CN108696626B - Illegal information processing method and device - Google Patents

Illegal information processing method and device Download PDF

Info

Publication number
CN108696626B
CN108696626B CN201710237868.7A CN201710237868A CN108696626B CN 108696626 B CN108696626 B CN 108696626B CN 201710237868 A CN201710237868 A CN 201710237868A CN 108696626 B CN108696626 B CN 108696626B
Authority
CN
China
Prior art keywords
illegal
event
rule
called terminal
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710237868.7A
Other languages
Chinese (zh)
Other versions
CN108696626A (en
Inventor
黄庆荣
彭家华
谢志崇
郑志欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Fujian Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Fujian Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Fujian Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201710237868.7A priority Critical patent/CN108696626B/en
Publication of CN108696626A publication Critical patent/CN108696626A/en
Application granted granted Critical
Publication of CN108696626B publication Critical patent/CN108696626B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/663Preventing unauthorised calls to a telephone set
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6027Fraud preventions

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an illegal information processing method and device. The method comprises the following steps: establishing a number identification model by adopting a logistic regression algorithm; training a number recognition model by using sample data to obtain the characteristic parameters of the illegal number; capturing a call event from a calling terminal in real time; mining a calling event by using the trained number recognition model, and recognizing the number of the calling terminal according to the characteristic parameters of the illegal number; and when the number of the calling terminal is an illegal number, intercepting a signaling data stream of the calling terminal and/or sending a warning prompt to the called terminal. Therefore, the illegal number can be actively and accurately identified through the number identification model, the reliability of subsequent interception of illegal information and sending of warning reminding can be improved on the basis of accurate identification of the illegal number, and the user experience is improved.

Description

Illegal information processing method and device
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method and an apparatus for processing illegal information.
Background
With the development of science and technology and the increasing living standard of people, the telecommunication industry develops rapidly. At present, the popularity of communication tools such as mobile phones and the like is continuously increased, and the activity of illegal molecules for distributing illegal information through the communication tools is rampant day by day. For example, handset users with poor fraud awareness are defrauded by handsets. The fraud measures are more and more, the people can not defend the fraud measures, the user suffers great property loss, the normal social order is seriously disturbed, and the social reverberation is very strong.
At present, by listing fraudulent telephone numbers in an interception number table, when the call connection of the telephone numbers in the interception number table is monitored, fraudulent calls are intercepted, or the fraudulent calls are prevented in a mode of sending information reminding. However, the source of the fraudulent telephone numbers within the intercepted number list is unreliable and the number of fraudulent telephone numbers is also very limited. With the rapid development of internet phone technology, the speed and the mode of changing the fraudulent phone number become faster and more complex. The existing method for preventing telephone fraud has the problems of interception omission, wrong interception and the like.
How to improve the accuracy of processing illegal information becomes an urgent problem to be solved in the industry.
Disclosure of Invention
In order to improve the accuracy of processing illegal information and improve user experience, the embodiment of the invention provides an illegal information processing method and device.
In a first aspect, a method for processing illegal information is provided. The method comprises the following steps:
establishing a number identification model by adopting a logistic regression algorithm;
training a number recognition model by using sample data to obtain the characteristic parameters of the illegal number;
capturing a call event from a calling terminal in real time;
mining a calling event by using the trained number recognition model, and recognizing the number of the calling terminal according to the characteristic parameters of the illegal number;
and when the number of the calling terminal is an illegal number, intercepting a signaling data stream of the calling terminal and/or sending a warning prompt to the called terminal.
In a second aspect, an apparatus for processing illegal information is provided. The device includes:
the model establishing unit is used for establishing a number identification model by adopting a logistic regression algorithm;
the parameter obtaining unit is used for obtaining the characteristic parameters of the illegal number by utilizing the sample data training number identification model;
the event capturing unit is used for capturing a calling event from the calling terminal in real time;
the number recognition unit is used for mining a calling event by using the trained number recognition model and recognizing the number of the calling terminal according to the characteristic parameters of the illegal number;
and the information processing unit is used for intercepting the signaling data stream of the calling terminal and/or sending a warning prompt to the called terminal when the number of the calling terminal is an illegal number.
Therefore, the number recognition model is established through the logistic regression algorithm, and the effectiveness of model recognition and the usability of the recognition result can be improved; training a number recognition model by using sample data to obtain the characteristic parameters of the illegal number; the illegal number can be actively and accurately identified according to the characteristic parameters of the illegal number; on the basis of accurately identifying the illegal number, the reliability of subsequently intercepting illegal information and sending warning reminding can be improved, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating an illegal information processing method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating an illegal information processing method according to another embodiment of the present invention.
Fig. 3 is a flowchart illustrating an illegal information processing method according to another embodiment of the present invention.
Fig. 4 is a flow chart illustrating a process of capturing a call event according to an embodiment of the invention.
FIG. 5 is a flow diagram of a rules engine processing information according to an embodiment of the invention.
Fig. 6 is a schematic structural diagram of an illegal information processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 is a flowchart illustrating an illegal information processing method according to an embodiment of the present invention.
As shown in fig. 1, the method comprises the steps of: s110, establishing a number identification model by adopting a logistic regression algorithm; s120, training a number recognition model by using sample data to obtain the characteristic parameters of the illegal number; s130, capturing a calling event from the calling terminal in real time; s140, mining a calling event by using the trained number recognition model, and recognizing the number of the calling terminal according to the feature parameters of the illegal number; s150, when the number of the calling terminal is an illegal number, intercepting the signaling data stream of the calling terminal and/or sending a warning prompt to the called terminal.
In step S110, the present embodiment may rely on a big data platform, and based on mass data, use a logistic regression algorithm to establish a number recognition model for comprehensively, accurately and effectively recognizing illegal numbers (e.g. phone numbers of fraud molecules). Because the stability of the decision tree model is not enough, the applicability of the neural network model is not strong (the interpretability is poor), and the method for establishing the number recognition model by adopting the logistic regression algorithm has the advantages of stronger effectiveness and result usability compared with the classification models of the decision tree and the neural network.
In step S120, the present embodiment may employ a logistic regression algorithm to model, train the sample data, and output the model. For example, the number recognition model can be trained by randomly extracting data of, for example, 5998 non-fraud users and 100 malicious fraud users from positive and negative fraud number sample data provided by the customer service center. And (4) combining the existing label system to carry out characteristic variable screening. Through statistical analysis of 1256 labels of the label platform, important characteristic indexes (characteristic parameters) of suspected fraud numbers are obtained through scatter diagram analysis and correlation analysis of each attribute and whether fraud numbers exist.
The number recognition model can be modeled by logistic regression based on R language, so as to ensure that the model can realize the functions of scheduling algorithm and monthly iterative updating (self-learning). The embodiment can deploy the model on the terminal server, perform model scheduling at regular time, train the model according to the latest data cycle, and transmit the parameter result back to the database.
The LOGISTIC regression model is a two-classification variable LOGISTIC regression model, and the corresponding variable is a two-classification variable such as whether a class is lost or not (such as whether a user is lost or not, whether a service is purchased or not and the like). The continuous probability transfer function of the model may be the logic function as follows:
Figure BDA0001268146850000041
wherein X may be a binary variable.
In this embodiment, the number recognition model may be:
Figure BDA0001268146850000042
wherein p is the recognition probability, p/(1+ p) is the probability occurrence ratio, b0Is a constant, n is a natural number, bnCharacteristic parameter, x, for illegal numbersnThe correlation coefficient of the characteristic parameter of the illegal number. Wherein, the characteristic parameters and the correlation coefficients can be shown in the following table (1):
characteristic parameter Correlation coefficient
User age -0.1223689
Whether high risk area 0.11176124
Whether number 170/171/400 0.11134476
Primary call type ratio 0.110641
Terminal type -0.0975582
Ratio of calling to called times -0.0954917
Calling party to party ratio 0.08629615
Number of short message sending strips 0.08248682
Short message conversation object ratio 0.08239345
Number of roaming base stations 0.08238249
Whether or not to prefer the customer 0.07871442
Amount of consumption 0.07710572
Watch (1)
For example, the formula for the number recognition model calculation may be as follows:
1/(1+ exp ((-6.782e-01+ subscriber network age + 1.187e-02+ high risk area + 3.963e-03+ No. 170/171/400 head + 7.043e-06+ main call type ratio + 2.178e-03+ number of main calls to-1.698 e-01+ (calling call object ratio + short message call object ratio). + -. 1.613e-01+ number of short message sending strips ratio 5.728e-01+ amount of consumption 3.656e-07+ number of roaming base stations-1.119 e +00+ terminal type + 1.342e-01+ whether preference is given to-1.872 e-01+ main call type ratio 3.388 e-03). -1)).
For example, when the calling number is 170, 171, 400, the possibility that the number is a fraud number is high, and therefore, the correlation coefficient reaches 0.11134476; for another example, a calling number frequently calls a called number, but is rarely called by other numbers, and the possibility that the number is a fraud number is high; also for example, the number of base stations roaming by a calling number is very high, which also indicates that the possibility of such a number being a fraud number is also high.
Capturing a call event from the calling terminal in real time in step S130 may include the following sub-steps:
s131, the call event rule is loaded.
The rule can be flexibly set according to actual needs.
S132, analyzing the call event rule to obtain a list of call events to be captured and parameters.
According to the list of the call events to be captured and the parameters, which call events need to be restocked can be accurately indicated.
S133, receiving a signaling data stream of the called terminal.
S134, capturing the call event in the signaling data stream based on the list of the call event to be captured and the parameters.
Therefore, the call event can be automatically, timely, accurately and massively captured through the event rule, and data support is provided for the subsequent identification process.
In step S140, the number recognition model may be periodically trained on a large data platform, and as the sample data and the training times increase, the accuracy of the number recognition model in recognizing the illegal number may be continuously improved.
In step S150, when the number identification model identifies that the calling terminal is an illegal number, the embodiment may intercept the signaling data stream of the calling terminal and/or send a warning alert to the called terminal in time.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone.
On one hand, the embodiment can prevent the illegal information of the calling terminal from being transmitted to the called terminal by intercepting the signaling data stream of the calling terminal, thereby preventing the user from being disturbed by the illegal information and improving the user experience. On the other hand, the embodiment can send a warning prompt, such as a short message prompt or a voice prompt, to the called terminal to prompt the user, so as to prevent the interception of the legal communication caused by the interception error.
Therefore, the number recognition model is established through the logistic regression algorithm, and the effectiveness of model recognition and the usability of the recognition result can be improved; training a number recognition model by using sample data to obtain the characteristic parameters of the illegal number; the illegal number can be actively and accurately identified according to the characteristic parameters of the illegal number; on the basis of the step C, the reliability of subsequent interception of illegal information and sending of warning reminding can be improved, and the user experience is improved.
As a modified embodiment of the embodiment shown in fig. 1, the following steps can be added to the embodiment shown in fig. 1: adding the characteristic parameters of the identified illegal number to the sample data to generate updated sample data; and training the number recognition model by using the updated sample data to acquire the updated characteristic parameters of the illegal number. The above-mentioned adding step may be added after step S140 (identifying the number of the calling terminal according to the feature parameter of the illegal number).
Therefore, the number recognition model can be circularly trained by using mass data based on a big data platform, the accuracy of recognizing the illegal number by the number recognition model can be continuously improved along with the increase of sample data and training times, the reliability of subsequently intercepting illegal information and sending warning prompts can be improved on the basis of accurately recognizing the illegal number, and the user experience is improved.
As another modified embodiment of the embodiment shown in fig. 1, the following steps may be added to the above embodiments: judging whether the called terminal has illegal attack characteristics (for example, the location of the terminal is an information blocking area, and the owner of the terminal is a crowd with weak legal consciousness); when the called terminal has the illegal attack characteristic, judging whether the called number of the called terminal with the illegal attack characteristic conforms to the illegal attack prevention push rule or not; and pushing the illegal attack prevention service to the called terminal which accords with the illegal attack prevention pushing rule. For example, the push rules may include: when the related data (e.g., age, region, hobby, work, etc.) of the called terminal is matched with the reference data, the illegal attack prevention service is pushed to the called terminal successfully matched. This part of the content will also be explained further below.
Fig. 2 is a flowchart illustrating an illegal information processing method according to another embodiment of the present invention.
As shown in fig. 2, the method may include the steps of:
s210, the process starts.
S220, capturing the atomic event.
Capturing the called event of the communication user in real time, and sending the calling number to the number identification module. The trap atomic event may include: capturing user incoming call signaling data, capturing atomic events and distributing the atomic events.
S230, is an illegal number.
The step is mainly used for judging whether the calling number is a fraud number. For example, after a called event of the user is captured by the event capture module, the calling number is input into the number identification module for fraud number identification. The fraud number identification module may include: a mining model for mining numbers to identify fraud numbers, a fraud number library for model identification (fraud numbers identified by the active identification of numbers), an externally imported fraud number library (illegal numbers can be directly identified by comparison without re-analyzing the number characteristics because the partial numbers are already identified as illegal numbers), and the like.
S240, judging whether the number is an illegal number.
If the query result determines that the calling number is a non-fraud number, jumping to step S290; if the query result determines that the calling number exists in the fraud number database, it jumps to step S250.
And S250, warning to remind illegal numbers.
When the calling number is present in the fraud number database, a fraud prevention alert may be triggered. For example, after the user of the terminal hangs up, the terminal is notified through the short message that the incoming call is marked as a fraud call, and meanwhile, the user number is input into the recommendation rule engine to perform recommendation rule judgment.
And S260, recommending judgment by a rule engine.
This step may enable matching of user recommendation rules. For example, the user recommendation rule is determined in accordance with information such as a basic attribute, an order attribute, and a feature attribute of the user. The rule engine may relate to functional modules for rule judgment, rule management, scene pool scan matching, frequency control, rule base, scene pool caching, and the like. The rule management module can be used for configuring the relevant rules and storing the relevant rules into the database. The scene pool and the distributed cache corresponding to the scene pool can be used for realizing the scanning and analysis of the event and the automatic management of the life cycle of the event. The frequency control module can be used for controlling the recommended frequency of the user.
And S270, judging whether service recommendation is needed or not.
If the user number is determined not to conform to the service recommendation rule, step S290 is skipped. If the user number is determined to meet the service recommendation rule, go to step S280.
And S280, recommending the service.
And recommending the corresponding fraud prevention service to the user after the fraud number reminding is carried out on the user. After the recommendation is completed, the process jumps to step S290.
And S290, ending the process.
In the embodiment, the called event of the communication user can be captured in real time through the event capturing module, the incoming fraud number is identified and judged by depending on the mining model, and the anti-fraud prompt is triggered when the calling number is a fraud number; meanwhile, the recommendation rule engine is used for judging the user recommendation rule by combining the information of the basic attribute, the ordering attribute, the characteristic attribute and the like of the user, and if the user is judged to need fraud prevention service recommendation, the corresponding fraud prevention service is accurately recommended to the user, so that the user can be prevented from being very fraudulently swiped, and the user experience is improved.
Fig. 3 is a flowchart illustrating an illegal information processing method according to another embodiment of the present invention.
The present embodiments may involve: a database (e.g., a fraud number library), a rules engine module, an event capture module, a de-channel module, a mobile terminal, and the like. According to the embodiment, the called event of the communication user can be captured in real time through the event capturing module, the incoming fraud number identification and judgment are carried out by relying on the mining model, and the anti-fraud prompt is triggered when the calling number is a fraud number. Meanwhile, the rule engine module is used for judging the user recommendation rule by combining the information of the basic attribute, the ordering attribute, the characteristic attribute and the like of the user. And if the user needs to be recommended with the fraud prevention service, recommending the illegal information prevention service to the user according with the recommendation rule. As shown in fig. 3, the method comprises the steps of:
s310, the event capturing module identifies the event behavior of the called mobile terminal user and captures the event in time. And after the event is captured, integrating the event to generate an event message and a list. Such as subscriber number, incoming call number, event type, etc.
S320, the real-time message triggers sending of the synchronized activity event manifest information to a rule engine module (e.g., a recommendation rule engine module).
S330, the rule engine module calls the real-time query service provided by the database according to the requirement to query the user service information and the attributes of the incoming call number. For example, the user is inquired whether to subscribe to the anti-fraud service currently, whether the called number of the user has the information of a fraud number library, and the like. The database may include a user subscription relationship database, a fraud number database, and the like.
S340, the rule engine module can match the recommendation mode and the activity rule applicable to the called user attribute according to the preset recommendation rule and generate the recommendation target client and the recommendation content.
S350, the rule engine module pushes the recommendation target customer and the recommendation content to the contact channel module to carry out anti-fraud service recommendation.
And S360, the contact channel carries out fraud prevention service recommendation on the target user according to a preset opportunity.
S370, the contact channel feeds back the customer recommendation to the rules engine module.
And S380, the rule engine module performs iterative optimization of the recommendation rule according to the customer recommendation result fed back by the contact channel module.
Therefore, the embodiment can accurately recommend fraud-proof services, such as mobile color printing services, to the users meeting the recommendation rules, so as to improve the user security awareness and reduce the property loss of the users.
Fig. 4 is a flow chart illustrating a process of capturing a call event according to an embodiment of the invention.
The real-time accurate capture of the call event is the basis for realizing accurate identification and is an important link in accurate recommendation of illegal service prevention. In this embodiment, the event to be captured is mainly a called atomic event.
As shown in fig. 4, capturing an atomic event may include the following sub-steps:
and S410, loading the atomic event rule into the database of the atomic event rule management module from the distributed memory block database.
S420, in the atomic event rule management module, the atomic event and the rule are analyzed.
And S430, obtaining an atomic event list and parameters required to be captured in the scene according to the analyzed atomic event rule.
S440, capturing an atomic event list and parameters as required, and initializing and starting an atomic event capturing module.
S450, receiving (import) signaling data flow.
And S460, the atomic event capturing module performs an atomic event capturing operation.
And S470, outputting the captured atomic event.
FIG. 5 is a flow diagram of the rule engine processing information according to an embodiment of the present invention.
The rule engine module can analyze the acquired marketing scene and the atomic event and match the relevant rules to realize the recommendation judgment suitable for the user. The rule engine module can relate to modules such as rule judgment, rule management, distributed caching, scene pool scanning and analyzing, frequency control and the like. The rule management module can be used for configuring and storing the relevant rules into the database. The scene pool scanning and analyzing module and the distributed cache corresponding to the scene pool can be used for realizing the scanning and analyzing of the event and the automatic management of the life cycle of the event. The frequency control module can be used for controlling the recommended frequency of the user.
As shown in FIG. 5, the rules engine processing the information may include the following sub-steps:
s510, loading the recommendation rule from the database of the rule management module into the recommendation rule determination module (logic program module).
And S520, performing logic judgment on the recommendation rule according to the loaded recommendation rule and by combining information such as the basic attribute, the order attribute, the characteristic attribute and the like of the user, and determining whether the user needs to be written into the scene pool.
And S530, writing the users and the related data which accord with the judgment result of the recommendation rule into the distributed caches corresponding to the scene pools.
And S540, performing scanning and analysis on the events in the scene pool, and writing the scanning and analysis result data into a distributed cache corresponding to the scene pool.
And S550, in the distributed cache corresponding to the scene pool, carrying out rule matching on the event scanning analysis result data and the rules input by the recommendation rule judgment.
S560, after the rule matching is successful, submitting the related data to a frequency control module for frequency control recommended by a user; the recommendation frequency control module controls the recommendation frequency of the user according to the acquired recommendation frequency control rule so as to reduce interference on the user and guarantee user perception.
S570, the step can realize the automatic detection of the life cycle of the events in the cache and automatically clean the cache events which are detected to be out of date. Namely: and deleting the matched events in the scene pool, and realizing the automatic management of the life cycle of the events.
In addition, in the case of no conflict, those skilled in the art can flexibly adjust the order of the above operation steps or flexibly combine the above steps according to actual needs. Various implementations are not described again for the sake of brevity. In addition, the contents of the various embodiments may be mutually incorporated by reference.
Fig. 6 is a schematic structural diagram of an illegal information processing apparatus according to an embodiment of the present invention.
As shown in fig. 6, the apparatus 600 may include: a model building unit 610, a parameter obtaining unit 620, an event capturing unit 630, a number recognizing unit 640, and an information processing unit 650. The model establishing unit 610 may establish the number recognition model by using a logistic regression algorithm; the parameter obtaining unit 620 may obtain the feature parameters of the illegal number by using the sample data training number recognition model; the event capturing unit 630 may be configured to capture a call event from the calling terminal in real time; the number recognition unit 640 may be configured to mine a call event by using the trained number recognition model, and recognize the number of the calling terminal according to the feature parameters of the illegal number; the information processing unit 650 may be configured to intercept a signaling data stream of the calling terminal and/or send an alert prompt to the called terminal when the number of the calling terminal is an illegal number.
It should be noted that the implementation manner of the functional units or the functional modules shown in the present embodiment may be hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
In some embodiments, on the basis of the embodiment of fig. 6, there may be further added: a sample updating unit and a model training unit. The sample updating unit can be used for adding the characteristic parameters of the identified illegal numbers to the sample data and generating updated sample data; the model training unit may train the illegal number recognition model using the updated sample data to obtain the updated characteristic parameters of the illegal number.
In some embodiments, the number recognition model is:
Figure BDA0001268146850000111
wherein p is the recognition probability, p/(1+ p) is the probability occurrence ratio, b0Is a constant, n is a natural number, bnCharacteristic parameter, x, for illegal numbersnThe correlation coefficient of the characteristic parameter of the illegal number.
In some embodiments, the event capturing unit 630 may include: the device comprises a rule loading module, a rule analysis module, a signaling receiving module and an event capturing module. The rule loading module can be used for loading the call event rule; the rule analysis module can be used for analyzing the call event rule to obtain a list of call events to be captured and parameters; the signaling receiving module can be used for receiving a signaling data stream of the called terminal; the event capture module may be configured to capture call events in the signaling data stream based on a list of call events to be captured and the parameters.
In some embodiments, on the basis of the above embodiments, it is also possible to add: and an information pushing unit. The information pushing unit can be used for judging whether the called terminal has illegal attack characteristics; when the called terminal has the illegal attack characteristic, judging whether the called number of the called terminal with the illegal attack characteristic conforms to the illegal attack prevention push rule or not; and pushing the illegal attack prevention service to the called terminal which accords with the illegal attack prevention pushing rule.
In some embodiments, the push rules include: and when the related data of the called terminal is matched with the reference data, pushing the illegal attack prevention service to the successfully matched called terminal.
It should be noted that the apparatuses in the foregoing embodiments can be used as the execution main bodies in the methods in the foregoing embodiments, and can implement corresponding processes in the methods, and for brevity, the contents of this aspect are not described again.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (6)

1. A method for processing illegal information is characterized by comprising the following steps:
establishing a number identification model by adopting a logistic regression algorithm;
training the number recognition model by using sample data to obtain the characteristic parameters of the illegal number;
capturing a call event from a calling terminal in real time;
mining the calling event by using the trained number recognition model, and recognizing the number of the calling terminal according to the feature parameters of the illegal number;
intercepting a signaling data stream of the calling terminal and/or sending a warning prompt to a called terminal when the number of the calling terminal is an illegal number;
judging whether the called terminal has the characteristics of being attacked illegally or not;
when the called terminal has the illegal attack characteristic, judging whether the called number of the called terminal with the illegal attack characteristic conforms to the illegal attack prevention push rule or not;
pushing the illegal attack prevention service to a called terminal which accords with the illegal attack prevention pushing rule;
the push rules include: when the related data of the called terminal is matched with the reference data, pushing an illegal attack prevention service to the called terminal;
the number recognition model is as follows:
Figure FDA0002735989700000011
wherein p is the recognition probability, p/(1-p) is the probability occurrence ratio, b0Is a constant, n is a natural number, bnCharacteristic parameter, x, for illegal numbersnThe correlation coefficient of the characteristic parameter of the illegal number.
2. The method according to claim 1, wherein after identifying the number of the calling terminal according to the feature parameter of the illegal number, the method further comprises:
adding the characteristic parameters of the identified illegal number to the sample data to generate updated sample data;
and training the illegal number recognition model by using the updated sample data to obtain the characteristic parameters of the updated illegal number.
3. The method of claim 1, wherein the capturing the call event from the calling terminal in real time comprises:
loading a call event rule;
analyzing the call event rule to obtain a list of call events to be captured and parameters;
receiving a signaling data stream of the called terminal;
capturing the call event in the signaling data stream based on the list of call events to be captured and parameters.
4. An illegal information processing apparatus, comprising:
the model establishing unit is used for establishing a number identification model by adopting a logistic regression algorithm;
the parameter obtaining unit is used for training the number recognition model by utilizing sample data to obtain the characteristic parameters of the illegal number;
the event capturing unit is used for capturing a calling event from the calling terminal in real time;
the number recognition unit is used for mining the calling event by using the trained number recognition model and recognizing the number of the calling terminal according to the characteristic parameters of the illegal number;
the information processing unit is used for intercepting a signaling data stream of the calling terminal and/or sending a warning prompt to a called terminal when the number of the calling terminal is an illegal number;
the information pushing unit is used for judging whether the called terminal has illegal attack characteristics; when the called terminal has the illegal attack characteristic, judging whether the called number of the called terminal with the illegal attack characteristic conforms to the illegal attack prevention push rule or not; pushing the illegal attack prevention service to a called terminal which accords with the illegal attack prevention pushing rule; the push rules include: when the related data of the called terminal is matched with the reference data, pushing an illegal attack prevention service to the called terminal;
the number recognition model is as follows:
Figure FDA0002735989700000021
wherein p is the recognition probability, p/(1-p) is the probability occurrence ratio, b0Is a constant, n is a natural number, bnCharacteristic parameter for illegal number,xnThe correlation coefficient of the characteristic parameter of the illegal number.
5. The apparatus of claim 4, further comprising:
the sample updating unit is used for adding the characteristic parameters of the identified illegal numbers to the sample data and generating updated sample data;
and the model training unit is used for training the illegal number recognition model by using the updated sample data to acquire the updated characteristic parameters of the illegal number.
6. The apparatus of claim 4, wherein the event capture unit comprises:
the rule loading module is used for loading the call event rule;
the rule analysis module is used for analyzing the call event rule to obtain a list of call events to be captured and parameters;
a signaling receiving module, configured to receive a signaling data stream of the called terminal;
and the event capturing module is used for capturing the call event in the signaling data flow based on the call event list to be captured and the parameters.
CN201710237868.7A 2017-04-12 2017-04-12 Illegal information processing method and device Active CN108696626B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710237868.7A CN108696626B (en) 2017-04-12 2017-04-12 Illegal information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710237868.7A CN108696626B (en) 2017-04-12 2017-04-12 Illegal information processing method and device

Publications (2)

Publication Number Publication Date
CN108696626A CN108696626A (en) 2018-10-23
CN108696626B true CN108696626B (en) 2021-05-04

Family

ID=63843661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710237868.7A Active CN108696626B (en) 2017-04-12 2017-04-12 Illegal information processing method and device

Country Status (1)

Country Link
CN (1) CN108696626B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112396079B (en) * 2019-08-16 2024-11-08 中国移动通信集团广东有限公司 Number recognition model training method, number recognition method and device
CN113810547B (en) * 2020-06-16 2023-12-15 中国移动通信集团重庆有限公司 Voice call safety protection method and device and computing equipment
CN112446425B (en) * 2020-11-20 2024-10-25 北京思特奇信息技术股份有限公司 Method and device for automatically acquiring suspected card-keeping channel
CN115604396A (en) * 2022-10-21 2023-01-13 咪咕音乐有限公司(Cn) Call method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453522A (en) * 2008-12-19 2009-06-10 中国移动通信集团浙江有限公司 Method for non-standardized dialing service monitoring between networks
CN104244216A (en) * 2014-09-29 2014-12-24 中国移动通信集团浙江有限公司 Method and system for intercepting fraud phones in real time during calling
CN104469025A (en) * 2014-11-26 2015-03-25 杭州东信北邮信息技术有限公司 Clustering-algorithm-based method and system for intercepting fraud phone in real time
CN105323763A (en) * 2014-06-27 2016-02-10 中国移动通信集团湖南有限公司 Method and apparatus for identifying spam messages

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8510215B2 (en) * 2005-04-21 2013-08-13 Victrio, Inc. Method and system for enrolling a voiceprint in a fraudster database

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453522A (en) * 2008-12-19 2009-06-10 中国移动通信集团浙江有限公司 Method for non-standardized dialing service monitoring between networks
CN105323763A (en) * 2014-06-27 2016-02-10 中国移动通信集团湖南有限公司 Method and apparatus for identifying spam messages
CN104244216A (en) * 2014-09-29 2014-12-24 中国移动通信集团浙江有限公司 Method and system for intercepting fraud phones in real time during calling
CN104469025A (en) * 2014-11-26 2015-03-25 杭州东信北邮信息技术有限公司 Clustering-algorithm-based method and system for intercepting fraud phone in real time

Also Published As

Publication number Publication date
CN108696626A (en) 2018-10-23

Similar Documents

Publication Publication Date Title
CN107566358B (en) Risk early warning prompting method, device, medium and equipment
CN108924333B (en) Fraud telephone identification method, device and system
CN109429230B (en) Communication fraud identification method and system
CN108696626B (en) Illegal information processing method and device
CN110401779B (en) Method and device for identifying telephone number and computer readable storage medium
US12081696B2 (en) System and method for determining unwanted call origination in communications networks
CN107306306B (en) Communication number processing method and device
CN111654866A (en) Method, device and computer storage medium for preventing mobile communication from fraud
CN107229638A (en) A kind of text message processing method and device
CN106791231B (en) Crank call processing method and device
CN104427079A (en) Early warning method and device of user voice calls
CN110493476B (en) Detection method, device, server and storage medium
CN111567012A (en) Decentralized automated phone fraud risk management
CN110611929A (en) Abnormal user identification method and device
CN116320160A (en) Method, device, electronic equipment and storage medium for multi-channel comprehensive anti-fraud intervention
CN107172622B (en) Method, device and system for identifying and analyzing pseudo base station short message
CN104394258B (en) The method and apparatus that contact method change to communication object is handled
CN114338915A (en) Caller ID risk identification method, caller ID risk identification device, caller ID risk identification equipment and storage medium
CN113839852B (en) Mail account abnormity detection method, device and storage medium
KR101764920B1 (en) Method for determining spam phone number using spam model
US11985372B2 (en) Information pushing method and apparatus
CN116963072A (en) Fraud user early warning method and device, electronic equipment and storage medium
US20170034035A1 (en) Real time event monitoring and analysis system
CN111131626B (en) Group harmful call detection method and device based on stream data atlas and readable medium
KR102123103B1 (en) Method, device and program for preventing spam by analysing call log

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant