CN111083705A - Group-sending fraud short message detection method, device, server and storage medium - Google Patents
Group-sending fraud short message detection method, device, server and storage medium Download PDFInfo
- Publication number
- CN111083705A CN111083705A CN201911257445.7A CN201911257445A CN111083705A CN 111083705 A CN111083705 A CN 111083705A CN 201911257445 A CN201911257445 A CN 201911257445A CN 111083705 A CN111083705 A CN 111083705A
- Authority
- CN
- China
- Prior art keywords
- short message
- fraud
- sending
- characteristic data
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 claims abstract description 42
- 238000004458 analytical method Methods 0.000 claims abstract description 9
- 238000004364 calculation method Methods 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 13
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 238000012790 confirmation Methods 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 7
- 230000011218 segmentation Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 5
- 230000014509 gene expression Effects 0.000 description 60
- 230000008569 process Effects 0.000 description 13
- 125000006850 spacer group Chemical group 0.000 description 12
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000012549 training Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000018109 developmental process Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001131 transforming effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Abstract
The invention provides a group sending fraud short message detection method, which comprises the following steps: performing hash calculation and analysis on the received short message content to obtain a hash value and characteristic data; and determining whether the short message is a fraud short message according to the hash value and the characteristic data, determining that the short message is a mass-sending fraud short message when the times of determining and recording the characteristic data and the hash value sent by the client within the preset time exceed the preset value, and sending prompt information to the client. The invention also provides a group sending fraud short message detection device, a server and a storage medium. The method and the system can detect the fraud short messages in an active defense mode and judge the fraud short messages in real time, thereby protecting the property of users and improving the user experience.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, a server and a storage medium for detecting mass fraud short messages.
Background
With the development of communication technology and the popularization of smart phones, the mobile internet gradually changes people's lives, but various communication network fraud crimes which are not grouped come along with the mobile internet. Short messages become one of the important means for communication phishing, and especially mass-sending of spam/fraud short messages is always troubling people. How to quickly detect the mass-sending spam/fraud and remind the user, thereby saving unnecessary loss, becomes a problem to be solved urgently. Most of software for detecting mass-sent spam/fraud short messages in the current market is based on a user report or source blacklist mode, and passive detection is realized. The deceiving person has various means and levels by using a magic ruler to get higher. Especially, it is expected that sending the spam/fraud short messages by the pseudo base station, the temporary mobile phone number and the like constitutes a great challenge for the traditional passive detection method.
Disclosure of Invention
In view of the above, there is a need to provide a group fraud short message detection method, apparatus, server and storage medium, which can detect fraud short messages by means of active defense.
A first aspect of the present invention provides a group fraud short message detection method, comprising:
detecting whether the client receives the short message;
after the client receives the short message, extracting the short message content of the short message to obtain a short message content text;
calculating the hash value of the text of the short message content;
analyzing the short message content to obtain characteristic data, wherein the characteristic data at least comprises a bank account number, a telephone number and a website URL;
receiving the hash value of the characteristic data and the short message content text sent by a client;
recording the times of receiving the characteristic data and the hash value sent by the client within a preset time;
determining whether the short message is a mass-sending fraud short message according to the characteristic data, the hash value and the receiving times within a preset time; and
and when the short message is a mass-sending fraud short message, sending fraud short message prompt information to the client.
Preferably, the step of determining whether the short message is a mass-sending fraud short message according to the feature data, the hash value and the number of receptions within a preset time includes:
determining whether the short message content texts corresponding to the hash values are similar or not according to all the received hash values;
when the texts of the short message contents corresponding to all the received hash values are similar, judging whether the receiving times within the preset time exceed the preset times;
when the receiving times within the preset time exceed the preset times, confirming that the short message is a group sending short message;
judging whether the short messages are fraud short messages or not according to the characteristic data; and
and when the short message is a fraud short message, confirming that the short message is a mass-sending fraud short message.
Preferably, the step of determining whether the short message content texts corresponding to the hash values are similar according to all the received hash values includes:
calculating the Hamming distance between the hash values corresponding to all the received short message content texts pairwise;
judging whether the Hamming distance is smaller than a preset value;
when the Hamming distance is smaller than a preset value, confirming that the two short message content texts calculated pairwise are similar; and
and when the Hamming distance is larger than or equal to a preset value, confirming that the two short message content texts calculated pairwise are not similar.
Preferably, the step of determining whether the short message is a fraud short message according to the feature data comprises:
identifying whether the URL in the characteristic data is suspicious based on a blacklist technology;
when the URL in the feature data exists in the blacklist, confirming that the short message is a fraud short message;
and when the URL in the feature data does not exist in the blacklist, confirming that the short message is not a fraud short message.
Preferably, the step of determining whether the short message is a fraud short message according to the feature data further comprises:
determining whether the number of times of occurrence of the bank account or the mobile phone number in the characteristic data exceeds a threshold value and whether the IDs of the clients corresponding to the bank account or the mobile phone number are the same;
when the number of times of occurrence of the bank account or the mobile phone number in the feature data does not exceed the threshold value, or the IDs of the clients corresponding to the bank account or the mobile phone number are different, determining that the short message is not a fraud short message;
and when the number of times of occurrence of the bank account number or the mobile phone number in the characteristic data exceeds the threshold value and the IDs of the clients corresponding to the bank account number or the mobile phone number are the same, determining that the short message is a fraud short message.
Preferably, the step of calculating the hash value of the text of the short message content includes:
obtaining a characteristic word by performing word segmentation processing on a short message content text;
calculating a hash value corresponding to each feature word through a hash algorithm;
forming the hash value into a weighted digit string according to the weight of the characteristic word
Accumulating the weighted number strings corresponding to each characteristic word in the short message content text to obtain a sequence string;
the sequence string is transformed into a 01 string, forming a hash signature.
Preferably, before the step of extracting the short message content of the short message and obtaining the short message content text, the method further includes a step of judging whether a source number for sending the short message is in a phone number white list, and the step includes:
judging whether a source number for sending the short message is in a telephone number white list or not according to a local telephone number white list of the client;
when the source number exists in the phone number white list, confirming that the short message is not a fraud short message;
and when the source number does not exist in the phone number white list, executing the step of calculating the hash value of the short message content text.
A second aspect of the present invention provides a group fraud short message detection apparatus, comprising:
the detection module is used for detecting whether the client receives the short message;
the extraction module is used for extracting the short message content of the short message after the client receives the short message to obtain a short message content text;
the calculation module is used for calculating the hash value of the short message content text;
the analysis module is used for analyzing the short message content to obtain characteristic data, wherein the characteristic data at least comprises a bank account number, a telephone number and a URL (uniform resource locator);
the receiving module is used for receiving the characteristic data and the hash value of the short message content text sent by the client;
the recording module is used for recording the times of the characteristic data and the hash value sent by the client and received within the preset time;
the confirmation module is used for confirming whether the short message is a mass-sending fraud short message according to the characteristic data, the hash value and the receiving times within the preset time; and
and the sending module is used for sending fraud short message prompt information to the client when the short message is a mass-sending fraud short message.
A third aspect of the present invention provides a server comprising a processor and a memory, the processor being configured to implement the group fraud message detection method when executing a computer program stored in the memory.
A fourth aspect of the present invention provides a computer-readable storage medium having stored thereon a computer program, which, when executed by a processor, implements the group fraud message detection method.
The invention discloses a method, a device, a server and a storage medium for detecting mass-sending fraud short messages. Performing hash calculation and analysis on the received short message content to obtain a hash value and characteristic data; and determining whether the short message is a fraud short message according to the hash value and the characteristic data, determining that the short message is a group-sending fraud short message when the times of determining and recording the characteristic data and the hash value sent by the client within the preset time exceed the preset times, and sending prompt information to the client. Therefore, fraud short messages can be detected in an active defense mode, and can be distinguished in real time, so that the property of the user is protected, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart illustrating a method for detecting mass-sending fraud short messages according to an embodiment of the present invention.
FIG. 2 is a functional block diagram of the mass-sending fraud message detection apparatus according to the second embodiment of the present invention.
Fig. 3 is a schematic diagram of a server according to a third embodiment of the present invention.
The following detailed description will further illustrate the invention in conjunction with the above-described figures.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a detailed description of the present invention will be given below with reference to the accompanying drawings and specific embodiments. It should be noted that the embodiments of the present invention and features of the embodiments may be combined with each other without conflict.
In the following description, numerous specific details are set forth to provide a thorough understanding of the present invention, and the described embodiments are merely a subset of the embodiments of the present invention, rather than a complete embodiment. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
The terms "first," "second," and "third," etc. in the description and claims of the present invention and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprises" and any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
The method for detecting the mass-sending fraud short messages is applied to the server. The server which needs to perform the mass-sending fraud message detection can be directly integrated with the mass-sending fraud message detection function provided by the method of the invention on the server, or a client used for realizing the method of the invention is installed. For another example, the method provided by the present invention may also be operated on a device such as a server in the form of a Software Development Kit (SDK), an interface with a group fraud short message detection function is provided in the form of an SDK, and the server or other devices can realize the group fraud short message detection function through the provided interface.
Example one
FIG. 1 is a flowchart illustrating a method for detecting mass-sending fraud short messages according to an embodiment of the present invention. The execution sequence in the flow chart can be changed and some steps can be omitted according to different requirements.
Step S1, detecting whether the client receives the short message. After the client receives the short message, the process goes to step S2; when the client does not receive the short message, the process returns to step S1 to continue detecting whether the client receives the short message.
And step S2, extracting the short message content of the short message to obtain a short message content text.
Preferably, before the step S2, the mass fraud message detection method may further include the steps of: and judging whether the source number for sending the short message is in a phone number white list or not.
Specifically, whether the source number for sending the short message is in the telephone number white list is judged according to the local telephone number white list of the client. When the source number exists in the phone number white list, confirming that the short message is not a fraud short message; when the source number does not exist in the phone number white list, the flow advances to step S3.
In this embodiment, the white list of phone numbers is set locally by the client, or is sent locally by the cloud server to the client. Further, the cloud server may update the white list of the local phone numbers of the client at regular intervals.
And step S3, calculating the hash value of the text of the short message content.
In this embodiment, the hash value of the text of the short message content is calculated by a simhash algorithm.
Specifically, the method comprises the following steps:
(1) and performing word segmentation processing on the text of the short message content to obtain a characteristic word.
In the embodiment, the short message content text is segmented by a maximum forward matching method. Specifically, m characters in a text of the short message content to be divided are taken from left to right as matching fields, wherein m is the number of the longest vocabulary entries in a large machine dictionary; a large machine dictionary is looked up and matched. If the matching is successful, the matching field is segmented as a word. If the matching is unsuccessful, the last character of the matching field is removed, the rest character string is used as a new matching field for matching again, and the process is repeated until all the words are cut out.
(2) And calculating a hash value corresponding to each feature word through a hash algorithm.
(3) And forming a weighted numeric string by the hash value according to the weight of the characteristic word.
(4) And accumulating the weighted number strings corresponding to each characteristic word in the short message content text to obtain a sequence string.
(5) And transforming the sequence string into a 01 string to form a simhash signature, wherein each bit in the sequence string is greater than 0 and is recorded as 1, and each bit less than 0 is recorded as 0. For example, when the sequence string is "9-91-119", its corresponding simhash signature is "101011".
It is to be understood that the hash value of the short message content text may also be calculated by other hash algorithms. For example, HAVAL, MD2, MD4, MD5SSHA1, and the like.
And step S4, analyzing the short message content to obtain characteristic data, wherein the characteristic data at least comprises a bank account number, a telephone number and a URL (uniform resource locator).
In one embodiment, the short message content is parsed by matching the short message content with a preset regular expression. And the preset regular expression is set according to the short message content characteristics of the fraud short message. For example, the fraud message generally includes a contact phone number, bank account information, a website URL, and the like. Specifically, the short message text content can be matched with a plurality of preset regular expressions one by one, and the feature data corresponding to the successfully matched regular expressions can be extracted.
Preferably, the preset regular expressions comprise any one or more of the following regular expressions:
regular expression matching Email address: w + ([ - + ]. w +). -% - ([ -. - ]. w + ([ - ]. w +);
matching the regular expression of the URL: (a-zA _ z) +// r/s +;
matching linked regular expressions: [ \\ w ] +;
matching regular expressions of fixed telephone numbers with area codes: (\ d {3, 4 })? -? \ d {7, 8 };
matching regular expressions of fixed telephone numbers without area codes: \ d {7, 8 };
matching a regular expression I of 11 mobile phone numbers: \ d { ll };
and a second regular expression for matching 11-bit mobile phone numbers: [1-9] [0-9] {10 };
regular expression matching Tencent QQ number: [1-9] [0-9] {4, };
matching the regular expression of the bank account: \ d {16, 19 };
regular expression matching IP addresses: \\ d { l,3} (. \ d { l,3}) {3 }.
It should be noted that the form of the regular expression listed above is merely an example, and the present invention is not limited thereto, and the regular expression may have various writing methods.
Further preferably, the regular expressions listed above are for various numbers that are normally represented by arabic numerals. Besides, there are fraud messages that are identified by the numeric expression by various means, such as inserting special characters between the numbers of the arabic expression. For another example, the forms of adding spaces or other characters in the phone number, spacing intervals among bank accounts, and the like can all adopt more complex regular expressions to perform matching quickly and efficiently so as to identify deformed fraud short messages.
Preferably, the preset regular expressions of the plurality of matching avoidance measures include any one or more of the following regular expressions:
regular expression one of the phone numbers matching the interspersed spacers: \ D (\ D \ D) {6, 7 };
regular expression two of the phone numbers matching the interspersed spacers: \ D (\ D;
and a third regular expression for matching the telephone number interspersed with the spacer with the area code: \ D (\ D;
the regular expression one of the mobile phone numbers matched with the interpenetration spacers is as follows: \ D (\ D;
and matching a regular expression II of the mobile phone numbers interspersed with the spacers: \ D (\ D \ D) {10 };
matching regular expressions of interlude spacer bank account numbers: \ D (\ D.
Through the steps S1 to S4, the content of the short message can be initially processed in the client, and then the processing result is sent to the server, so as to determine whether the short message is a mass-sending fraud short message.
In an embodiment, the steps S1 to S4 may be performed in the server, where when detecting that the client receives the short message, the client sends the short message to the server, and the server receives the short message and extracts the short message content of the short message to obtain a short message content text; calculating the hash value of the text of the short message content; and analyzing the short message content to obtain characteristic data.
And step S5, receiving the hash value of the characteristic data and the text of the short message content sent by the client.
In this embodiment, after the client calculates the hash value of the text of the short message content and analyzes the short message content to obtain the feature data. And the client sends the hash value and the characteristic data to the server so as to facilitate the server to analyze whether the short message is a mass-sending fraud short message.
And step S6, recording the times of the characteristic data and the hash value sent by the client and received within the preset time.
Because the mass texting has the characteristic of mass texting in a short time, whether the current short message is the mass texting can be confirmed according to the characteristic data and the times of the hash value sent by the client recorded in the preset time. For example, the number of times the client sends the characteristic data and/or the hash value received within ten minutes is recorded.
Step S7, determining whether the short message is a mass-sending fraud short message according to the characteristic data, the hash value and the receiving times within the preset time. When the short message is confirmed to be a mass-sending fraud short message, the flow proceeds to step S8; when it is confirmed that the short message is not a mass-sending fraud short message, the flow returns to step S1.
Specifically, the determining whether the short message is a mass-sending fraud short message according to the feature data, the hash value and the number of times of reception within a preset time includes:
(1) and determining whether the short message content texts corresponding to the hash values are similar or not according to all the received hash values. When the texts of the short message contents corresponding to the hash values are similar, the process enters the step (2) to continuously judge whether the times of receiving the characteristic data sent by the client and the hash values within the preset time exceed the preset times; when the texts of the short message contents corresponding to the hash values are not similar, the process returns to step S1.
In this embodiment, whether the short message content texts corresponding to the hash values are similar or not is determined by the hamming distance. And calculating the Hamming distance between the hash values corresponding to all the received short message content texts pairwise, and judging whether the Hamming distance is smaller than a preset value. When the Hamming distance is smaller than a preset value, the two short message contents are similar in text; and when the Hamming distance is greater than or equal to a preset value, indicating that the two short message content texts are not similar.
(2) And judging whether the receiving times within the preset time exceed the preset times. And (4) when the receiving times within the preset time exceed the preset times, confirming that the short message is a group sending short message, and the process enters the step (3). And when the receiving times within the preset time do not exceed the preset times, determining that the short message is not a group-sending short message, and returning the process to the step S1.
In this embodiment, it is required to confirm the short message content file and the number of times of receiving the short message within a preset time at the same time to determine whether the short message is a mass-sending fraud short message.
When the content texts of the short messages are confirmed to be similar and the number of times of receiving the short messages in the preset time exceeds the preset number, the current short messages are indicated as group sending short messages;
and when the text of the short message content is confirmed to be not similar or the number of times of receiving the short message in the preset time does not exceed the preset number, indicating that the current short message is not a group-sending short message.
(3) And judging whether the short message is a fraud short message or not according to the characteristic data. When the short message is confirmed to be a fraud short message, the flow proceeds to step S8; when it is confirmed that the message is not a fraud message, the flow returns to step S1.
In this embodiment, it is determined whether the website URL in the feature data is suspicious. And when the URL is suspicious, determining that the short message is a fraud short message. Specifically, whether the website URL is suspicious is detected by a siteadvisor tool.
In one embodiment, whether a web site URL in the feature data is suspicious may be identified based on a blacklisting technique. The blacklist is a list containing malicious web page URLs, IP addresses or keyword information. When the URL in the feature data exists in the blacklist, confirming that the short message is a fraud short message; and when the URL in the feature data does not exist in the blacklist, confirming that the short message is not a fraud short message.
In an embodiment, it may also be determined whether the web site URL in the feature data is suspicious based on machine learning detection techniques. Specifically, the method comprises the steps of selecting a phishing website URL characteristic vector, generating training data, training and constructing a classifier model, and classifying the URL in the characteristic data by applying a classifier.
In an embodiment, whether the number of times of occurrence of a bank account number or a mobile phone number in the feature data exceeds a threshold value and whether the IDs of clients corresponding to the bank account number or the mobile phone number are the same is determined. When the number of times of occurrence of the bank account or the mobile phone number in the feature data does not exceed the threshold value, or the IDs of the clients corresponding to the bank account or the mobile phone number are different, determining that the short message is not a mass-sending fraud short message; and when the number of times of occurrence of the bank account number or the mobile phone number in the characteristic data exceeds the threshold value and the IDs of the clients corresponding to the bank account number or the mobile phone number are the same, confirming that the short message is a mass-sending fraud short message.
And step S8, sending the fraud message prompt message to the client.
In this embodiment, when the short message is confirmed to be a mass-sending fraud short message, a prompt message is sent to the client to prompt the user to delete or carefully process the short message.
In summary, the mass-sending fraud short message detection method provided by the invention includes performing hash calculation and analysis on the received short message content to obtain a hash value and characteristic data; and determining whether the short message is a fraud short message according to the hash value and the characteristic data, determining that the short message is a mass-sending fraud short message when the times of determining and recording the characteristic data and the hash value sent by the client within the preset time exceed the preset value, and sending prompt information to the client. Therefore, fraud short messages can be detected in an active defense mode, and can be distinguished in real time through background intelligent learning, so that the property of a user is protected, and the user experience is improved.
The above description is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and it will be apparent to those skilled in the art that modifications may be made without departing from the inventive concept of the present invention, and these modifications are within the scope of the present invention.
Example two
FIG. 2 is a functional block diagram of the mass-sending fraud message detection apparatus in the preferred embodiment of the present invention.
In some embodiments, the mass fraud message detection apparatus 20 (for convenience of description, simply referred to as "detection apparatus") operates in a server. The detection means 20 may comprise a plurality of functional modules consisting of program code segments. The program codes of the various program segments in the detecting device 20 can be stored in the memory and executed by the at least one processor to perform the group fraud short message detecting function.
In this embodiment, the detection device 20 may be divided into a plurality of functional modules according to the functions performed by the detection device. The functional module may include: the system comprises a detection module 201, an extraction module 202, a calculation module 203, an analysis module 204, a receiving module 205, a recording module 206, a confirmation module 207 and a sending module 208. The module referred to herein is a series of computer program segments capable of being executed by at least one processor and capable of performing a fixed function and is stored in memory. In some embodiments, the functionality of the modules will be described in greater detail in subsequent embodiments.
The detecting module 201 is configured to detect whether the client receives a short message.
The extraction module 202 is configured to extract the short message content of the short message to obtain a short message content text.
Preferably, before extracting the short message content of the short message, the detecting device 20 may further: and judging whether the source number for sending the short message is in a phone number white list or not.
Specifically, whether the source number for sending the short message is in the telephone number white list is judged according to the local telephone number white list of the client. When the source number exists in the phone number white list, confirming that the short message is not a fraud short message; and when the source number does not exist in the phone number white list, continuously detecting whether the client receives the short message.
In this embodiment, the white list of phone numbers is set locally by the client, or is sent locally by the cloud server to the client. Further, the cloud server may update the white list of the local phone numbers of the client at regular intervals.
The calculating module 203 is configured to calculate a hash value of the short message content text.
In this embodiment, the hash value of the text of the short message content is calculated by a simhash algorithm.
Specifically, the method comprises the following steps:
(1) and performing word segmentation processing on the text of the short message content to obtain a characteristic word.
In the embodiment, the short message content text is segmented by a maximum forward matching method. Specifically, m characters in a text of the short message content to be divided are taken from left to right as matching fields, wherein m is the number of the longest vocabulary entries in a large machine dictionary; a large machine dictionary is looked up and matched. If the matching is successful, the matching field is segmented as a word. If the matching is unsuccessful, the last character of the matching field is removed, the rest character string is used as a new matching field for matching again, and the process is repeated until all the words are cut out.
(2) And calculating a hash value corresponding to each feature word through a hash algorithm.
(3) And forming a weighted numeric string by the hash value according to the weight of the characteristic word.
(4) And accumulating the weighted number strings corresponding to each characteristic word in the short message content text to obtain a sequence string.
(5) And transforming the sequence string into 01 strings to form a hash signature, wherein each bit in the sequence string is greater than 0 and is recorded as 1, and less than 0 and is recorded as 0. For example, when the sequence string is "9-91-119", its corresponding hash signature is "101011".
It is to be understood that the hash value of the short message content text may also be calculated by other hash algorithms. For example, HAVAL, MD2, MD4, MD5SSHA1, and the like.
The parsing module 204 is configured to parse the short message content to obtain feature data, where the feature data at least includes a bank account, a phone number, and a URL.
In one embodiment, the short message content is parsed by matching the short message content with a preset regular expression. And the preset regular expression is set according to the short message content characteristics of the fraud short message. For example, the fraud message generally includes a contact phone number, bank account information, a website URL, and the like. Specifically, the short message text content can be matched with a plurality of preset regular expressions one by one, and the feature data corresponding to the successfully matched regular expressions can be extracted.
Preferably, the preset regular expressions comprise any one or more of the following regular expressions:
regular expression matching Email address: w + ([ - + ]. w +). -% - ([ -. - ]. w + ([ - ]. w +);
matching the regular expression of the URL: [ a-zA _ z ] +:// r \ s ] +;
matching linked regular expressions: [ \\ w ] +;
matching regular expressions of fixed telephone numbers with area codes: (\ d {3, 4 })? -? \ d {7, 8 };
matching regular expressions of fixed telephone numbers without area codes: \ d {7, 8 };
matching a regular expression I of 11 mobile phone numbers: \ d { ll };
and a second regular expression for matching 11-bit mobile phone numbers: [1-9] [0-9] {10 };
regular expression matching Tencent QQ number: [1-9] [0-9] {4, };
matching the regular expression of the bank account: \ d {16, 19 };
regular expression matching IP addresses: \\ d { l,3} (. \ d { l,3}) {3 }.
It should be noted that the form of the regular expression listed above is merely an example, and the present invention is not limited thereto, and the regular expression may have various writing methods.
Further preferably, the regular expressions listed above are for various numbers that are normally represented by arabic numerals. Besides, there are fraud messages that are identified by the numeric expression by various means, such as inserting special characters between the numbers of the arabic expression. For another example, the forms of adding spaces or other characters in the phone number, spacing intervals among bank accounts, and the like can all adopt more complex regular expressions to perform matching quickly and efficiently so as to identify deformed fraud short messages.
Preferably, the preset regular expressions of the plurality of matching avoidance measures include any one or more of the following regular expressions:
regular expression one of the phone numbers matching the interspersed spacers: \ D (\ D \ D) {6, 7 };
regular expression two of the phone numbers matching the interspersed spacers: \ D (\ D;
and a third regular expression for matching the telephone number interspersed with the spacer with the area code: \ D (\ D;
the regular expression one of the mobile phone numbers matched with the interpenetration spacers is as follows: \ D (\ D;
and matching a regular expression II of the mobile phone numbers interspersed with the spacers: \ D (\ D \ D) {10 };
matching regular expressions of interlude spacer bank account numbers: \ D (\ D.
In an embodiment, the above steps may be performed in the server, when detecting that the client receives the short message, the client sends the short message to the server, and the server receives the short message and extracts the short message content of the short message to obtain a short message content text; calculating the hash value of the text of the short message content; and analyzing the short message content to obtain characteristic data.
The receiving module 205 is configured to receive the hash value of the feature data and the short message content text sent by the client.
In this embodiment, after the client calculates the hash value of the text of the short message content and analyzes the short message content to obtain the feature data. And the client sends the hash value and the characteristic data to the server so as to facilitate the server to analyze whether the short message is a mass-sending fraud short message.
The recording module 206 is configured to record the times of the characteristic data and the hash value sent by the client and received within a preset time.
Because the mass texting has the characteristic of mass texting in a short time, whether the current short message is the mass texting can be confirmed according to the characteristic data and the times of the hash value sent by the client recorded in the preset time. For example, the number of times the client sends the characteristic data and/or the hash value received within ten minutes is recorded.
The confirmation module 207 is configured to confirm whether the short message is a mass-sending fraud short message according to the feature data, the hash value and the receiving times within a preset time.
Specifically, the determining whether the short message is a mass-sending fraud short message according to the feature data, the hash value and the number of times of reception within a preset time includes:
(1) and determining whether the short message content texts corresponding to the hash values are similar or not according to all the received hash values. When the short message content texts corresponding to the hash values are similar, continuously judging whether the times of receiving the characteristic data sent by the client and the hash values within a preset time exceed the preset times; and when the short message content texts corresponding to the hash values are not similar, continuously detecting whether the client receives the short message or not.
In this embodiment, whether the short message content texts corresponding to the hash values are similar or not is determined by the hamming distance. And calculating the Hamming distance between the hash values corresponding to all the received short message content texts pairwise, and judging whether the Hamming distance is smaller than a preset value. When the Hamming distance is smaller than a preset value, the two short message contents are similar in text; and when the Hamming distance is greater than or equal to a preset value, indicating that the two short message content texts are not similar.
(2) And judging whether the receiving times within the preset time exceed the preset times. And when the receiving times within the preset time exceed the preset times, confirming that the short message is a group sending short message. And when the receiving times within the preset time do not exceed the preset times, confirming that the short message is not a group sending short message, and continuously detecting whether the client receives the short message.
In this embodiment, it is required to confirm the short message content file and the number of times of receiving the short message within a preset time at the same time to determine whether the short message is a mass-sending fraud short message.
When the content texts of the short messages are confirmed to be similar and the number of times of receiving the short messages in the preset time exceeds the preset number, the current short messages are indicated as group sending short messages;
and when the text of the short message content is confirmed to be not similar or the number of times of receiving the short message in the preset time does not exceed the preset number, indicating that the current short message is not a group-sending short message.
(3) And judging whether the short message is a fraud short message or not according to the characteristic data. When the short message is confirmed to be a fraud short message, sending fraud short message prompt information to the client; and when the short message is confirmed not to be a fraud short message, continuously detecting whether the client receives the short message.
In this embodiment, it is determined whether the website URL in the feature data is suspicious. And when the URL is suspicious, determining that the short message is a fraud short message. Specifically, whether the website URL is suspicious is detected by a siteadvisor tool.
In one embodiment, whether a web site URL in the feature data is suspicious may be identified based on a blacklisting technique. The blacklist is a list containing malicious web page URLs, IP addresses or keyword information. When the URL in the feature data exists in the blacklist, confirming that the short message is a fraud short message; and when the URL in the feature data does not exist in the blacklist, confirming that the short message is not a fraud short message.
In an embodiment, it may also be determined whether the web site URL in the feature data is suspicious based on machine learning detection techniques. Specifically, the method comprises the steps of selecting a phishing website URL characteristic vector, generating training data, training and constructing a classifier model, and classifying the URL in the characteristic data by applying a classifier.
In an embodiment, whether the number of times of occurrence of a bank account number or a mobile phone number in the feature data exceeds a threshold value and whether the IDs of clients corresponding to the bank account number or the mobile phone number are the same is determined. When the number of times of occurrence of the bank account or the mobile phone number in the feature data does not exceed the threshold value, or the IDs of the clients corresponding to the bank account or the mobile phone number are different, determining that the short message is not a mass-sending fraud short message; and when the number of times of occurrence of the bank account number or the mobile phone number in the characteristic data exceeds the threshold value and the IDs of the clients corresponding to the bank account number or the mobile phone number are the same, confirming that the short message is a mass-sending fraud short message.
The sending module 208 is configured to send the fraud message prompt message to the client.
In this embodiment, when the short message is confirmed to be a mass-sending fraud short message, a prompt message is sent to the client to prompt the user to delete or carefully process the short message.
In summary, the mass-sending fraud message detection apparatus 20 of the present invention includes a detection module 201, an extraction module 202, a calculation module 203, an analysis module 204, a receiving module 205, a recording module 206, a confirmation module 207, and a sending module 208. The detecting module 201 is configured to detect whether a client receives a short message; the extraction module 202 is configured to extract the short message content of the short message after the client receives the short message, so as to obtain a short message content text; the calculation module 203 is configured to calculate a hash value of the short message content text; the analysis module 204 is configured to analyze the short message content to obtain feature data, where the feature data at least includes a bank account, a phone number, and a URL; the receiving module 205 is configured to receive the hash values of the feature data and the short message content text sent by the client; the recording module 206 is configured to record the times of the characteristic data and the hash value sent by the client and received within a preset time; the confirmation module 207 is configured to confirm whether the short message is a mass-sending fraud short message according to the feature data, the hash value and the receiving times within a preset time; and the sending module 208 is configured to send a fraud message prompt message to the client when the short message is a mass-sending fraud message. Therefore, fraud short messages can be detected in an active defense mode, and can be distinguished in real time through background intelligent learning, so that the property of a user is protected, and the user experience is improved.
The integrated unit implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a dual-screen device, or a network device) or a processor (processor) to execute parts of the methods according to the embodiments of the present invention.
Fig. 3 is a schematic diagram of a server according to a third embodiment of the present invention.
The server 3 includes: a memory 31, at least one processor 32, a computer program 33 stored in the memory 31 and executable on the at least one processor 32, at least one communication bus 34, and a database 35.
The at least one processor 32, when executing the computer program 33, implements the steps in the above-mentioned group fraud message detection method embodiments.
Illustratively, the computer program 33 may be partitioned into one or more modules/units that are stored in the memory 31 and executed by the at least one processor 32 to carry out the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, the instruction segments describing the execution process of the computer program 33 in the server 3.
The server 3 may be a device such as a mobile phone, a tablet computer, a Personal Digital Assistant (PDA) and the like, which is installed with an application program. It will be appreciated by those skilled in the art that the schematic diagram 3 is merely an example of the server 3 and does not constitute a limitation of the server 3, and may include more or less components than those shown, or some components in combination, or different components, for example, the server 3 may further include input and output devices, network access devices, buses, etc.
The at least one Processor 32 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The processor 32 may be a microprocessor or the processor 32 may be any conventional processor or the like, and the processor 32 is a control center of the server 3 and connects various parts of the entire server 3 by various interfaces and lines.
The memory 31 may be used to store the computer program 33 and/or the module/unit, and the processor 32 implements various functions of the server 3 by running or executing the computer program and/or the module/unit stored in the memory 31 and calling data stored in the memory 31. The Memory 31 includes a Read-Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), a One-time Programmable Read-Only Memory (OTPROM), an Electrically Erasable rewritable Read-Only Memory (EEPROM), an EEPROM, a compact disc Read-Only Memory (CD-ROM) or other optical disc Memory, a magnetic disk Memory, a tape Memory, or any other non-volatile readable storage medium capable of carrying or storing data.
The memory 31 has program code stored therein, and the at least one processor 32 can call the program code stored in the memory 31 to perform related functions. For example, the modules (the detecting module 201, the extracting module 202, the calculating module 203, the parsing module 204, the receiving module 205, the recording module 206, the confirming module 207 and the sending module 208) illustrated in fig. 2 are program codes stored in the memory 31 and executed by the at least one processor 32, so as to implement the functions of the modules for the purpose of detecting mass-sent fraud short messages.
The detecting module 201 is configured to detect whether a client receives a short message;
the extraction module 202 is configured to extract the short message content of the short message after the client receives the short message, so as to obtain a short message content text;
the calculation module 203 is configured to calculate a hash value of the short message content text;
the analysis module 204 is configured to analyze the short message content to obtain feature data, where the feature data at least includes a bank account, a phone number, and a URL;
the receiving module 205 is configured to receive the hash values of the feature data and the short message content text sent by the client;
the recording module 206 is configured to record the times of the characteristic data and the hash value sent by the client and received within a preset time;
the confirmation module 207 is configured to confirm whether the short message is a mass-sending fraud short message according to the feature data, the hash value and the receiving times within a preset time; and
the sending module 208 is configured to send a fraud message prompt message to the client when the short message is a mass-sending fraud message.
The Database (Database)35 is a repository built on the server 3 that organizes, stores and manages data according to a data structure. Databases are generally classified into hierarchical databases, network databases, and relational databases. In the present embodiment, the database 35 is used to store information such as a white list of telephone numbers.
The modules/units integrated with the server 3 may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by the present application, and the computer readable instructions can be stored in a non-volatile readable storage medium and can realize the steps of the above methods when being executed by a processor. The computer readable instruction code may be in source code form, object code form, an executable file or some intermediate form, among others. The non-volatile readable medium may include: any entity or device capable of carrying said computer readable instruction code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
In the embodiments provided by the present invention, it should be understood that the disclosed server and method can be implemented in other ways. For example, the above-described server embodiment is only illustrative, and for example, the division of the unit is only one logical function division, and there may be other division ways in actual implementation.
In addition, functional units in the embodiments of the present invention may be integrated into the same processing unit, or each unit may exist alone physically, or two or more units are integrated into the same unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or that the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit scope of the technical solutions of the present invention.
Claims (10)
1. A method for detecting group-sending fraud short messages, the method comprising:
detecting whether the client receives the short message;
after the client receives the short message, extracting the short message content of the short message to obtain a short message content text;
calculating the hash value of the text of the short message content;
analyzing the short message content to obtain characteristic data, wherein the characteristic data at least comprises a bank account number, a telephone number and a website URL;
receiving the hash value of the characteristic data and the short message content text sent by a client;
recording the times of receiving the characteristic data and the hash value sent by the client within a preset time;
determining whether the short message is a mass-sending fraud short message according to the characteristic data, the hash value and the receiving times within a preset time; and
and when the short message is a mass-sending fraud short message, sending fraud short message prompt information to the client.
2. The mass-sending fraud message detection method of claim 1, wherein the step of determining whether the message is a mass-sending fraud message according to the characteristic data, the hash value and the number of receptions within a preset time comprises:
determining whether the short message content texts corresponding to the hash values are similar or not according to all the received hash values;
when the texts of the short message contents corresponding to all the received hash values are similar, judging whether the receiving times within the preset time exceed the preset times;
when the receiving times within the preset time exceed the preset times, confirming that the short message is a group sending short message;
judging whether the short messages are fraud short messages or not according to the characteristic data; and
and when the short message is a fraud short message, confirming that the short message is a mass-sending fraud short message.
3. The mass-sending fraud message detection method of claim 2, wherein the step of determining whether the message content texts corresponding to the hash values are similar according to all the received hash values comprises:
calculating the Hamming distance between the hash values corresponding to all the received short message content texts pairwise;
judging whether the Hamming distance is smaller than a preset value;
when the Hamming distance is smaller than a preset value, confirming that the two short message content texts calculated pairwise are similar; and
and when the Hamming distance is larger than or equal to a preset value, confirming that the two short message content texts calculated pairwise are not similar.
4. The mass-sending fraud message detection method of claim 2, wherein said step of determining whether the message is a fraud message according to the feature data comprises:
identifying whether the URL in the characteristic data is suspicious based on a blacklist technology;
when the URL in the feature data exists in the blacklist, confirming that the short message is a fraud short message;
and when the URL in the feature data does not exist in the blacklist, confirming that the short message is not a fraud short message.
5. The mass-sending fraud message detection method of claim 2, wherein said step of determining whether the message is a fraud message according to the feature data further comprises:
determining whether the number of times of occurrence of the bank account or the mobile phone number in the characteristic data exceeds a threshold value and whether the IDs of the clients corresponding to the bank account or the mobile phone number are the same;
when the number of times of occurrence of the bank account or the mobile phone number in the feature data does not exceed the threshold value, or the IDs of the clients corresponding to the bank account or the mobile phone number are different, determining that the short message is not a fraud short message;
and when the number of times of occurrence of the bank account number or the mobile phone number in the characteristic data exceeds the threshold value and the IDs of the clients corresponding to the bank account number or the mobile phone number are the same, determining that the short message is a fraud short message.
6. The mass-sending fraud message detection method of claim 1, wherein the step of calculating the hash value of the message content text comprises:
obtaining a characteristic word by performing word segmentation processing on a short message content text;
calculating a hash value corresponding to each feature word through a hash algorithm;
forming the hash value into a weighted digit string according to the weight of the characteristic word
Accumulating the weighted number strings corresponding to each characteristic word in the short message content text to obtain a sequence string;
the sequence string is transformed into a 01 string, forming a hash signature.
7. The group fraud message detection method of claim 1, wherein before the step of extracting the message content of the message and obtaining the message content text, the method further comprises a step of determining whether the source number for sending the message is in a phone number white list, the step comprising:
judging whether a source number for sending the short message is in a telephone number white list or not according to a local telephone number white list of the client;
when the source number exists in the phone number white list, confirming that the short message is not a fraud short message;
and when the source number does not exist in the phone number white list, executing the step of calculating the hash value of the short message content text.
8. A group fraud short message detection apparatus, the apparatus comprising:
the detection module is used for detecting whether the client receives the short message;
the extraction module is used for extracting the short message content of the short message after the client receives the short message to obtain a short message content text;
the calculation module is used for calculating the hash value of the short message content text;
the analysis module is used for analyzing the short message content to obtain characteristic data, wherein the characteristic data at least comprises a bank account number, a telephone number and a URL (uniform resource locator);
the receiving module is used for receiving the characteristic data and the hash value of the short message content text sent by the client;
the recording module is used for recording the times of the characteristic data and the hash value sent by the client and received within the preset time;
the confirmation module is used for confirming whether the short message is a mass-sending fraud short message according to the characteristic data, the hash value and the receiving times within the preset time; and
and the sending module is used for sending fraud short message prompt information to the client when the short message is a mass-sending fraud short message.
9. A server, characterized in that the server comprises a processor and a memory, the processor being configured to implement the group fraud short message detection method of any one of claims 1 to 7 when executing the computer program stored in the memory.
10. A computer readable storage medium, having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the mass-sending fraud message detection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911257445.7A CN111083705A (en) | 2019-12-10 | 2019-12-10 | Group-sending fraud short message detection method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911257445.7A CN111083705A (en) | 2019-12-10 | 2019-12-10 | Group-sending fraud short message detection method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111083705A true CN111083705A (en) | 2020-04-28 |
Family
ID=70313816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911257445.7A Pending CN111083705A (en) | 2019-12-10 | 2019-12-10 | Group-sending fraud short message detection method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111083705A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287198A (en) * | 2020-10-28 | 2021-01-29 | 上海云信留客信息科技有限公司 | Spam short message detection method based on crawler technology |
| CN113825138A (en) * | 2021-09-17 | 2021-12-21 | 平安银行股份有限公司 | Fraud short message monitoring method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104640092A (en) * | 2015-01-27 | 2015-05-20 | 北京奇虎科技有限公司 | Spam short message identifying method, client end, cloud server and system |
| CN106970911A (en) * | 2017-03-28 | 2017-07-21 | 广州中国科学院软件应用技术研究所 | A kind of strick precaution telecommunication fraud system and method based on big data and machine learning |
| CN107872772A (en) * | 2017-12-19 | 2018-04-03 | 北京奇虎科技有限公司 | The detection method and device of fraud text message |
| CN109802915A (en) * | 2017-11-16 | 2019-05-24 | 中国移动通信集团河南有限公司 | A kind of telecommunication fraud detection processing method and device |
| CN109982272A (en) * | 2019-02-13 | 2019-07-05 | 北京航空航天大学 | A kind of fraud text message recognition methods and device |
-
2019
- 2019-12-10 CN CN201911257445.7A patent/CN111083705A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104640092A (en) * | 2015-01-27 | 2015-05-20 | 北京奇虎科技有限公司 | Spam short message identifying method, client end, cloud server and system |
| CN106970911A (en) * | 2017-03-28 | 2017-07-21 | 广州中国科学院软件应用技术研究所 | A kind of strick precaution telecommunication fraud system and method based on big data and machine learning |
| CN109802915A (en) * | 2017-11-16 | 2019-05-24 | 中国移动通信集团河南有限公司 | A kind of telecommunication fraud detection processing method and device |
| CN107872772A (en) * | 2017-12-19 | 2018-04-03 | 北京奇虎科技有限公司 | The detection method and device of fraud text message |
| CN109982272A (en) * | 2019-02-13 | 2019-07-05 | 北京航空航天大学 | A kind of fraud text message recognition methods and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287198A (en) * | 2020-10-28 | 2021-01-29 | 上海云信留客信息科技有限公司 | Spam short message detection method based on crawler technology |
| CN112287198B (en) * | 2020-10-28 | 2023-12-01 | 上海云信留客信息科技有限公司 | Junk short message detection method based on crawler technology |
| CN113825138A (en) * | 2021-09-17 | 2021-12-21 | 平安银行股份有限公司 | Fraud short message monitoring method and device, electronic equipment and storage medium |
| CN113825138B (en) * | 2021-09-17 | 2023-05-23 | 平安银行股份有限公司 | Fraud short message monitoring method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9189746B2 (en) | Machine-learning based classification of user accounts based on email addresses and other account information | |
| CN108650260B (en) | Malicious website identification method and device | |
| CN110177114B (en) | Network security threat indicator identification method, equipment, device and computer readable storage medium | |
| US9055419B2 (en) | Mobile terminal to recommend a short message recipient | |
| CN108491720B (en) | Application identification method, system and related equipment | |
| CN110275965A (en) | Pseudo event detection method, electronic device and computer readable storage medium | |
| CN111083705A (en) | Group-sending fraud short message detection method, device, server and storage medium | |
| CN112948725A (en) | Phishing website URL detection method and system based on machine learning | |
| CN115004181A (en) | Webpage detection method and device, electronic equipment and storage medium | |
| CN108509794A (en) | A kind of malicious web pages defence detection method based on classification learning algorithm | |
| CN113067792A (en) | XSS attack identification method, device, equipment and medium | |
| CN106936807A (en) | A kind of recognition methods of malicious operation and device | |
| US9584537B2 (en) | System and method for detecting mobile cyber incident | |
| CN115374793B (en) | Voice data processing method based on service scene recognition and related device | |
| CN114363839B (en) | Fraud data early warning method, device, equipment and storage medium | |
| CN114760119B (en) | Phishing mail attack detection method, device and system | |
| CN113472686B (en) | Information identification method, device, equipment and storage medium | |
| CN117009832A (en) | Abnormal command detection method and device, electronic equipment and storage medium | |
| CN115544558A (en) | Sensitive information detection method and device, computer equipment and storage medium | |
| CN114499980A (en) | Phishing mail detection method, device, equipment and storage medium | |
| CN114722385A (en) | Flow information analysis method, system and related components | |
| CN111063340A (en) | Service processing method and device of terminal, terminal and computer readable storage medium | |
| CN111177362A (en) | Information processing method, device, server and medium | |
| CN111191234A (en) | Method and device for detecting virus information | |
| KR102552330B1 (en) | System and Method for detecting malicious internet address using search engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210203 Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant after: Shenzhen saiante Technology Service Co.,Ltd. Address before: 518000 1st-34th floor, Qianhai free trade building, 3048 Mawan Xinghai Avenue, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong Applicant before: Ping An International Smart City Technology Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200428 |