CN108243049A - Telecoms Fraud recognition methods and device - Google Patents

Telecoms Fraud recognition methods and device Download PDF

Info

Publication number
CN108243049A
CN108243049A CN201611228452.0A CN201611228452A CN108243049A CN 108243049 A CN108243049 A CN 108243049A CN 201611228452 A CN201611228452 A CN 201611228452A CN 108243049 A CN108243049 A CN 108243049A
Authority
CN
China
Prior art keywords
fraud
usage log
cheated
telecoms
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611228452.0A
Other languages
Chinese (zh)
Other versions
CN108243049B (en
Inventor
傅平
傅一平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Zhejiang Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201611228452.0A priority Critical patent/CN108243049B/en
Publication of CN108243049A publication Critical patent/CN108243049A/en
Application granted granted Critical
Publication of CN108243049B publication Critical patent/CN108243049B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/10Scheduling measurement reports ; Arrangements for measurement reports

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention relates to a kind of Telecoms Fraud recognition methods and device, the method includes:Obtain the usage log of target UE UE;Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;The detection data is matched one by one with each fraud pattern stored in the Telecoms Fraud pattern base built in advance;If the successful match, the target UE is determined as potential to be spoofed UE;Described device includes the use of log acquisition unit, detection data determination unit, fraud pattern matching unit and potential is spoofed UE determination units.The Telecoms Fraud recognition methods of the present invention and device, the deficiency of existing Telecoms Fraud Prevention Technique scheme can be made up, the initiative and accuracy rate of fraudulent call identification are improved, shortens the time of fraudulent call identification, can be intervened in a short time for the potential UE that is spoofed.

Description

Telecoms Fraud recognition methods and device
Technical field
The present invention relates to communication service technology field more particularly to a kind of Telecoms Fraud recognition methods and devices.
Background technology
Fraudulent call is very rampant now, has seriously affected the property safety and user experience of telecommunication user.
Existing identification malicious call mainly has two classes, and one kind is as this by mobile phone assistant, number is led in Internet company The terminal software of sample by receiving the number of the spontaneous label of user, after the label information of a large number of users is recorded from the background, is established Number mark database arrives all terminal notifying users in a manner that server issues.Also a kind of recognition methods is to pass through Speech recognition technology, by identifying in doubtful call that critical voice semanteme whether occur identifies.
By said program it is found that existing fraudulent call Prevention Technique scheme there are following defects:Nonstandard calling number Interception mode excessively roughly, easily accidentally intercepts part right number calling without evidence obtaining;Touch-tone monitoring is to newly-increased The judgement of shortcode lacks method, and easy erroneous judgement is swindle number;It records to swindle number, needs many-sided evidence obtaining, And matching is monitored in the progress of large area in real time, overhead is larger, as long as and swindle molecule and have changed voice messaging, you can around This detection is crossed, it is difficult to keep accuracy rate;The calling of the user feedback world is allowed whether to be fraudulent call, obtained information reliability without Method ensures, and it is slower to accumulate fraudulent call knowledge base speed.
Invention content
Telecoms Fraud is identified for existing Telecoms Fraud Prevention Technique scheme accuracy rate is low, recognition speed is slow And equipment cost it is high the defects of, the present invention the following technical solutions are proposed:
For this purpose, one aspect of the present invention proposes a kind of Telecoms Fraud recognition methods, including:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
Optionally, the detection data determined according to the usage log for carrying out Telecoms Fraud identification, including:
Processing is filtered to the usage log, using the result of the filtration treatment as the detection data.
Optionally, the method further includes:
Usage log samples of the UE cheated during being cheated is obtained, and day is used according to during described cheated Will sample determines multiple fraud event tags;
The multiple fraud event tag is associated according to the sequencing of time of origin, it is corresponding to determine Fraud pattern;
According to Telecoms Fraud pattern base described in the fraud mode construction.
Optionally, the usage log sample for obtaining the UE cheated during being cheated, and cheated according to described The usage log of period determined with the associated multiple fraud event tags of time sequencing, including:
According to usage log samples of the UE during non-cheated, to usage logs of the UE during being cheated Sample is filtered processing.
Optionally, the method further includes:
The doubtful UE cheated is determined according to the communications records of Telecoms Fraud number;Wherein, the Telecoms Fraud number packet Include the number in the Telecoms Fraud number blacklist of operator's grasp;
By in the doubtful UE cheated, the UE with dialing the police emergency number after the Telecoms Fraud number communication is considered as The UE cheated.
Optionally, the method further includes:
When detection knows that the target UE performs one in the associated multiple fraud event tags of time sequencing During a fraud event tag, the operation of the usage log for obtaining target UE UE is performed.
Optionally, the method further includes:
When detection knows that the target UE receives the short breath or phone of doubtful fraudulent party number, the acquisition mesh is performed Mark the operation of the usage log of user equipment (UE).
Optionally, the usage log for obtaining target UE UE, including:
Obtain the usage log of the low time delay of the target UE.
On the other hand, the present invention also provides a kind of Telecoms Fraud identification device, including:
Usage log acquiring unit, for obtaining the usage log of target UE UE;
Detection data determination unit, for determining the testing number for carrying out Telecoms Fraud identification according to the usage log According to;
Pattern matching unit is cheated, for will be stored in the detection data and the Telecoms Fraud pattern base that builds in advance Each fraud pattern matched one by one;
It is potential to be spoofed UE determination units, in the successful match, the target UE to be determined as potential taken advantage of Cheat UE.
Optionally, the detection data determination unit is specifically used for being filtered processing to the usage log, by institute The result of filtration treatment is stated as the detection data.
The Telecoms Fraud recognition methods of the present invention and device, by obtaining the usage log of target UE UE, and root The detection data for carrying out Telecoms Fraud identification is determined according to the usage log, and then by the detection data with building in advance Telecoms Fraud pattern base in each fraud pattern for being stored matched one by one, in the successful match, by the mesh Mark UE be determined as it is potential be spoofed UE, and then preset Telecoms Fraud early warning scheme is performed to the potential UE that is spoofed, can be with The deficiency of existing Telecoms Fraud Prevention Technique scheme is made up, improves the initiative and accuracy rate of fraudulent call identification, shortens swindle The time of phone identification, it can be intervened in a short time for the potential UE that is spoofed.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments, for those of ordinary skill in the art, without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is the flow diagram of the Telecoms Fraud recognition methods of one embodiment of the invention;
Fig. 2 is the schematic diagram of the usage behavior daily record of one embodiment of the invention;
Fig. 3 is the schematic diagram of the fraud mode excavation result of one embodiment of the invention;
Fig. 4 is the structure diagram of the Telecoms Fraud identification device of one embodiment of the invention;
Fig. 5 is the structure diagram of the server for being used to implement Telecoms Fraud identification of one embodiment of the invention.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical solution in the embodiment of the present invention is explicitly described, it is clear that described embodiment be the present invention Part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not having All other embodiments obtained under the premise of creative work are made, shall fall within the protection scope of the present invention.
Fig. 1 is the flow diagram of the Telecoms Fraud recognition methods of one embodiment of the invention, as shown in Figure 1, this method Including:
S1:Obtain the usage log of target UE UE;
Specifically, server obtains usage log (call, short message, the online of such as described target UE of the target UE The daily records such as data);
It is understood that in order to ensure the promptness of Telecoms Fraud event intervention, the server may be used for example The technological means such as flume, kafka or oracle golden gate obtain the usage log of the low time delay of the target UE.
S2:Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Specifically, it after the server obtains the usage log of the target UE, determines to use according to the usage log In the detection data for carrying out Telecoms Fraud identification.
As a kind of optional embodiment of the present embodiment, the server can to the usage log of acquisition into Row filtration treatment, to remove the invalid data in the usage log, and then according to determining the result of the filtration treatment Detection data.
For example, (ratio is such as whether often dial the world according to the routine use preference of the target UE for the server Phone, long-distance call, the target UE frequent contact etc.) information, processing is filtered to the usage log of acquisition, Remove wherein with by the unrelated data of fraud, using usage behavior data remaining in the usage log as the testing number According to.
As a kind of optional embodiment of the present embodiment, the server can be by the usage log of the target UE Evented processing is carried out, that is, determines the event tag of every usage behavior in the usage log, and the multiple events that will be determined Label is associated with time of origin sequencing, using associated multiple event tags as the detection data.
For example, each usage behavior can be represented in usage log respectively with behavior vector a1, a2, a3 ... an Event tag, every usage behavior correspond to a behavior vector.For example, a1 is whether to meet the label of event 1 (call), a2 is Whether label of event 2 (converse caller be international number) etc. is met.
S3:By each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds carry out by One matching;
Specifically, the server will be stored each in the detection data and the Telecoms Fraud pattern base that builds in advance Fraud pattern is matched one by one.
For example, the server by the detection data it is corresponding it is multiple with the associated event tag of time sequencing with Each fraud pattern stored in the Telecoms Fraud pattern base (including predetermined with time sequencing closed by the fraud pattern Multiple event tags of connection) it is matched one by one.
S4:If the successful match, the target UE is determined as potential to be spoofed UE.
Specifically, a certain fraud pattern of the server in the detection data and the Telecoms Fraud pattern base During with success, the target UE is determined as potential to be spoofed UE.
Further, as a kind of optional embodiment of the present embodiment, the method can also include:
According to pre-set Telecoms Fraud early warning scheme, intervention is performed to the potential UE that is spoofed, such as according to difference Scene demand sends short messages and reminds user, be pushed to customer service or notice public security intervene etc..
The Telecoms Fraud recognition methods of the present embodiment, by obtaining the usage log of target UE UE, and according to institute It states usage log and determines detection data for carrying out Telecoms Fraud identification, and then by the detection data and the electricity that builds in advance Each fraud pattern for being stored is matched one by one in letter fraud pattern base, in the successful match, by the target UE Be determined as it is potential be spoofed UE, and then preset Telecoms Fraud early warning scheme is performed to the potential UE that is spoofed, can make up The deficiency of existing Telecoms Fraud Prevention Technique scheme improves the initiative and accuracy rate of fraudulent call identification, shortens fraudulent call The time of identification can be intervened for the potential UE that is spoofed in a short time.
Further, as a kind of optional embodiment of above method embodiment, before step S3, the method is also It can include building the Telecoms Fraud pattern base;
Specifically, usage log samples of the UE that the server acquisition is cheated during being cheated, and according to institute It states the usage log sample during being cheated and determines multiple fraud event tags, then by the multiple fraud event mark Label are associated according to the sequencing of time of origin, to determine corresponding fraud pattern, and then according to the fraud pattern structure Build the Telecoms Fraud pattern base.
Wherein, the collection process of usage log samples of the UE cheated during being cheated includes:
The doubtful UE cheated is determined according to the communications records of Telecoms Fraud number;Wherein, the Telecoms Fraud number packet Include the number in the Telecoms Fraud number blacklist of operator's grasp;
By in the doubtful UE cheated, the UE with dialing the police emergency number after the Telecoms Fraud number communication is considered as The UE cheated.
For example, the Telecoms Fraud number blacklist that the server is grasped according to operator, is searched from database In the blacklist swindle number calling record, with determine the doubtful UE cheated, and then will wherein dial later 110 into The user of row alarm determines the UE cheated.
It is understood that the determining UE cheated is more, be more conducive to the model instruction of the Telecoms Fraud pattern base Practice.
Further, the server obtained from call, short message, dic database described in the UE that is cheated cheated The log recording (or the merit data after desensitization are obtained from the police) of period, such as conversation object number feature, the duration of call, silver Row short message, Internetbank app such as use at the record etc..
As a kind of optional embodiment of the present embodiment, the server is being taken advantage of except the UE cheated described in acquisition Outside usage log during swindleness, its usage log during non-cheated can also be obtained, with the UE cheated described in judgement Daily behavior preference, than such as whether have dial long-distance call, the call of overseas call custom, user in itself relationship cycle (often With contact person) etc. information, with according to it is described it is non-cheated during usage log to the usage log sample during described cheated Originally processing is filtered, and then the usage log after filtration treatment is subjected to evented processing.
For example, the event mark of each usage behavior daily record can be represented respectively with behavior vector a1, a2, a3 ... an Label, every usage behavior correspond to a behavior vector.
For example, a1 is whether to meet the label of event 1 (talk business);Whether a2 is meets (the i.e. call master of event 2 Cry as international number) label etc.;A3 is whether call caller is user in relationship cycle;Wherein, the relationship cycle is determining Rule includes:By before in preset time period (such as upper two calendar months), converse sum and duration of call ranking 30, (quantity can To be set according to actual conditions) UE determine the relationship cycle (frequent contact group) of the UE, if current talking is not described In relationship cycle, then a3=0;Otherwise a3=1;A4 was the duration of call less than 10 seconds;A5 was the duration of call more than 800 seconds;A6 is short Letter receives;A7 is that the sender of the short message received is the officials such as bank number;A8 is logged in for Internetbank APP;Whether a9 has for user Toll message custom is (by calculating the upper bimestrial toll message index k=toll messages number of user/total talk times, such as k >0.05 has a9 labels, otherwise without a9 labels);Whether a10 has international call custom (if the Shang Lianggeyue worlds are by 3 for user Or more be then considered as and have;Otherwise it is considered as nothing) etc..
It should be noted that the particular content and quantity of above-mentioned event tag can be chosen according to actual conditions, The present invention is to this without limiting.
Remove wherein unrelated with by fraud behavior vector (such as the vector that call calling party is user in relationship cycle, That is a3 is 1 vector;Or behavior vector of the duration of call less than 10 seconds, i.e. a4 is 1 vector) after, it is cheated described UE forms fraud matrix during being cheated with by the related behavior vector of fraud.
Further, after obtaining a certain amount of fraud matrix, it may be determined that each behavior vector is each described The probability occurred in fraud matrix, and select the wherein highest M row vector A of probability1, A2…AM, with determine this M to The maximum probability occurred in which order is measured, records this sequence, to determine corresponding fraud pattern.
It is understood that there is the M behavior according to the sequence of above-mentioned record in the usage log as the target UE During one or more of vector, it is determined that the target UE is to be potential by fraud UE.
For example, Fig. 2 is the schematic diagram of the usage behavior daily record of one embodiment of the invention, as shown in Fig. 2, described make Subscriber Number (to prevent information leakage, covering in portion numbers) is classified as with the first of user behaviors log, second is classified as timestamp, the Three are classified as the quantity that user this daily record (event) is mapped to label, and the 4th row start the behavior label for user.
Specifically, 0 is filled out per the blank space of the behavior label of a line (corresponding a daily record), has and 1 is filled out at event can determine Behavior vector described in this daily record.
For example, if the event of definition A0 is the overseas call call opened with 00;C is and stranger converses;B3 be and The duration of call was more than 800 seconds, then first daily record represents in Fig. 2:Current UE starts at 3832686 this time point and 00 Strange number call and more than 800 seconds.
Further, when determine it is a certain number of it is above-mentioned by fraud UE usage log data after, you can pass through machine Learning algorithm refines fraud pattern.
It is understood that before fraud pattern is refined, event need to be filtered, to remove invalid event therein (event of minimum support support is unsatisfactory for, for example, 0.5), filters out the excavation that notable event carries out fraud pattern, And then fraud pattern is determined by association in time algorithm, Fig. 3 shows the fraud mode excavation result of one embodiment of the invention Schematic diagram.
Further, as a kind of optional embodiment of above method embodiment, the method can also include:
When detection knows that the target UE performs one in the associated multiple fraud event tags of time sequencing During a fraud event tag, the operation of the usage log for obtaining target UE UE is performed;
Specifically, the server can be detected only when knowing that the target UE is connected to international strange phone, just acquisition Daily record data in this daily record data and preset quantity or preset time period later;Alternatively, it is only connect in the target UE During to stranger's short message, the daily record data in this daily record data and preset quantity or preset time period later is just acquired.
Further, as the optional embodiment of another kind of above method embodiment, the method can also include:
When detection knows that the target UE receives the short breath or phone of doubtful fraudulent party number, the acquisition mesh is performed Mark the operation of the usage log of user equipment (UE).
Specifically, the server can know that the target UE receives the short message of doubtful fraudulent party number in detection Or during phone, the daily record data in this daily record data and preset quantity or preset time period later is just acquired.
It should be noted that fraud phone/short message identification that operator uses at present is low with the accuracy of hold-up interception method, The mode intercepted to all doubtful fraud numbers is excessively dogmatic.
Therefore, on the basis of existing scheme, the present embodiment certain numbers be confirmed as it is doubtful fraud number when, for The corelation behaviour record of these numbers receives the subsequent daily record data of user and is analyzed.If it during subsequent analysis, receives this and doubts It is confirmed as being spoofed UE like the UE of fraud number information or incoming call, then can confirms that the doubtful fraud number is really fraud number Code.
It is understood that just performed only when meeting above-mentioned trigger condition obtain the usage log of the target UE can be with The calculation amount of data processing is substantially reduced, improves data-handling efficiency.
The Telecoms Fraud recognition methods of the present embodiment compensates for the deficiency of existing fraudulent call Prevention Technique scheme, passes through The fraud pattern of determining fraudulent call and the potential usage behavior by fraud UE are subjected to match cognization, improve swindle The initiative and accuracy rate of phone identification shorten the reaction time of fraudulent call identification, can be in a short time for potential UE is spoofed to be intervened.
Fig. 4 is the structure diagram of the Telecoms Fraud identification device of one embodiment of the invention, as shown in figure 4, the device It includes the use of log acquisition unit 21, detection data determination unit 22, fraud pattern matching unit 23 and potential is spoofed UE Determination unit 24, wherein:
Usage log acquiring unit 21 is used to obtain the usage log of target UE UE;
Detection data determination unit 22 is used to determine the detection for carrying out Telecoms Fraud identification according to the usage log Data;
Fraud pattern matching unit 23 is used to be deposited in the detection data and the Telecoms Fraud pattern base that builds in advance Each fraud pattern of storage is matched one by one;
It is potential to be spoofed UE determination units 24 in the successful match, the target UE to be determined as potential taken advantage of Cheat UE.
Specifically, the process of the Telecoms Fraud identification device progress Telecoms Fraud identification of the present embodiment includes:Usage log Acquiring unit 21 obtains the usage log of target UE UE;Detection data determination unit 22 is determined according to the usage log For carrying out the detection data of Telecoms Fraud identification;The electricity that fraud pattern matching unit 23 is built by the detection data and in advance Each fraud pattern stored in letter fraud pattern base is matched one by one;The potential UE determination units 24 that are spoofed are in the matching During success, the target UE is determined as potential to be spoofed UE.
Further, as a kind of optionally embodiment of above device embodiment, the detection data determination unit 22 can also be specifically used for being filtered processing to the usage log, using the result of the filtration treatment as the detection Data.
Telecoms Fraud identification device described in the present embodiment can be used for performing above-mentioned Telecoms Fraud recognition methods embodiment, Its principle is similar with technique effect, and details are not described herein again.
It should be noted that for device embodiment, since it is basicly similar to embodiment of the method, so description Fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
Structure diagrams of the Fig. 5 for the server of the realization Telecoms Fraud recognition methods of one embodiment of the invention, such as Fig. 5 Shown, which includes:Processor (processor) 31, bus 32 and memory (memory) 33, wherein, processor (processor) 31 and memory 33 mutual communication is completed by bus 32.Processor 31 can be called in memory 33 Program instruction, to perform following method:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated When machine performs, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
The present embodiment provides a kind of non-transient computer readable storage medium storing program for executing, the non-transient computer readable storage medium storing program for executing Computer instruction is stored, the computer instruction makes the computer perform the method that above-mentioned each method embodiment is provided, example Such as include:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
By said program it is found that Telecoms Fraud recognition methods and the device of the present invention, swindleness is answered according to potential by fraud UE It deceives a series of communication behaviors (including phone, short message, internet behavior) after phone to be compared with its behavior usually, judgement is No is abnormal behaviour, significant to preventing user that financial transactions behavior occurs so as to judge whether the user is deceived;It obtains The usage log data for having the characteristics that low time delay can judge which user of the whole network may swindled more in time, ensure The validity of intervention stratege embodiment;Meanwhile the behaviour for obtaining usage log data is just performed only when meeting above-mentioned trigger condition Make, the calculation amount of data processing can be further reduced, promote the recognition speed of fraud.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through The relevant hardware of program instruction is completed, and aforementioned program can be stored in a computer read/write memory medium, the program When being executed, step including the steps of the foregoing method embodiments is performed;And aforementioned storage medium includes:ROM, RAM, magnetic disc or light The various media that can store program code such as disk.
Embodiments described above is only schematical, wherein the unit illustrated as separating component can be Or may not be physically separate, the component shown as unit may or may not be physical unit, i.e., A place can be located at or can also be distributed in multiple network element.It can select according to the actual needs therein Some or all of module realizes the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying creative labor In the case of dynamic, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It is realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on such understanding, on Technical solution is stated substantially in other words to embody the part that the prior art contributes in the form of software product, it should Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including several fingers It enables and (can be personal computer, server or the network equipment etc.) so that computer equipment is used to perform each implementation Method described in certain parts of example or embodiment.
Finally it should be noted that:The above various embodiments is only to illustrate the technical solution of the embodiment of the present invention rather than right It is limited;Although the embodiment of the present invention is described in detail with reference to foregoing embodiments, the ordinary skill of this field Personnel should understand that:It can still modify to the technical solution recorded in foregoing embodiments or to which part Or all technical features carries out equivalent replacement;And these modifications or replacement, it does not separate the essence of the corresponding technical solution The range of each embodiment technical solution of the embodiment of the present invention.

Claims (10)

1. a kind of Telecoms Fraud recognition methods, which is characterized in that including:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
The detection data is matched one by one with each fraud pattern stored in the Telecoms Fraud pattern base built in advance;
If the successful match, the target UE is determined as potential to be spoofed UE.
2. according to the method described in claim 1, it is characterized in that, described determine to carry out telecommunications according to the usage log The detection data of identification is cheated, including:
Processing is filtered to the usage log, using the result of the filtration treatment as the detection data.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
Usage log samples of the UE cheated during being cheated is obtained, and according to the usage log sample during described cheated This determines multiple fraud event tags;
The multiple fraud event tag is associated according to the sequencing of time of origin, to determine corresponding fraud Pattern;
According to Telecoms Fraud pattern base described in the fraud mode construction.
4. the according to the method described in claim 3, it is characterized in that, use for obtaining the UE cheated during being cheated Daily record sample, and determined according to the usage log during described cheated with the associated multiple fraud event marks of time sequencing Label, including:
According to usage log samples of the UE during non-cheated, to usage log samples of the UE during being cheated It is filtered processing.
5. according to the method described in claim 3, it is characterized in that, the method further includes:
The doubtful UE cheated is determined according to the communications records of Telecoms Fraud number;Wherein, the Telecoms Fraud number includes fortune Seek the number in the Telecoms Fraud number blacklist that quotient grasps;
By in the doubtful UE cheated, the UE with dialing the police emergency number after the Telecoms Fraud number communication is considered as described The UE cheated.
6. according to claim 3-5 any one of them methods, which is characterized in that the method further includes:
When detection knows that the target UE performs one in the associated multiple fraud event tags of time sequencing and takes advantage of During swindleness behavior event tag, the operation of the usage log for obtaining target UE UE is performed.
7. according to claim 1-5 any one of them methods, which is characterized in that the method further includes:
When detection knows that the target UE receives the short breath or phone of doubtful fraudulent party number, perform the acquisition target and use The operation of the usage log of family equipment UE.
8. according to claim 1-5 any one of them methods, which is characterized in that the use for obtaining target UE UE Daily record, including:
Obtain the usage log of the low time delay of the target UE.
9. a kind of Telecoms Fraud identification device, which is characterized in that including:
Usage log acquiring unit, for obtaining the usage log of target UE UE;
Detection data determination unit, for determining the detection data for carrying out Telecoms Fraud identification according to the usage log;
Pattern matching unit is cheated, it is each for will be stored in the detection data and the Telecoms Fraud pattern base that builds in advance Fraud pattern is matched one by one;
It is potential to be spoofed UE determination units, in the successful match, the target UE is determined as potential to be spoofed UE.
10. device according to claim 9, which is characterized in that the detection data determination unit is specifically used for described Usage log is filtered processing, using the result of the filtration treatment as the detection data.
CN201611228452.0A 2016-12-27 2016-12-27 Telecommunication fraud identification method and device Active CN108243049B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611228452.0A CN108243049B (en) 2016-12-27 2016-12-27 Telecommunication fraud identification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611228452.0A CN108243049B (en) 2016-12-27 2016-12-27 Telecommunication fraud identification method and device

Publications (2)

Publication Number Publication Date
CN108243049A true CN108243049A (en) 2018-07-03
CN108243049B CN108243049B (en) 2021-09-14

Family

ID=62702730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611228452.0A Active CN108243049B (en) 2016-12-27 2016-12-27 Telecommunication fraud identification method and device

Country Status (1)

Country Link
CN (1) CN108243049B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284371A (en) * 2018-09-03 2019-01-29 平安证券股份有限公司 Anti- fraud method, electronic device and computer readable storage medium
CN110059889A (en) * 2019-03-28 2019-07-26 国家计算机网络与信息安全管理中心 Swindle calling sequence detection method based on unsupervised learning
CN110213448A (en) * 2018-09-13 2019-09-06 腾讯科技(深圳)有限公司 Malice number identification method, device, storage medium and computer equipment
CN110839216A (en) * 2018-08-17 2020-02-25 中国移动通信集团广东有限公司 Method and device for identifying communication information fraud
WO2020085989A1 (en) * 2018-10-26 2020-04-30 Telefonaktiebolaget Lm Ericsson (Publ) Method and user equipment for detecting a potentially fraudulent call
CN111800546A (en) * 2020-07-07 2020-10-20 中国工商银行股份有限公司 Method, device and system for constructing recognition model and recognizing and electronic equipment
CN112491864A (en) * 2020-11-23 2021-03-12 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting phishing deep victim user
CN112926990A (en) * 2021-03-25 2021-06-08 支付宝(杭州)信息技术有限公司 Method and device for fraud identification
CN113706176A (en) * 2021-09-02 2021-11-26 赵琦 Information anti-fraud processing method and service platform system combined with cloud computing
CN113727351A (en) * 2020-05-12 2021-11-30 中国移动通信集团广东有限公司 Communication fraud identification method and device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567788A (en) * 2010-12-28 2012-07-11 中国移动通信集团重庆有限公司 Real-time identification system and real-time identification method for fraudulent practice in communication services
CN102790752A (en) * 2011-05-20 2012-11-21 盛乐信息技术(上海)有限公司 Fraud information filtering system and method on basis of feature identification
CN104244216A (en) * 2014-09-29 2014-12-24 中国移动通信集团浙江有限公司 Method and system for intercepting fraud phones in real time during calling
US20160247158A1 (en) * 2015-02-20 2016-08-25 Kaspersky Lab Zao System and method for detecting fraudulent online transactions

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567788A (en) * 2010-12-28 2012-07-11 中国移动通信集团重庆有限公司 Real-time identification system and real-time identification method for fraudulent practice in communication services
CN102790752A (en) * 2011-05-20 2012-11-21 盛乐信息技术(上海)有限公司 Fraud information filtering system and method on basis of feature identification
CN104244216A (en) * 2014-09-29 2014-12-24 中国移动通信集团浙江有限公司 Method and system for intercepting fraud phones in real time during calling
US20160247158A1 (en) * 2015-02-20 2016-08-25 Kaspersky Lab Zao System and method for detecting fraudulent online transactions

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110839216B (en) * 2018-08-17 2021-09-21 中国移动通信集团广东有限公司 Method and device for identifying communication information fraud
CN110839216A (en) * 2018-08-17 2020-02-25 中国移动通信集团广东有限公司 Method and device for identifying communication information fraud
CN109284371B (en) * 2018-09-03 2023-04-18 平安证券股份有限公司 Anti-fraud method, electronic device, and computer-readable storage medium
CN109284371A (en) * 2018-09-03 2019-01-29 平安证券股份有限公司 Anti- fraud method, electronic device and computer readable storage medium
CN110213448A (en) * 2018-09-13 2019-09-06 腾讯科技(深圳)有限公司 Malice number identification method, device, storage medium and computer equipment
CN110213448B (en) * 2018-09-13 2021-08-24 腾讯科技(深圳)有限公司 Malicious number identification method and device, storage medium and computer equipment
WO2020085989A1 (en) * 2018-10-26 2020-04-30 Telefonaktiebolaget Lm Ericsson (Publ) Method and user equipment for detecting a potentially fraudulent call
US11706328B2 (en) 2018-10-26 2023-07-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and user equipment for detecting a potentially fraudulent call
CN110059889A (en) * 2019-03-28 2019-07-26 国家计算机网络与信息安全管理中心 Swindle calling sequence detection method based on unsupervised learning
CN110059889B (en) * 2019-03-28 2021-05-28 国家计算机网络与信息安全管理中心 Fraud call sequence detection method based on unsupervised learning
CN113727351A (en) * 2020-05-12 2021-11-30 中国移动通信集团广东有限公司 Communication fraud identification method and device and electronic equipment
CN113727351B (en) * 2020-05-12 2024-03-19 中国移动通信集团广东有限公司 Communication fraud identification method and device and electronic equipment
CN111800546A (en) * 2020-07-07 2020-10-20 中国工商银行股份有限公司 Method, device and system for constructing recognition model and recognizing and electronic equipment
CN112491864A (en) * 2020-11-23 2021-03-12 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting phishing deep victim user
CN112926990A (en) * 2021-03-25 2021-06-08 支付宝(杭州)信息技术有限公司 Method and device for fraud identification
CN113706176A (en) * 2021-09-02 2021-11-26 赵琦 Information anti-fraud processing method and service platform system combined with cloud computing
CN113706176B (en) * 2021-09-02 2022-08-19 江西裕民银行股份有限公司 Information anti-fraud processing method and service platform system combined with cloud computing

Also Published As

Publication number Publication date
CN108243049B (en) 2021-09-14

Similar Documents

Publication Publication Date Title
CN108243049A (en) Telecoms Fraud recognition methods and device
CN109600752B (en) Deep clustering fraud detection method and device
US10694026B2 (en) Systems and methods for early fraud detection
CN106791220B (en) Method and system for preventing telephone fraud
CN107197463A (en) A kind of detection method of telephone fraud, storage medium and electronic equipment
Becker et al. Fraud detection in telecommunications: History and lessons learned
CN104038648B (en) Method and device for recognizing crank calls
ES2844449T3 (en) Context-sensitive rule-based alerts for fraud monitoring
CN107819747B (en) Telecommunication fraud association analysis system and method based on communication event sequence
CN110910901A (en) Emotion recognition method and device, electronic equipment and readable storage medium
CN108696644A (en) Cooperate phone credit system
CN109168168B (en) Method for detecting international embezzlement
CN110493477A (en) Swindle number identification method, device, equipment and storage medium
CN108093405A (en) A kind of fraudulent call number analysis method and apparatus
CN107231494A (en) A kind of acquisition methods of user communication characteristic, storage medium and electronic equipment
CN110493476B (en) Detection method, device, server and storage medium
CN110381218A (en) A kind of method and device identifying telephone fraud clique
Qayyum et al. Fraudulent call detection for mobile networks
CN110139288B (en) Network communication method, device, system and recording medium
CN112925971A (en) Multi-source analysis-based fraud topic detection method and device
CN107623915A (en) A kind of safety protecting method, mobile terminal and the device with store function
CN110233938A (en) A kind of clique's fraudulent call recognition methods based on dubiety measurement
CN115659217A (en) Fraud recognition model training method and device, electronic equipment and storage medium
CN114257688A (en) Telephone fraud identification method and related device
CN114339639A (en) Call identification method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant