, the method further includes:
obtaining a call ticket of historical call between a called number and a calling number in the real-time call ticket;
calculating the total call frequency and the call frequency of the called number and the calling number in the real-time call ticket according to the call ticket of the historical call between the called number and the calling number;
and determining danger level information corresponding to the conversation behavior corresponding to the real-time call bill according to the total conversation frequency and the conversation frequency.
Optionally, the alarm prompt includes danger level information corresponding to a call behavior corresponding to the real-time ticket.
Optionally, before extracting the number feature and/or the behavior feature of the real-time ticket, the method further includes:
judging whether the conversation behavior corresponding to the real-time call ticket meets a preset abnormal conversation behavior judgment strategy or not;
and if the conversation behavior corresponding to the real-time call ticket is determined to be abnormal conversation, adding the calling number in the real-time call ticket to the malicious number library, and intercepting the incoming call information of the calling number.
Optionally, the method further comprises:
optimally adjusting the fraud telephone identification model.
In another aspect of the present invention, there is provided a system for preventing telephone fraud, comprising:
the acquisition module is used for acquiring a real-time ticket;
the extraction module is used for extracting the number characteristics and/or the behavior characteristics of the real-time call ticket;
the recognition module is used for analyzing the number characteristics and/or the behavior characteristics of the real-time call bill according to a preset fraud call recognition model so as to determine whether the call behavior corresponding to the real-time call bill is a fraud call;
and the execution module is used for sending an alarm prompt to the called number in the real-time call ticket and sending the identification result of the fraud call to a third-party management system when the communication behavior corresponding to the real-time call ticket is a fraud call.
Optionally, the obtaining module is further configured to obtain a history ticket within a preset time period in advance, where the history ticket includes a fraud call;
the extraction module is also used for extracting the number characteristics and the behavior characteristics of each historical ticket;
the system further comprises:
the judging module is used for judging whether the conversation behavior corresponding to each historical ticket is a fraud call or not according to a preset malicious number library;
and the model training module is used for training the training data by taking the number characteristics and the behavior characteristics of each historical ticket and the conversation behavior type corresponding to the historical ticket as training data to obtain the fraud telephone recognition model.
Optionally, the execution module is further configured to extract OPC information carried in the real-time ticket after confirming that the call behavior corresponding to the real-time ticket is a fraud call, and trace back a source of a calling number of the fraud call according to the OPC information.
The method and the system for preventing telephone fraud, provided by the embodiment of the invention, carry out deep analysis on the occurred fraud event to obtain the number characteristic and/or the behavior characteristic, analyze the real-time call bill based on the number characteristic and/or the behavior characteristic of the real-time call bill to determine whether the call behavior corresponding to the real-time call bill is a fraud call, and send an alarm prompt to the called number in the real-time call bill and send the identification result of the fraud call to a third-party management system when the call behavior corresponding to the real-time call bill is confirmed to be a fraud call. The method and the system can accurately position the fraud calls, timely know the occurrence of the fraud calls, and timely send the alarm prompt to the called numbers corresponding to the fraud calls, thereby effectively improving the prevention and control capability of the user on harassment and fraud calls.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart of a method of preventing telephone fraud according to an embodiment of the present invention;
FIG. 2 is a schematic view illustrating an actual business process flow of a method for preventing telephone fraud according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method of preventing telephone fraud according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a system for preventing telephone fraud according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of another system for preventing telephone fraud according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The method for preventing telephone fraud provided by the embodiment of the invention mainly adopts a characteristic + behavior big data analysis method to carry out association and modeling analysis on call tickets, finds out suspected fraud behaviors including suspected fraud numbers, suspected victim user numbers, abnormal call sequences and the like, and can early warn suspected victim users in a short message and telephone mode on the engine analysis result to avoid property loss of the users; and the fraud techniques of the fraud participants are analyzed through the abnormal conversation sequence, reference is provided for the optimization of an analysis model, and guidance of an interception strategy is provided for a fraud call interception system. The technical scheme of the embodiment of the invention solves the problems of multiple current fraud means and variable telephone operation and numbers, solves the interception limitation, and is a good supplement to the interception and shutdown modes of fraud numbers; the scheme is wide in coverage monitoring range as long as users in provinces are in the monitoring range; the call type is not distinguished, whether the call is a normal voice call or a recording call is not distinguished, and the coverage call scene is wide; meanwhile, a working mechanism that telecommunication fraud is attacked by the combination of a communication management bureau, an operator and public security is realized.
The main implementation principle, the specific implementation mode and the corresponding beneficial effects of the technical scheme of the embodiment of the invention are explained in detail with reference to the accompanying drawings.
FIG. 1 schematically shows a flow chart of a method of preventing telephone fraud in accordance with an embodiment of the present invention.
Referring to fig. 1, the method for preventing telephone fraud according to the embodiment of the present invention specifically includes the following steps:
and step S11, acquiring a real-time ticket.
The Call ticket refers to original communication Record information, and may also be referred to as a detailed list or CDR (Call Detail Record). Taking a fixed telephone as an example, the call ticket mainly records the following information, such as serial number, user identification, calling number, called number, starting time, ending time, call duration, call property, charge rate, discount and the like. For the mobile phone, besides the call records similar to the above, the information recorded in the call ticket also includes SMS, MMS, Wap, GPRS, etc., and the recording format is similar to the above-mentioned call ticket.
And step S12, extracting the number characteristics and/or behavior characteristics of the real-time call ticket.
And step S13, analyzing the number characteristics and/or behavior characteristics of the real-time call ticket according to a preset fraud call identification model to determine whether the call behavior corresponding to the real-time call ticket is a fraud call.
In this embodiment, the fraud call recognition model may be analyzed by using algorithms such as cluster analysis, random forest, gradient decision tree, and the like. The model is composed of number features and/or behavior features, wherein the number features comprise feature data, fraud types, and the behavior features comprise number behavior analysis, number activity features, number social networks, behavior event streams, regions and the like. The characteristic data refers to the characteristics of the number, including a blacklist, a public inspection number, a customer service number and the like; the number behavior analysis is two-level number behavior analysis basic data of establishing call basic data and statistical analysis data. The fraud phone identification model in the embodiment of the invention is a multi-dimensional building big data analysis model based on fraud types, number behavior characteristics, number activity characteristics, number social networks, behavior event streams, regions and the like.
Fraud-type based conversational analysis: mainly aiming at different fraud types, carrying out fraud type modeling, wherein the fraud types specifically comprise: counterfeit public inspection, counterfeit leaders and acquaintances, counterfeit e-commerce customer service, counterfeit banks, counterfeit operators, counterfeit social security, counterfeit learning funds and other fraud types.
Number behavior characteristics: the method mainly analyzes the characteristics of number call behaviors such as call frequency, call duration, call completing rate and the like of numbers based on call basic data and statistical analysis data, and comprises behavior characteristic data of the number call behavior of a user, wherein the behavior characteristic data reflects certain call behaviors such as call times, frequency, duration and the like of different types of numbers such as overseas telephones, fixed telephones, short numbers and the like.
Number characteristics: mainly to analyze whether the number has some similarity with the existing characteristic data.
Number active feature data: the method comprises daily call attribute characteristics of daily call times, average call time, earliest and latest call time and the like of numbers.
Number social network: the characteristic data reflecting the social relationship chain of the user, such as the friend number of the user, the stranger call proportion and the like; yet another important analysis dimension is to distinguish trusted normal talking users.
Number behavior event stream: a series of possibly abnormal call behavior event streams including numbers during the call ticket period; the abnormal behavior files of the numbers are established according to the historical calling and aggregation behaviors of the numbers, so that the abnormal call tickets can be well guided to be classified, and the abnormal call tickets can be used as a suspicion black bank to continuously monitor some numbers.
Regional analysis: mainly because fraud is of a regional nature by distinguishing the source of the number, whether the traffic is local or long distance, international, etc.
In the embodiment, the fraud phone identification model is a model for carrying out fraud phone identification based on events. The event model is a dynamic context detection fraud model based on continuous small-probability events. The single call behavior is difficult to judge whether the XDR/CDR is a normal call or not from the XDR/CDR itself unless the number itself has obvious characteristics, but if a series of call behaviors are aggregated, the correlation analysis can be carried out from the event point of view. Taking a conventional telephone counterfeit public inspection case occurrence process as an example, the occurrence process is accompanied by a series of possibly abnormal call ticket conversation situations, such as overseas broadcast network conversation and counterfeit public inspection institution conversation, and the conversation between them may occur many times and continuously. Then such a series of call behaviors, which are abnormal behavior event streams, are extracted and finally captured by the logic of the model.
And step S14, if the conversation behavior corresponding to the real-time call ticket is confirmed to be a fraud call, sending an alarm prompt to the called number in the real-time call ticket, and sending the fraud call identification result to a third-party management system.
The third-party management system may be a function management department such as an operator, or a system such as a pipe administration department and a public security related department.
In practical applications, a malicious fraud staff carries out fraud and always follows a certain pattern, if a user has recently communicated with a plurality of strange calls, and the strange communication behaviors conform to a certain fraud pattern, the users are potential victims, and the strange numbers are malicious numbers. And according to the time and frequency of the user and the calls, the degree of damage of the user can be known, as shown in fig. 2, the embodiment of the invention analyzes the call bill corresponding to strange call behaviors, searches continuous small-probability events on the call bill behaviors of the user through big data analysis, analyzes which type of fraud the call behaviors are probably, finds a victim, circles out a malicious number and a number of the victim user, and gives an alarm prompt to the victim user in time, concretely, the victim user can be reminded through a short message or a telephone, and the call behavior is reported to a function management department, so that the life and property loss of the victim user can be recovered to the maximum extent. And the identified result is provided to the public security by the administration bureau, and the public security contacts the bank basic policeman and the like for disposal. The preset fraud telephone identification model can output malicious numbers and victims by inputting Mc telephone bills, realizes various telephone fraud types, such as prevention and control capabilities of counterfeit public inspection, counterfeit e-commerce customer service, counterfeit banks, counterfeit operators, counterfeit social protection departments, counterfeit banks, counterfeit airlines, counterfeit leaders and acquaintances and the like, and is matched with a communicating bureau and a public security related department to block victims and discouraging fraud staff, so that the fraud telephone identification model has practicability.
The method for preventing the phone fraud provided by the embodiment of the invention analyzes the real-time call bill based on the number characteristics and/or the behavior characteristics of the real-time call bill to determine whether the call behavior corresponding to the real-time call bill is a fraud call, and sends an alarm prompt to the called number in the real-time call bill and sends the identification result of the fraud call to a third-party management system when the call behavior corresponding to the real-time call bill is confirmed to be a fraud call. The method and the system can accurately position the fraud calls, timely know the occurrence of the fraud calls, and timely send the alarm prompt to the called numbers corresponding to the fraud calls, thereby effectively improving the prevention and control capability of the user on harassment and fraud calls.
Further, the method further comprises: when the conversation behavior corresponding to the real-time call ticket is a fraud call, acquiring a calling number in the real-time call ticket, and intercepting the calling number.
In the embodiment of the invention, the analysis data is collected from the existing system of the operator, the existing system of the operator has corresponding disposal intercepting capability, for example, the found phishing websites and malicious programs in the mobile phone malicious programs are blocked in real time by spreading URLs and controlling URLs, and the clear intercepting rules are intercepted by using the garbage short platform system in the garbage short platform.
In an alternative embodiment of the present invention, as shown in fig. 3, the method further includes step S10;
step S10, establishing a fraud phone identification model in advance. Specifically, step S10 further includes steps not shown in the following figures:
a11, acquiring a history ticket in a preset time period in advance, wherein the history ticket comprises a fraud call;
a12, judging whether the conversation behavior corresponding to each historical ticket is a fraud call or not according to a preset malicious number library;
a13, extracting the number characteristic and the behavior characteristic of each history ticket;
a14, taking the number characteristic and the behavior characteristic of each historical ticket and the conversation behavior type corresponding to the historical ticket as training data, and training the training data to obtain the fraud telephone recognition model.
In the embodiment of the invention, an Mc historical ticket is collected from the existing log retention system and/or the signaling monitoring system, and is preprocessed according to the requirement of a preset ticket format. Training a fraud call identification model based on a bill and a malicious number library for a period of time, specifically, extracting the number characteristic and the behavior characteristic of each historical bill; and taking the number characteristic and the behavior characteristic of each historical ticket and the conversation behavior type corresponding to the historical ticket as training data, and training the training data to obtain the fraud call identification model. And then output the fraud phone recognition model to the real-time training engine. The real-time training engine analyzes the real-time call bill by adopting the fraud telephone recognition model and outputs a malicious number and a victim user.
The embodiment of the invention comprises two parts: off-line training and real-time detection.
Off-line training: and performing engine training according to a historical call bill of a preset time period, such as the last month, constructing number credit, automatically training according to new call bill data in a subsequent periodic manner, and updating the calculation logic of the engine regularly.
Real-time detection: after receiving the ticket, whether the ticket is a suspected fraud event can be judged within 5 minutes, and information such as suspected fraud number, suspected victim user number, OPC of the fraud number and the like is output.
In an optional embodiment of the present invention, after confirming that the conversation behavior corresponding to the real-time ticket is a fraudulent call, the method further includes:
and extracting OPC information carried in the real-time ticket, and tracing the source of the calling number of the fraud telephone according to the OPC information.
The important point of telephone fraud is that it plays a role in a series of calls, the most convincing of which is the information contained in the number itself, e.g. a fraud molecule induces the user to find out whether its number belongs to a special number of some kind, such as a public security agency number, a carrier customer service number, etc., which is implemented by the fraud molecule through a number-changing software. In some scenes, it is difficult to find whether the number is a number-change number from the number information of a single call (unless the number is an irregular number), so the core principle of counterfeit number tracing is to judge whether the call behavior or the series of call behaviors are fraud events through a 'characteristic + behavior' analysis engine, and further trace the number source of the determined fraud events through OPC information carried by a ticket.
It should be noted that if the number book is an irregular calling number, it can be directly determined as a counterfeit number, but in fact, the determination logic is already included in the fraud phone analysis engine, and only the analysis result of the fraud phone analysis engine needs to be further analyzed.
It should be noted that, normally, only the inter-network call ticket analyzes its OPC can further locate which local exchange or long distance office exchange of the operator it comes from, and the Mc (actually, the a port and IuCS interface) call ticket itself does not carry OPC and DPC information and needs to be associated with the NC port, but at the same time, because its OPC is usually GMSC, the signaling XDR of Mc analyzes its OPC and has no actual effect.
In an optional embodiment of the present invention, after confirming that the conversation behavior corresponding to the real-time ticket is a fraud call, the method further includes the following steps: obtaining a call ticket of historical call between a called number and a calling number in the real-time call ticket; calculating the total call frequency and the call frequency of the called number and the calling number in the real-time call ticket according to the call ticket of the historical call between the called number and the calling number; and determining danger level information corresponding to the conversation behavior corresponding to the real-time call bill according to the total conversation frequency and the conversation frequency. And the alarm prompt comprises danger level information corresponding to the conversation behavior corresponding to the real-time call ticket.
In the embodiment of the invention, after the communication behavior corresponding to the real-time call ticket is confirmed to be a fraud call, the call ticket of historical communication between the victim user and the malicious calling numbers is obtained, and the degree of the victim user can be known according to the time and frequency of communication between the victim user and the calls. When the execution module 404 sends an alarm prompt to the called number in the real-time ticket, the execution module carries the danger level information corresponding to the call behavior corresponding to the real-time ticket in the alarm prompt information, and sends the danger level information to the called number, namely the victim user, so as to improve the prevention and control capability of the user on harassment and fraud calls.
In an optional embodiment of the present invention, before extracting the number feature and/or the behavior feature of the real-time ticket, the method further includes the following steps: judging whether the conversation behavior corresponding to the real-time call ticket meets a preset abnormal conversation behavior judgment strategy or not; and if the conversation behavior corresponding to the real-time call ticket is determined to be abnormal conversation, adding the calling number in the real-time call ticket to the malicious number library, and intercepting the incoming call information of the calling number.
Abnormal conversation behaviors such as a sound, a call death, an over-frequency call and the like exist in the existing network, and the behaviors are also the key points of user complaints and are an important ring for standardizing a telecommunication network. Based on Mc and inter-network signaling CDR data, one-time call behavior analysis and tracing can be performed, and the method is used for standardizing and checking operator services. The various service judgment conditions are as follows:
call death judgment conditions: the calling times of the called number are more than 200 times per hour;
a sound judgment condition: actively disconnecting the calling number within 2s after the signal is answered, and calling frequency exceeds 150 times per hour; overtaking: more than 150 times per hour;
calling in an overclocking mode: counting the calling number calling times in a period (such as an hour) is more than N times (N can be configured by self-definition)
And (4) tracing the number source, searching a number source gateway through the carried OPC information, and processing by an operation unit.
In an optional embodiment of the invention, the method further comprises: optimally adjusting the fraud telephone identification model.
In this embodiment, the fraud phone identification model is optimally adjusted according to a preset policy. Specifically, the method comprises the steps of adjusting and optimizing parameters according to the existing model and the analysis result, carrying out model optimization, modeling analysis and verification aiming at new fraud methods, and issuing new parameter configuration and analysis algorithms to a big data analysis server on an enterprise side. The policy analysis also includes management of local numbers, specifically including feature data, white lists, and the like.
A. Analytics policy maintenance update
The anti-fraud process is a continuous antagonistic process, the success rate of fraud molecules is reduced along with the intervention of the fraud process, the fraud molecules change the 'conversation' and the fraud techniques are changed, so that the analysis strategy needs to be continuously maintained and updated according to the analysis result
Analysis policy maintenance update triggers: and performing irregular tuning analysis on the analysis strategy, setting a lower limit of the total number of suspected numbers found in the week and the total number of the short message sent in the week, and triggering the maintenance and updating requirements of the analysis strategy when the lower limit is lower than the lower limit. The strategy operation and maintenance work can select one or more strategies to carry out aging and tuning analysis, and discover novel fraud behaviors. And selecting a data source by the strategy operation and maintenance work, and mainly collecting in the platform.
And (3) analyzing the effectiveness of the strategy: the strategy effectiveness analysis refers to the analysis of the effectiveness of the existing strategy and the optimization and adjustment of strategy configuration attributes and rule thresholds by combining the behavior characteristic analysis results.
B. New fraud type modeling analysis
New fraud type mining: and summarizing the detected abnormal call sequences, confirming suspicious numbers, analyzing the occurrence probability and the correlation of the suspicious numbers, performing cross verification by combining the existing fraud technique rules, and mining new fraud techniques.
Modeling of new fraud types: and establishing a new fraud model aiming at a new fraud method by combining the report data acquired from the public security institution, and establishing a new fraud detection model by carrying out verification analysis on historical data and carrying out behavior training according to the black number.
For simplicity of explanation, the method embodiments are described as a series of acts or combinations, but those skilled in the art will appreciate that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently with other steps in accordance with the embodiments of the invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
FIG. 4 schematically shows a structural diagram of the system for preventing telephone fraud according to one embodiment of the present invention.
Referring to fig. 4, the system for preventing phone fraud according to the embodiment of the present invention specifically includes an obtaining module 401, an extracting module 402, an identifying module 403, and an executing module 404, where the obtaining module 401 is configured to obtain a real-time ticket; the extracting module 402 is configured to extract the number features and/or behavior features of the real-time ticket acquired by the acquiring module 401; the identification module 403 is configured to analyze the number characteristics and/or behavior characteristics of the real-time ticket extracted by the extraction module 402 according to a preset fraud call identification model, so as to determine whether a call behavior corresponding to the real-time ticket is a fraud call; and the execution module 404 is configured to send an alarm prompt to the called number in the real-time ticket after determining that the call behavior corresponding to the real-time ticket is a fraud call, and send the identification result of the fraud call to a third-party management system.
The system for preventing telephone fraud provided by the embodiment of the invention analyzes the real-time call bill based on the number characteristics and/or behavior characteristics of the real-time call bill to determine whether the call behavior corresponding to the real-time call bill is a fraud call, and sends an alarm prompt to the called number in the real-time call bill and sends the identification result of the fraud call to a third-party management system when the call behavior corresponding to the real-time call bill is confirmed to be a fraud call. The method and the system can accurately position the fraud calls, timely know the occurrence of the fraud calls, and timely send the alarm prompt to the called numbers corresponding to the fraud calls, thereby effectively improving the prevention and control capability of the user on harassment and fraud calls.
In an optional embodiment of the present invention, the obtaining module 401 is further configured to obtain a history ticket within a preset time period in advance, where the history ticket includes a fraud phone; the extracting module 402 is further configured to extract a number feature and a behavior feature of each history ticket.
Further, as shown in fig. 5, the system further includes a judging module 400-1 and a model training module 400-2, where the judging module 400-1 is configured to judge whether a call behavior corresponding to each historical ticket is a fraud call according to a preset malicious number library; the model training module 400-2 is configured to train the training data by using the number characteristics and the behavior characteristics of each history ticket and the call behavior type corresponding to the history ticket as training data, so as to obtain the fraud call identification model. The recognition module 403 analyzes the number features and/or behavior features of the real-time phone bill extracted by the extraction module 402 according to the obtained fraud phone recognition model.
In an optional embodiment of the present invention, the executing module 404 is further configured to, after confirming that the call behavior corresponding to the real-time ticket is a fraud call, extract OPC information carried in the real-time ticket, and trace back a source of a calling number of the fraud call according to the OPC information.
In an optional embodiment of the present invention, the obtaining module 401 is further configured to obtain a ticket of a historical call between a called number and a calling number in the real-time ticket after determining that a call behavior corresponding to the real-time ticket is a fraud call.
Further, the system comprises a calculation module and a determination module, not shown in the figures, wherein: the calculation module is used for calculating the total call frequency and the call frequency of the called number and the calling number in the real-time call ticket according to the call ticket of the historical call between the called number and the calling number; and the determining module is used for determining danger level information corresponding to the conversation behavior corresponding to the real-time call bill according to the total conversation frequency and the conversation frequency.
In this embodiment, the alarm prompt includes danger level information corresponding to a call behavior corresponding to the real-time ticket. In the embodiment of the invention, after the communication behavior corresponding to the real-time call ticket is confirmed to be a fraud call, the call ticket of historical communication between the victim user and the malicious calling numbers is obtained, and the degree of the victim user can be known according to the time and frequency of communication between the victim user and the calls. When the execution module 404 sends an alarm prompt to the called number in the real-time ticket, the execution module carries the danger level information corresponding to the call behavior corresponding to the real-time ticket in the alarm prompt information, and sends the danger level information to the called number, namely the victim user, so as to improve the prevention and control capability of the user on harassment and fraud calls.
In an optional embodiment of the present invention, the system further includes a determining module, not shown in the drawing, configured to determine whether a call behavior corresponding to the real-time ticket meets a preset abnormal call behavior determining policy before the extracting module 402 extracts the number feature and/or the behavior feature of the real-time ticket;
further, the executing module 404 is further configured to add the calling number in the real-time ticket to the malicious number library and intercept the incoming call information of the calling number when it is determined that the call behavior corresponding to the real-time ticket is an abnormal call.
In an optional embodiment of the present invention, the system further comprises an optimization module, not shown in the drawings, for performing an optimization adjustment on the fraud phone identification model.
Since the system described in the present embodiment is a system for implementing the method for preventing telephone fraud in the embodiment of the present application, a person skilled in the art can understand the specific implementation manner of the system of the present embodiment and various variations thereof based on the method for preventing telephone fraud described in the embodiment of the present application, so that a detailed description of how to implement the method for preventing telephone fraud in the embodiment of the present application is omitted here, and for the relevant points, reference may be made to part of the description of the method embodiment. It is within the scope of the present application to cover by those skilled in the art the system for implementing the method for preventing telephone fraud in the embodiments of the present application.
To sum up, the method and system for preventing phone fraud according to the embodiments of the present invention analyze the real-time phone bill based on the number characteristics and/or behavior characteristics of the real-time phone bill to determine whether the call behavior corresponding to the real-time phone bill is a fraud call, and when it is determined that the call behavior corresponding to the real-time phone bill is a fraud call, send an alarm prompt to the called number in the real-time phone bill, and send the identification result of the fraud call to the third party management system. The method and the system can accurately position the fraud calls, timely know the occurrence of the fraud calls, and timely send the alarm prompt to the called numbers corresponding to the fraud calls, thereby effectively improving the prevention and control capability of the user on harassment and fraud calls.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of a gateway, proxy server, system according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (2)

1. A method of preventing telephone fraud, comprising:
acquiring a real-time ticket;
extracting the number characteristics and/or behavior characteristics of the real-time call ticket;
analyzing the number characteristics and/or behavior characteristics of the real-time call bill according to a preset fraud call identification model to determine whether the call behavior corresponding to the real-time call bill is a fraud call; the fraud phone identification model is a big data analysis model built based on feature data, fraud types, number behavior features, number activity features, number social networks, behavior events and region dimensions;
if the communication behavior corresponding to the real-time call ticket is a fraud call, sending an alarm prompt to a called number in the real-time call ticket, and sending a fraud call identification result to a third-party management system; the method further comprises the following steps:
the method comprises the steps that a historical ticket in a preset time period is obtained in advance, wherein the historical ticket comprises a fraud call;
judging whether the call behavior corresponding to each historical ticket is a fraud call or not according to a preset malicious number library;
extracting the number characteristics and behavior characteristics of each historical ticket;
taking the number characteristic and the behavior characteristic of each historical ticket and the conversation behavior type corresponding to the historical ticket as training data, and training the training data to obtain the fraud call identification model;
after confirming that the conversation behavior corresponding to the real-time call ticket is a fraud call, the method further comprises the following steps:
extracting OPC information carried in the real-time ticket, and tracing the source of the calling number of the fraud phone according to the OPC information;
after confirming that the conversation behavior corresponding to the real-time call ticket is a fraud call, the method further comprises the following steps:
obtaining a call ticket of historical call between a called number and a calling number in the real-time call ticket;
calculating the total call frequency and the call frequency of the called number and the calling number in the real-time call ticket according to the call ticket of the historical call between the called number and the calling number;
determining danger level information corresponding to the conversation behavior corresponding to the real-time call bill according to the total conversation frequent time and the conversation frequency;
the alarm prompt comprises danger level information corresponding to the conversation behavior corresponding to the real-time call ticket;
before extracting the number features and/or behavior features of the real-time ticket, the method further comprises the following steps:
judging whether the conversation behavior corresponding to the real-time call ticket meets a preset abnormal conversation behavior judgment strategy or not;
if the conversation behavior corresponding to the real-time call ticket is confirmed to be abnormal conversation, adding the calling number in the real-time call ticket to the malicious number library, and intercepting the incoming call information of the calling number;
the method further comprises the following steps:
optimally adjusting the fraud telephone identification model.
2. A system for preventing telephone fraud, comprising:
the acquisition module is used for acquiring a real-time ticket;
the extraction module is used for extracting the number characteristics and/or the behavior characteristics of the real-time call ticket;
the recognition module is used for analyzing the number characteristics and/or the behavior characteristics of the real-time call bill according to a preset fraud call recognition model so as to determine whether the call behavior corresponding to the real-time call bill is a fraud call;
the execution module is used for sending an alarm prompt to a called number in the real-time call ticket and sending a fraud call identification result to a third-party management system when the call behavior corresponding to the real-time call ticket is a fraud call;
the acquisition module is further used for acquiring a historical ticket in a preset time period in advance, wherein the historical ticket comprises a fraud telephone;
the extraction module is also used for extracting the number characteristics and the behavior characteristics of each historical ticket;
the system further comprises:
the judging module is used for judging whether the conversation behavior corresponding to each historical ticket is a fraud call or not according to a preset malicious number library;
the model training module is used for taking the number characteristic and the behavior characteristic of each historical ticket and the conversation behavior type corresponding to the historical ticket as training data, and training the training data to obtain the fraud telephone recognition model;
and the execution module is also used for extracting OPC information carried in the real-time telephone bill after the communication behavior corresponding to the real-time telephone bill is confirmed to be a fraud telephone, and performing source tracing on the calling number of the fraud telephone according to the OPC information.
CN201611082262.2A 2016-11-04 2016-11-30 Method and system for preventing telephone fraud Active CN106791220B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016109652917 2016-11-04
CN201610965291 2016-11-04

Publications (2)

Publication Number Publication Date
CN106791220A CN106791220A (en) 2017-05-31
CN106791220B true CN106791220B (en) 2021-06-04

Family

ID=58898269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611082262.2A Active CN106791220B (en) 2016-11-04 2016-11-30 Method and system for preventing telephone fraud

Country Status (1)

Country Link
CN (1) CN106791220B (en)

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342986B (en) * 2017-06-20 2018-08-24 深圳安巽科技有限公司 A kind of fraudulent call early warning system and method for early warning
CN107342987B (en) * 2017-06-20 2018-08-17 深圳安巽科技有限公司 A kind of anti-telecommunication fraud system of network
CN109429230B (en) * 2017-08-28 2022-01-25 中国移动通信集团浙江有限公司 Communication fraud identification method and system
CN107483746A (en) * 2017-09-21 2017-12-15 北京安云世纪科技有限公司 A kind of reminding method of incoming information, terminal called and server
CN107734128A (en) * 2017-09-28 2018-02-23 努比亚技术有限公司 One kind swindle number identification method and equipment
CN107733900B (en) * 2017-10-23 2019-10-29 中国人民解放军信息工程大学 A kind of communication network users abnormal call behavioral value method for early warning
CN107798092A (en) * 2017-10-24 2018-03-13 浪潮天元通信信息系统有限公司 A kind of method and device for identifying dangerous phone
CN107819747B (en) * 2017-10-26 2020-09-18 上海欣方智能系统有限公司 Telecommunication fraud association analysis system and method based on communication event sequence
CN109726550B (en) * 2017-10-27 2022-05-06 腾讯科技(深圳)有限公司 Abnormal operation behavior detection method and device and computer readable storage medium
CN109728928B (en) * 2017-10-30 2021-05-07 腾讯科技(深圳)有限公司 Event recognition method, terminal, model generation method, server and storage medium
CN108093405A (en) * 2017-11-06 2018-05-29 北京邮电大学 A kind of fraudulent call number analysis method and apparatus
CN109756901A (en) * 2017-11-06 2019-05-14 中国电信股份有限公司 Anti- swindle method and apparatus
CN109819089B (en) * 2017-11-21 2021-05-04 中国移动通信集团广东有限公司 Voiceprint extraction method, core network element, electronic device and storage medium
CN107948451A (en) * 2017-11-24 2018-04-20 广州汇智通信技术有限公司 A kind of anti-telecommunication fraud method, apparatus, equipment and storage medium
CN108124260A (en) * 2017-12-18 2018-06-05 北京工业大学 A kind of method of the prevention number of the changing soft phone fraud based on the anti-inquiry mechanism of number
CN108156332B (en) * 2017-12-26 2019-11-01 中国联合网络通信集团有限公司 The acquisition methods and device of fraudulent call
CN109996237A (en) * 2018-01-02 2019-07-09 中兴通讯股份有限公司 The method and device of harassing call is found in a kind of VoLTE network
CN108198086B (en) * 2018-01-31 2021-06-25 海南海航信息技术有限公司 Method and device for identifying disturbance source according to communication behavior characteristics
CN108156336A (en) * 2018-02-01 2018-06-12 天津市国瑞数码安全系统股份有限公司 A kind of control system based on multiple features weighted model analysis ticket number
CN110351731A (en) * 2018-04-08 2019-10-18 中兴通讯股份有限公司 A kind of method and device of phone number antifraud
CN109379327A (en) * 2018-04-13 2019-02-22 国家计算机网络与信息安全管理中心 Based on manifold signaling list criticality analysis method and analysis system
CN110401780B (en) * 2018-04-25 2021-05-11 中国移动通信集团广东有限公司 Method and device for recognizing fraud calls
CN110414543A (en) * 2018-04-28 2019-11-05 中国移动通信集团有限公司 A kind of method of discrimination, equipment and the computer storage medium of telephone number danger level
CN108834148B (en) * 2018-05-08 2021-02-26 国家计算机网络与信息安全管理中心 5G-oriented NFV-based fraud telephone handling system and method
CN110536302A (en) * 2018-05-25 2019-12-03 中国移动通信集团广东有限公司 Telecommunication fraud based reminding method and device
CN110581924B (en) * 2018-06-07 2021-07-30 中国电信股份有限公司 Method and system for prompting risk of fraud
CN108924333B (en) * 2018-06-12 2020-09-18 阿里巴巴集团控股有限公司 Fraud telephone identification method, device and system
CN110830664B (en) * 2018-08-14 2021-03-05 中国移动通信集团设计院有限公司 Method and device for identifying telecommunication fraud potential victim user
CN110213448B (en) * 2018-09-13 2021-08-24 腾讯科技(深圳)有限公司 Malicious number identification method and device, storage medium and computer equipment
CN109688275A (en) * 2018-12-27 2019-04-26 中国联合网络通信集团有限公司 Harassing call recognition methods, device and storage medium
CN109711984B (en) * 2019-01-23 2021-03-02 北京市天元网络技术股份有限公司 Pre-loan risk monitoring method and device based on collection urging
CN110211014A (en) * 2019-05-31 2019-09-06 上海观安信息技术股份有限公司 A kind of anti-fraud detection method of operator
CN112565525A (en) * 2019-09-26 2021-03-26 中国电信股份有限公司 Anti-fraud early warning method and device
CN111565253B (en) * 2019-12-13 2021-07-09 成都无糖信息技术有限公司 Early warning method and system for fraud data of cat pool
CN111131627B (en) * 2019-12-20 2021-12-07 珠海高凌信息科技股份有限公司 Method, device and readable medium for detecting personal harmful call based on streaming data atlas
CN111278014A (en) * 2019-12-31 2020-06-12 中移(杭州)信息技术有限公司 Fraud prevention system, method, server and storage medium
CN111741472B (en) * 2020-08-07 2020-11-24 北京微智信业科技有限公司 GoIP fraud telephone identification method, system, medium and equipment
CN112491864A (en) * 2020-11-23 2021-03-12 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting phishing deep victim user
CN112637437A (en) * 2021-01-05 2021-04-09 江西火眼信息技术有限公司 Accurate pushing system for real-time early warning of telecommunication network fraud
CN113286035B (en) * 2021-05-14 2022-12-30 国家计算机网络与信息安全管理中心 Abnormal call detection method, device, equipment and medium
CN113596844A (en) * 2021-07-29 2021-11-02 恒安嘉新(北京)科技股份公司 Early warning method, device, medium and electronic equipment based on data information
CN113780407B (en) * 2021-09-09 2024-06-11 恒安嘉新(北京)科技股份公司 Data detection method and device, electronic equipment and storage medium
CN114119030A (en) * 2021-11-10 2022-03-01 恒安嘉新(北京)科技股份公司 Fraud prevention method and device, electronic equipment and storage medium
CN114258024B (en) * 2021-12-03 2023-10-31 中国联合网络通信集团有限公司 Shutdown processing method and device, electronic equipment and storage medium
CN114285943A (en) * 2021-12-27 2022-04-05 恒安嘉新(北京)科技股份公司 Prevention and control method, device, equipment and computer program product for telephone fraud
CN114257688A (en) * 2021-12-28 2022-03-29 深圳云天励飞技术股份有限公司 Telephone fraud identification method and related device
CN115022464A (en) * 2022-05-06 2022-09-06 中国联合网络通信集团有限公司 Number processing method, system, computing device and storage medium
CN114860792A (en) * 2022-05-25 2022-08-05 杭州安恒信息技术股份有限公司 Telephone fraud early warning method, device, equipment and medium
CN114710591B (en) * 2022-06-01 2022-09-02 浙江鹏信信息科技股份有限公司 Method and system for preventing harassment fraud calls
CN117354418B (en) * 2023-09-28 2024-10-15 中移互联网有限公司 Call behavior monitoring method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104023109A (en) * 2014-06-27 2014-09-03 深圳市中兴移动通信有限公司 Incoming call prompt method and device as well as incoming call classifying method and device
WO2015062209A1 (en) * 2013-10-29 2015-05-07 华为技术有限公司 Visualized optimization processing method and device for random forest classification model
CN104735671A (en) * 2015-02-27 2015-06-24 腾讯科技(深圳)有限公司 Malicious call recognition method and device
CN106060260A (en) * 2016-06-23 2016-10-26 北京百纳威尔无线通信设备有限公司 Method and equipment for prompting abnormal number in call

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015062209A1 (en) * 2013-10-29 2015-05-07 华为技术有限公司 Visualized optimization processing method and device for random forest classification model
CN104023109A (en) * 2014-06-27 2014-09-03 深圳市中兴移动通信有限公司 Incoming call prompt method and device as well as incoming call classifying method and device
CN104735671A (en) * 2015-02-27 2015-06-24 腾讯科技(深圳)有限公司 Malicious call recognition method and device
CN106060260A (en) * 2016-06-23 2016-10-26 北京百纳威尔无线通信设备有限公司 Method and equipment for prompting abnormal number in call

Also Published As

Publication number Publication date
CN106791220A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
CN106791220B (en) Method and system for preventing telephone fraud
CN108924333B (en) Fraud telephone identification method, device and system
Becker et al. Fraud detection in telecommunications: History and lessons learned
JP6559668B2 (en) Mobile terminal number intelligent protection system and method
CN107819747B (en) Telecommunication fraud association analysis system and method based on communication event sequence
JP5547289B2 (en) Method and apparatus for detecting fraud in a telecommunications network
CN107197463A (en) A kind of detection method of telephone fraud, storage medium and electronic equipment
CN108243049B (en) Telecommunication fraud identification method and device
CN106970911A (en) A kind of strick precaution telecommunication fraud system and method based on big data and machine learning
CN108259680B (en) Fraud call identification method and device and server for identifying fraud calls
CN110839216B (en) Method and device for identifying communication information fraud
CN113923669B (en) Multi-source cross-platform fusion anti-fraud early warning method, device, equipment and medium
CN101686444A (en) System and method for detecting spam SMS sender number in real time
CN107231494A (en) A kind of acquisition methods of user communication characteristic, storage medium and electronic equipment
US20200233958A1 (en) Method and system for active risk control based on intelligent interaction
CN110647561A (en) Communication track analysis method for drug-involved personnel
CN114169438A (en) Telecommunication network fraud identification method, device, equipment and storage medium
CN107948451A (en) A kind of anti-telecommunication fraud method, apparatus, equipment and storage medium
KR102200253B1 (en) System and method for detecting fraud usage of message
CN110113748B (en) Crank call monitoring method and device
CN114168423A (en) Abnormal number calling monitoring method, device, equipment and storage medium
CN110167030B (en) Method, device, electronic equipment and storage medium for identifying crank calls
CN112925971A (en) Multi-source analysis-based fraud topic detection method and device
Tarmazakov et al. Modern approaches to prevent fraud in mobile communications networks
CN109819125A (en) A kind of method and device limiting telecommunication fraud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant