CN108243049A - Telecoms Fraud recognition methods and device - Google Patents
Telecoms Fraud recognition methods and device Download PDFInfo
- Publication number
- CN108243049A CN108243049A CN201611228452.0A CN201611228452A CN108243049A CN 108243049 A CN108243049 A CN 108243049A CN 201611228452 A CN201611228452 A CN 201611228452A CN 108243049 A CN108243049 A CN 108243049A
- Authority
- CN
- China
- Prior art keywords
- fraud
- usage log
- cheated
- telecoms
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/10—Scheduling measurement reports ; Arrangements for measurement reports
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention relates to a kind of Telecoms Fraud recognition methods and device, the method includes:Obtain the usage log of target UE UE;Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;The detection data is matched one by one with each fraud pattern stored in the Telecoms Fraud pattern base built in advance;If the successful match, the target UE is determined as potential to be spoofed UE;Described device includes the use of log acquisition unit, detection data determination unit, fraud pattern matching unit and potential is spoofed UE determination units.The Telecoms Fraud recognition methods of the present invention and device, the deficiency of existing Telecoms Fraud Prevention Technique scheme can be made up, the initiative and accuracy rate of fraudulent call identification are improved, shortens the time of fraudulent call identification, can be intervened in a short time for the potential UE that is spoofed.
Description
Technical field
The present invention relates to communication service technology field more particularly to a kind of Telecoms Fraud recognition methods and devices.
Background technology
Fraudulent call is very rampant now, has seriously affected the property safety and user experience of telecommunication user.
Existing identification malicious call mainly has two classes, and one kind is as this by mobile phone assistant, number is led in Internet company
The terminal software of sample by receiving the number of the spontaneous label of user, after the label information of a large number of users is recorded from the background, is established
Number mark database arrives all terminal notifying users in a manner that server issues.Also a kind of recognition methods is to pass through
Speech recognition technology, by identifying in doubtful call that critical voice semanteme whether occur identifies.
By said program it is found that existing fraudulent call Prevention Technique scheme there are following defects:Nonstandard calling number
Interception mode excessively roughly, easily accidentally intercepts part right number calling without evidence obtaining;Touch-tone monitoring is to newly-increased
The judgement of shortcode lacks method, and easy erroneous judgement is swindle number;It records to swindle number, needs many-sided evidence obtaining,
And matching is monitored in the progress of large area in real time, overhead is larger, as long as and swindle molecule and have changed voice messaging, you can around
This detection is crossed, it is difficult to keep accuracy rate;The calling of the user feedback world is allowed whether to be fraudulent call, obtained information reliability without
Method ensures, and it is slower to accumulate fraudulent call knowledge base speed.
Invention content
Telecoms Fraud is identified for existing Telecoms Fraud Prevention Technique scheme accuracy rate is low, recognition speed is slow
And equipment cost it is high the defects of, the present invention the following technical solutions are proposed:
For this purpose, one aspect of the present invention proposes a kind of Telecoms Fraud recognition methods, including:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one
Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
Optionally, the detection data determined according to the usage log for carrying out Telecoms Fraud identification, including:
Processing is filtered to the usage log, using the result of the filtration treatment as the detection data.
Optionally, the method further includes:
Usage log samples of the UE cheated during being cheated is obtained, and day is used according to during described cheated
Will sample determines multiple fraud event tags;
The multiple fraud event tag is associated according to the sequencing of time of origin, it is corresponding to determine
Fraud pattern;
According to Telecoms Fraud pattern base described in the fraud mode construction.
Optionally, the usage log sample for obtaining the UE cheated during being cheated, and cheated according to described
The usage log of period determined with the associated multiple fraud event tags of time sequencing, including:
According to usage log samples of the UE during non-cheated, to usage logs of the UE during being cheated
Sample is filtered processing.
Optionally, the method further includes:
The doubtful UE cheated is determined according to the communications records of Telecoms Fraud number;Wherein, the Telecoms Fraud number packet
Include the number in the Telecoms Fraud number blacklist of operator's grasp;
By in the doubtful UE cheated, the UE with dialing the police emergency number after the Telecoms Fraud number communication is considered as
The UE cheated.
Optionally, the method further includes:
When detection knows that the target UE performs one in the associated multiple fraud event tags of time sequencing
During a fraud event tag, the operation of the usage log for obtaining target UE UE is performed.
Optionally, the method further includes:
When detection knows that the target UE receives the short breath or phone of doubtful fraudulent party number, the acquisition mesh is performed
Mark the operation of the usage log of user equipment (UE).
Optionally, the usage log for obtaining target UE UE, including:
Obtain the usage log of the low time delay of the target UE.
On the other hand, the present invention also provides a kind of Telecoms Fraud identification device, including:
Usage log acquiring unit, for obtaining the usage log of target UE UE;
Detection data determination unit, for determining the testing number for carrying out Telecoms Fraud identification according to the usage log
According to;
Pattern matching unit is cheated, for will be stored in the detection data and the Telecoms Fraud pattern base that builds in advance
Each fraud pattern matched one by one;
It is potential to be spoofed UE determination units, in the successful match, the target UE to be determined as potential taken advantage of
Cheat UE.
Optionally, the detection data determination unit is specifically used for being filtered processing to the usage log, by institute
The result of filtration treatment is stated as the detection data.
The Telecoms Fraud recognition methods of the present invention and device, by obtaining the usage log of target UE UE, and root
The detection data for carrying out Telecoms Fraud identification is determined according to the usage log, and then by the detection data with building in advance
Telecoms Fraud pattern base in each fraud pattern for being stored matched one by one, in the successful match, by the mesh
Mark UE be determined as it is potential be spoofed UE, and then preset Telecoms Fraud early warning scheme is performed to the potential UE that is spoofed, can be with
The deficiency of existing Telecoms Fraud Prevention Technique scheme is made up, improves the initiative and accuracy rate of fraudulent call identification, shortens swindle
The time of phone identification, it can be intervened in a short time for the potential UE that is spoofed.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments, for those of ordinary skill in the art, without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the flow diagram of the Telecoms Fraud recognition methods of one embodiment of the invention;
Fig. 2 is the schematic diagram of the usage behavior daily record of one embodiment of the invention;
Fig. 3 is the schematic diagram of the fraud mode excavation result of one embodiment of the invention;
Fig. 4 is the structure diagram of the Telecoms Fraud identification device of one embodiment of the invention;
Fig. 5 is the structure diagram of the server for being used to implement Telecoms Fraud identification of one embodiment of the invention.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical solution in the embodiment of the present invention is explicitly described, it is clear that described embodiment be the present invention
Part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not having
All other embodiments obtained under the premise of creative work are made, shall fall within the protection scope of the present invention.
Fig. 1 is the flow diagram of the Telecoms Fraud recognition methods of one embodiment of the invention, as shown in Figure 1, this method
Including:
S1:Obtain the usage log of target UE UE;
Specifically, server obtains usage log (call, short message, the online of such as described target UE of the target UE
The daily records such as data);
It is understood that in order to ensure the promptness of Telecoms Fraud event intervention, the server may be used for example
The technological means such as flume, kafka or oracle golden gate obtain the usage log of the low time delay of the target UE.
S2:Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Specifically, it after the server obtains the usage log of the target UE, determines to use according to the usage log
In the detection data for carrying out Telecoms Fraud identification.
As a kind of optional embodiment of the present embodiment, the server can to the usage log of acquisition into
Row filtration treatment, to remove the invalid data in the usage log, and then according to determining the result of the filtration treatment
Detection data.
For example, (ratio is such as whether often dial the world according to the routine use preference of the target UE for the server
Phone, long-distance call, the target UE frequent contact etc.) information, processing is filtered to the usage log of acquisition,
Remove wherein with by the unrelated data of fraud, using usage behavior data remaining in the usage log as the testing number
According to.
As a kind of optional embodiment of the present embodiment, the server can be by the usage log of the target UE
Evented processing is carried out, that is, determines the event tag of every usage behavior in the usage log, and the multiple events that will be determined
Label is associated with time of origin sequencing, using associated multiple event tags as the detection data.
For example, each usage behavior can be represented in usage log respectively with behavior vector a1, a2, a3 ... an
Event tag, every usage behavior correspond to a behavior vector.For example, a1 is whether to meet the label of event 1 (call), a2 is
Whether label of event 2 (converse caller be international number) etc. is met.
S3:By each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds carry out by
One matching;
Specifically, the server will be stored each in the detection data and the Telecoms Fraud pattern base that builds in advance
Fraud pattern is matched one by one.
For example, the server by the detection data it is corresponding it is multiple with the associated event tag of time sequencing with
Each fraud pattern stored in the Telecoms Fraud pattern base (including predetermined with time sequencing closed by the fraud pattern
Multiple event tags of connection) it is matched one by one.
S4:If the successful match, the target UE is determined as potential to be spoofed UE.
Specifically, a certain fraud pattern of the server in the detection data and the Telecoms Fraud pattern base
During with success, the target UE is determined as potential to be spoofed UE.
Further, as a kind of optional embodiment of the present embodiment, the method can also include:
According to pre-set Telecoms Fraud early warning scheme, intervention is performed to the potential UE that is spoofed, such as according to difference
Scene demand sends short messages and reminds user, be pushed to customer service or notice public security intervene etc..
The Telecoms Fraud recognition methods of the present embodiment, by obtaining the usage log of target UE UE, and according to institute
It states usage log and determines detection data for carrying out Telecoms Fraud identification, and then by the detection data and the electricity that builds in advance
Each fraud pattern for being stored is matched one by one in letter fraud pattern base, in the successful match, by the target UE
Be determined as it is potential be spoofed UE, and then preset Telecoms Fraud early warning scheme is performed to the potential UE that is spoofed, can make up
The deficiency of existing Telecoms Fraud Prevention Technique scheme improves the initiative and accuracy rate of fraudulent call identification, shortens fraudulent call
The time of identification can be intervened for the potential UE that is spoofed in a short time.
Further, as a kind of optional embodiment of above method embodiment, before step S3, the method is also
It can include building the Telecoms Fraud pattern base;
Specifically, usage log samples of the UE that the server acquisition is cheated during being cheated, and according to institute
It states the usage log sample during being cheated and determines multiple fraud event tags, then by the multiple fraud event mark
Label are associated according to the sequencing of time of origin, to determine corresponding fraud pattern, and then according to the fraud pattern structure
Build the Telecoms Fraud pattern base.
Wherein, the collection process of usage log samples of the UE cheated during being cheated includes:
The doubtful UE cheated is determined according to the communications records of Telecoms Fraud number;Wherein, the Telecoms Fraud number packet
Include the number in the Telecoms Fraud number blacklist of operator's grasp;
By in the doubtful UE cheated, the UE with dialing the police emergency number after the Telecoms Fraud number communication is considered as
The UE cheated.
For example, the Telecoms Fraud number blacklist that the server is grasped according to operator, is searched from database
In the blacklist swindle number calling record, with determine the doubtful UE cheated, and then will wherein dial later 110 into
The user of row alarm determines the UE cheated.
It is understood that the determining UE cheated is more, be more conducive to the model instruction of the Telecoms Fraud pattern base
Practice.
Further, the server obtained from call, short message, dic database described in the UE that is cheated cheated
The log recording (or the merit data after desensitization are obtained from the police) of period, such as conversation object number feature, the duration of call, silver
Row short message, Internetbank app such as use at the record etc..
As a kind of optional embodiment of the present embodiment, the server is being taken advantage of except the UE cheated described in acquisition
Outside usage log during swindleness, its usage log during non-cheated can also be obtained, with the UE cheated described in judgement
Daily behavior preference, than such as whether have dial long-distance call, the call of overseas call custom, user in itself relationship cycle (often
With contact person) etc. information, with according to it is described it is non-cheated during usage log to the usage log sample during described cheated
Originally processing is filtered, and then the usage log after filtration treatment is subjected to evented processing.
For example, the event mark of each usage behavior daily record can be represented respectively with behavior vector a1, a2, a3 ... an
Label, every usage behavior correspond to a behavior vector.
For example, a1 is whether to meet the label of event 1 (talk business);Whether a2 is meets (the i.e. call master of event 2
Cry as international number) label etc.;A3 is whether call caller is user in relationship cycle;Wherein, the relationship cycle is determining
Rule includes:By before in preset time period (such as upper two calendar months), converse sum and duration of call ranking 30, (quantity can
To be set according to actual conditions) UE determine the relationship cycle (frequent contact group) of the UE, if current talking is not described
In relationship cycle, then a3=0;Otherwise a3=1;A4 was the duration of call less than 10 seconds;A5 was the duration of call more than 800 seconds;A6 is short
Letter receives;A7 is that the sender of the short message received is the officials such as bank number;A8 is logged in for Internetbank APP;Whether a9 has for user
Toll message custom is (by calculating the upper bimestrial toll message index k=toll messages number of user/total talk times, such as k
>0.05 has a9 labels, otherwise without a9 labels);Whether a10 has international call custom (if the Shang Lianggeyue worlds are by 3 for user
Or more be then considered as and have;Otherwise it is considered as nothing) etc..
It should be noted that the particular content and quantity of above-mentioned event tag can be chosen according to actual conditions,
The present invention is to this without limiting.
Remove wherein unrelated with by fraud behavior vector (such as the vector that call calling party is user in relationship cycle,
That is a3 is 1 vector;Or behavior vector of the duration of call less than 10 seconds, i.e. a4 is 1 vector) after, it is cheated described
UE forms fraud matrix during being cheated with by the related behavior vector of fraud.
Further, after obtaining a certain amount of fraud matrix, it may be determined that each behavior vector is each described
The probability occurred in fraud matrix, and select the wherein highest M row vector A of probability1, A2…AM, with determine this M to
The maximum probability occurred in which order is measured, records this sequence, to determine corresponding fraud pattern.
It is understood that there is the M behavior according to the sequence of above-mentioned record in the usage log as the target UE
During one or more of vector, it is determined that the target UE is to be potential by fraud UE.
For example, Fig. 2 is the schematic diagram of the usage behavior daily record of one embodiment of the invention, as shown in Fig. 2, described make
Subscriber Number (to prevent information leakage, covering in portion numbers) is classified as with the first of user behaviors log, second is classified as timestamp, the
Three are classified as the quantity that user this daily record (event) is mapped to label, and the 4th row start the behavior label for user.
Specifically, 0 is filled out per the blank space of the behavior label of a line (corresponding a daily record), has and 1 is filled out at event can determine
Behavior vector described in this daily record.
For example, if the event of definition A0 is the overseas call call opened with 00;C is and stranger converses;B3 be and
The duration of call was more than 800 seconds, then first daily record represents in Fig. 2:Current UE starts at 3832686 this time point and 00
Strange number call and more than 800 seconds.
Further, when determine it is a certain number of it is above-mentioned by fraud UE usage log data after, you can pass through machine
Learning algorithm refines fraud pattern.
It is understood that before fraud pattern is refined, event need to be filtered, to remove invalid event therein
(event of minimum support support is unsatisfactory for, for example, 0.5), filters out the excavation that notable event carries out fraud pattern,
And then fraud pattern is determined by association in time algorithm, Fig. 3 shows the fraud mode excavation result of one embodiment of the invention
Schematic diagram.
Further, as a kind of optional embodiment of above method embodiment, the method can also include:
When detection knows that the target UE performs one in the associated multiple fraud event tags of time sequencing
During a fraud event tag, the operation of the usage log for obtaining target UE UE is performed;
Specifically, the server can be detected only when knowing that the target UE is connected to international strange phone, just acquisition
Daily record data in this daily record data and preset quantity or preset time period later;Alternatively, it is only connect in the target UE
During to stranger's short message, the daily record data in this daily record data and preset quantity or preset time period later is just acquired.
Further, as the optional embodiment of another kind of above method embodiment, the method can also include:
When detection knows that the target UE receives the short breath or phone of doubtful fraudulent party number, the acquisition mesh is performed
Mark the operation of the usage log of user equipment (UE).
Specifically, the server can know that the target UE receives the short message of doubtful fraudulent party number in detection
Or during phone, the daily record data in this daily record data and preset quantity or preset time period later is just acquired.
It should be noted that fraud phone/short message identification that operator uses at present is low with the accuracy of hold-up interception method,
The mode intercepted to all doubtful fraud numbers is excessively dogmatic.
Therefore, on the basis of existing scheme, the present embodiment certain numbers be confirmed as it is doubtful fraud number when, for
The corelation behaviour record of these numbers receives the subsequent daily record data of user and is analyzed.If it during subsequent analysis, receives this and doubts
It is confirmed as being spoofed UE like the UE of fraud number information or incoming call, then can confirms that the doubtful fraud number is really fraud number
Code.
It is understood that just performed only when meeting above-mentioned trigger condition obtain the usage log of the target UE can be with
The calculation amount of data processing is substantially reduced, improves data-handling efficiency.
The Telecoms Fraud recognition methods of the present embodiment compensates for the deficiency of existing fraudulent call Prevention Technique scheme, passes through
The fraud pattern of determining fraudulent call and the potential usage behavior by fraud UE are subjected to match cognization, improve swindle
The initiative and accuracy rate of phone identification shorten the reaction time of fraudulent call identification, can be in a short time for potential
UE is spoofed to be intervened.
Fig. 4 is the structure diagram of the Telecoms Fraud identification device of one embodiment of the invention, as shown in figure 4, the device
It includes the use of log acquisition unit 21, detection data determination unit 22, fraud pattern matching unit 23 and potential is spoofed UE
Determination unit 24, wherein:
Usage log acquiring unit 21 is used to obtain the usage log of target UE UE;
Detection data determination unit 22 is used to determine the detection for carrying out Telecoms Fraud identification according to the usage log
Data;
Fraud pattern matching unit 23 is used to be deposited in the detection data and the Telecoms Fraud pattern base that builds in advance
Each fraud pattern of storage is matched one by one;
It is potential to be spoofed UE determination units 24 in the successful match, the target UE to be determined as potential taken advantage of
Cheat UE.
Specifically, the process of the Telecoms Fraud identification device progress Telecoms Fraud identification of the present embodiment includes:Usage log
Acquiring unit 21 obtains the usage log of target UE UE;Detection data determination unit 22 is determined according to the usage log
For carrying out the detection data of Telecoms Fraud identification;The electricity that fraud pattern matching unit 23 is built by the detection data and in advance
Each fraud pattern stored in letter fraud pattern base is matched one by one;The potential UE determination units 24 that are spoofed are in the matching
During success, the target UE is determined as potential to be spoofed UE.
Further, as a kind of optionally embodiment of above device embodiment, the detection data determination unit
22 can also be specifically used for being filtered processing to the usage log, using the result of the filtration treatment as the detection
Data.
Telecoms Fraud identification device described in the present embodiment can be used for performing above-mentioned Telecoms Fraud recognition methods embodiment,
Its principle is similar with technique effect, and details are not described herein again.
It should be noted that for device embodiment, since it is basicly similar to embodiment of the method, so description
Fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
Structure diagrams of the Fig. 5 for the server of the realization Telecoms Fraud recognition methods of one embodiment of the invention, such as Fig. 5
Shown, which includes:Processor (processor) 31, bus 32 and memory (memory) 33, wherein, processor
(processor) 31 and memory 33 mutual communication is completed by bus 32.Processor 31 can be called in memory 33
Program instruction, to perform following method:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one
Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine performs, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one
Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
The present embodiment provides a kind of non-transient computer readable storage medium storing program for executing, the non-transient computer readable storage medium storing program for executing
Computer instruction is stored, the computer instruction makes the computer perform the method that above-mentioned each method embodiment is provided, example
Such as include:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
Each fraud pattern stored in the detection data and the Telecoms Fraud pattern base that in advance builds is carried out one by one
Matching;
If the successful match, the target UE is determined as potential to be spoofed UE.
By said program it is found that Telecoms Fraud recognition methods and the device of the present invention, swindleness is answered according to potential by fraud UE
It deceives a series of communication behaviors (including phone, short message, internet behavior) after phone to be compared with its behavior usually, judgement is
No is abnormal behaviour, significant to preventing user that financial transactions behavior occurs so as to judge whether the user is deceived;It obtains
The usage log data for having the characteristics that low time delay can judge which user of the whole network may swindled more in time, ensure
The validity of intervention stratege embodiment;Meanwhile the behaviour for obtaining usage log data is just performed only when meeting above-mentioned trigger condition
Make, the calculation amount of data processing can be further reduced, promote the recognition speed of fraud.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, and aforementioned program can be stored in a computer read/write memory medium, the program
When being executed, step including the steps of the foregoing method embodiments is performed;And aforementioned storage medium includes:ROM, RAM, magnetic disc or light
The various media that can store program code such as disk.
Embodiments described above is only schematical, wherein the unit illustrated as separating component can be
Or may not be physically separate, the component shown as unit may or may not be physical unit, i.e.,
A place can be located at or can also be distributed in multiple network element.It can select according to the actual needs therein
Some or all of module realizes the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying creative labor
In the case of dynamic, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It is realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on such understanding, on
Technical solution is stated substantially in other words to embody the part that the prior art contributes in the form of software product, it should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including several fingers
It enables and (can be personal computer, server or the network equipment etc.) so that computer equipment is used to perform each implementation
Method described in certain parts of example or embodiment.
Finally it should be noted that:The above various embodiments is only to illustrate the technical solution of the embodiment of the present invention rather than right
It is limited;Although the embodiment of the present invention is described in detail with reference to foregoing embodiments, the ordinary skill of this field
Personnel should understand that:It can still modify to the technical solution recorded in foregoing embodiments or to which part
Or all technical features carries out equivalent replacement;And these modifications or replacement, it does not separate the essence of the corresponding technical solution
The range of each embodiment technical solution of the embodiment of the present invention.
Claims (10)
1. a kind of Telecoms Fraud recognition methods, which is characterized in that including:
Obtain the usage log of target UE UE;
Detection data for carrying out Telecoms Fraud identification is determined according to the usage log;
The detection data is matched one by one with each fraud pattern stored in the Telecoms Fraud pattern base built in advance;
If the successful match, the target UE is determined as potential to be spoofed UE.
2. according to the method described in claim 1, it is characterized in that, described determine to carry out telecommunications according to the usage log
The detection data of identification is cheated, including:
Processing is filtered to the usage log, using the result of the filtration treatment as the detection data.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
Usage log samples of the UE cheated during being cheated is obtained, and according to the usage log sample during described cheated
This determines multiple fraud event tags;
The multiple fraud event tag is associated according to the sequencing of time of origin, to determine corresponding fraud
Pattern;
According to Telecoms Fraud pattern base described in the fraud mode construction.
4. the according to the method described in claim 3, it is characterized in that, use for obtaining the UE cheated during being cheated
Daily record sample, and determined according to the usage log during described cheated with the associated multiple fraud event marks of time sequencing
Label, including:
According to usage log samples of the UE during non-cheated, to usage log samples of the UE during being cheated
It is filtered processing.
5. according to the method described in claim 3, it is characterized in that, the method further includes:
The doubtful UE cheated is determined according to the communications records of Telecoms Fraud number;Wherein, the Telecoms Fraud number includes fortune
Seek the number in the Telecoms Fraud number blacklist that quotient grasps;
By in the doubtful UE cheated, the UE with dialing the police emergency number after the Telecoms Fraud number communication is considered as described
The UE cheated.
6. according to claim 3-5 any one of them methods, which is characterized in that the method further includes:
When detection knows that the target UE performs one in the associated multiple fraud event tags of time sequencing and takes advantage of
During swindleness behavior event tag, the operation of the usage log for obtaining target UE UE is performed.
7. according to claim 1-5 any one of them methods, which is characterized in that the method further includes:
When detection knows that the target UE receives the short breath or phone of doubtful fraudulent party number, perform the acquisition target and use
The operation of the usage log of family equipment UE.
8. according to claim 1-5 any one of them methods, which is characterized in that the use for obtaining target UE UE
Daily record, including:
Obtain the usage log of the low time delay of the target UE.
9. a kind of Telecoms Fraud identification device, which is characterized in that including:
Usage log acquiring unit, for obtaining the usage log of target UE UE;
Detection data determination unit, for determining the detection data for carrying out Telecoms Fraud identification according to the usage log;
Pattern matching unit is cheated, it is each for will be stored in the detection data and the Telecoms Fraud pattern base that builds in advance
Fraud pattern is matched one by one;
It is potential to be spoofed UE determination units, in the successful match, the target UE is determined as potential to be spoofed UE.
10. device according to claim 9, which is characterized in that the detection data determination unit is specifically used for described
Usage log is filtered processing, using the result of the filtration treatment as the detection data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611228452.0A CN108243049B (en) | 2016-12-27 | 2016-12-27 | Telecommunication fraud identification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611228452.0A CN108243049B (en) | 2016-12-27 | 2016-12-27 | Telecommunication fraud identification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108243049A true CN108243049A (en) | 2018-07-03 |
CN108243049B CN108243049B (en) | 2021-09-14 |
Family
ID=62702730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611228452.0A Active CN108243049B (en) | 2016-12-27 | 2016-12-27 | Telecommunication fraud identification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108243049B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109284371A (en) * | 2018-09-03 | 2019-01-29 | 平安证券股份有限公司 | Anti- fraud method, electronic device and computer readable storage medium |
CN110059889A (en) * | 2019-03-28 | 2019-07-26 | 国家计算机网络与信息安全管理中心 | Swindle calling sequence detection method based on unsupervised learning |
CN110213448A (en) * | 2018-09-13 | 2019-09-06 | 腾讯科技(深圳)有限公司 | Malice number identification method, device, storage medium and computer equipment |
CN110839216A (en) * | 2018-08-17 | 2020-02-25 | 中国移动通信集团广东有限公司 | Method and device for identifying communication information fraud |
WO2020085989A1 (en) * | 2018-10-26 | 2020-04-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and user equipment for detecting a potentially fraudulent call |
CN111800546A (en) * | 2020-07-07 | 2020-10-20 | 中国工商银行股份有限公司 | Method, device and system for constructing recognition model and recognizing and electronic equipment |
CN112491864A (en) * | 2020-11-23 | 2021-03-12 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and medium for detecting phishing deep victim user |
CN112926990A (en) * | 2021-03-25 | 2021-06-08 | 支付宝(杭州)信息技术有限公司 | Method and device for fraud identification |
CN113706176A (en) * | 2021-09-02 | 2021-11-26 | 赵琦 | Information anti-fraud processing method and service platform system combined with cloud computing |
CN113727351A (en) * | 2020-05-12 | 2021-11-30 | 中国移动通信集团广东有限公司 | Communication fraud identification method and device and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102567788A (en) * | 2010-12-28 | 2012-07-11 | 中国移动通信集团重庆有限公司 | Real-time identification system and real-time identification method for fraudulent practice in communication services |
CN102790752A (en) * | 2011-05-20 | 2012-11-21 | 盛乐信息技术(上海)有限公司 | Fraud information filtering system and method on basis of feature identification |
CN104244216A (en) * | 2014-09-29 | 2014-12-24 | 中国移动通信集团浙江有限公司 | Method and system for intercepting fraud phones in real time during calling |
US20160247158A1 (en) * | 2015-02-20 | 2016-08-25 | Kaspersky Lab Zao | System and method for detecting fraudulent online transactions |
-
2016
- 2016-12-27 CN CN201611228452.0A patent/CN108243049B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102567788A (en) * | 2010-12-28 | 2012-07-11 | 中国移动通信集团重庆有限公司 | Real-time identification system and real-time identification method for fraudulent practice in communication services |
CN102790752A (en) * | 2011-05-20 | 2012-11-21 | 盛乐信息技术(上海)有限公司 | Fraud information filtering system and method on basis of feature identification |
CN104244216A (en) * | 2014-09-29 | 2014-12-24 | 中国移动通信集团浙江有限公司 | Method and system for intercepting fraud phones in real time during calling |
US20160247158A1 (en) * | 2015-02-20 | 2016-08-25 | Kaspersky Lab Zao | System and method for detecting fraudulent online transactions |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110839216B (en) * | 2018-08-17 | 2021-09-21 | 中国移动通信集团广东有限公司 | Method and device for identifying communication information fraud |
CN110839216A (en) * | 2018-08-17 | 2020-02-25 | 中国移动通信集团广东有限公司 | Method and device for identifying communication information fraud |
CN109284371B (en) * | 2018-09-03 | 2023-04-18 | 平安证券股份有限公司 | Anti-fraud method, electronic device, and computer-readable storage medium |
CN109284371A (en) * | 2018-09-03 | 2019-01-29 | 平安证券股份有限公司 | Anti- fraud method, electronic device and computer readable storage medium |
CN110213448A (en) * | 2018-09-13 | 2019-09-06 | 腾讯科技(深圳)有限公司 | Malice number identification method, device, storage medium and computer equipment |
CN110213448B (en) * | 2018-09-13 | 2021-08-24 | 腾讯科技(深圳)有限公司 | Malicious number identification method and device, storage medium and computer equipment |
WO2020085989A1 (en) * | 2018-10-26 | 2020-04-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and user equipment for detecting a potentially fraudulent call |
US11706328B2 (en) | 2018-10-26 | 2023-07-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and user equipment for detecting a potentially fraudulent call |
CN110059889A (en) * | 2019-03-28 | 2019-07-26 | 国家计算机网络与信息安全管理中心 | Swindle calling sequence detection method based on unsupervised learning |
CN110059889B (en) * | 2019-03-28 | 2021-05-28 | 国家计算机网络与信息安全管理中心 | Fraud call sequence detection method based on unsupervised learning |
CN113727351A (en) * | 2020-05-12 | 2021-11-30 | 中国移动通信集团广东有限公司 | Communication fraud identification method and device and electronic equipment |
CN113727351B (en) * | 2020-05-12 | 2024-03-19 | 中国移动通信集团广东有限公司 | Communication fraud identification method and device and electronic equipment |
CN111800546A (en) * | 2020-07-07 | 2020-10-20 | 中国工商银行股份有限公司 | Method, device and system for constructing recognition model and recognizing and electronic equipment |
CN112491864A (en) * | 2020-11-23 | 2021-03-12 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and medium for detecting phishing deep victim user |
CN112926990A (en) * | 2021-03-25 | 2021-06-08 | 支付宝(杭州)信息技术有限公司 | Method and device for fraud identification |
CN113706176A (en) * | 2021-09-02 | 2021-11-26 | 赵琦 | Information anti-fraud processing method and service platform system combined with cloud computing |
CN113706176B (en) * | 2021-09-02 | 2022-08-19 | 江西裕民银行股份有限公司 | Information anti-fraud processing method and service platform system combined with cloud computing |
Also Published As
Publication number | Publication date |
---|---|
CN108243049B (en) | 2021-09-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108243049A (en) | Telecoms Fraud recognition methods and device | |
CN109600752B (en) | Deep clustering fraud detection method and device | |
US10694026B2 (en) | Systems and methods for early fraud detection | |
CN106791220B (en) | Method and system for preventing telephone fraud | |
CN107197463A (en) | A kind of detection method of telephone fraud, storage medium and electronic equipment | |
Becker et al. | Fraud detection in telecommunications: History and lessons learned | |
CN104038648B (en) | Method and device for recognizing crank calls | |
ES2844449T3 (en) | Context-sensitive rule-based alerts for fraud monitoring | |
CN107819747B (en) | Telecommunication fraud association analysis system and method based on communication event sequence | |
CN110910901A (en) | Emotion recognition method and device, electronic equipment and readable storage medium | |
CN108696644A (en) | Cooperate phone credit system | |
CN109168168B (en) | Method for detecting international embezzlement | |
CN110493477A (en) | Swindle number identification method, device, equipment and storage medium | |
CN108093405A (en) | A kind of fraudulent call number analysis method and apparatus | |
CN107231494A (en) | A kind of acquisition methods of user communication characteristic, storage medium and electronic equipment | |
CN110493476B (en) | Detection method, device, server and storage medium | |
CN110381218A (en) | A kind of method and device identifying telephone fraud clique | |
Qayyum et al. | Fraudulent call detection for mobile networks | |
CN110139288B (en) | Network communication method, device, system and recording medium | |
CN112925971A (en) | Multi-source analysis-based fraud topic detection method and device | |
CN107623915A (en) | A kind of safety protecting method, mobile terminal and the device with store function | |
CN110233938A (en) | A kind of clique's fraudulent call recognition methods based on dubiety measurement | |
CN115659217A (en) | Fraud recognition model training method and device, electronic equipment and storage medium | |
CN114257688A (en) | Telephone fraud identification method and related device | |
CN114339639A (en) | Call identification method and device, storage medium and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |