CN111147668A - Anti-telecommunication fraud identification method based on IMEI and communication behaviors - Google Patents
Anti-telecommunication fraud identification method based on IMEI and communication behaviors Download PDFInfo
- Publication number
- CN111147668A CN111147668A CN201911375045.6A CN201911375045A CN111147668A CN 111147668 A CN111147668 A CN 111147668A CN 201911375045 A CN201911375045 A CN 201911375045A CN 111147668 A CN111147668 A CN 111147668A
- Authority
- CN
- China
- Prior art keywords
- imei
- fraud
- communication behavior
- data
- numbers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
- H04M3/2281—Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Abstract
The invention relates to an anti-telecommunication fraud identification method based on IMEI and communication behaviors, which comprises the steps of collecting IMEI data used by numbers with confirmed telecommunication fraud, reversely pushing and expanding a suspicious number set based on the IMEI data, cleaning the suspicious number set to obtain corresponding communication data, and judging whether the suspicious number is a highly suspicious fraud number. The method is characterized in that the same mobile phone terminal is used based on a plurality of fraud numbers, suspected fraud numbers are identified through the mobile phone terminal used by a telecom fraud molecule, and then the suspected fraud numbers are screened and determined by combining the communication behaviors of the numbers; based on mining and analyzing a large number of fraud numbers, most fraud numbers have a large number of calling parties in a short time or are in a dormant state because the fraud numbers are not used for fraud temporarily, including call dormancy and data traffic use dormancy, so that targeted and targeted grabbing can be realized; the method has better robustness, can quickly counteract novel fraud, and can more efficiently attack group fraud.
Description
Technical Field
The invention relates to the technical field of telephone communication, in particular to an anti-telecommunication fraud identification method based on IMEI and communication behaviors.
Background
Telecommunication fraud refers to the criminal act of compiling false information, setting up a fraud bureau, carrying out remote and non-contact fraud on the victim and inducing the victim to make money or transfer money by means of telephone, network or short message.
At the beginning of fraud, a fraud molecule can buy a large number of mobile phone cards from card merchants and simultaneously carry out a large amount of outgoing fraud in combination with mobile phone terminals, and generally speaking, the fraud molecule can use more than one number card for fraud every day, namely, a plurality of fraud numbers are used by the same mobile phone terminal.
In the prior art, the telecom fraud is managed by utilizing characteristic rules to develop a telecom anti-fraud model according to dimensions such as calling rate, calling number and call rate of fraud numbers, and suspected fraud numbers are captured through the rules, however, fraud molecules can find critical points through various threshold tests and test the rule thresholds of the model, so that anti-fraud identification of the model is purposefully avoided, the traditional fraud model slowly fails after being used for a period of time, quick response to many novel fraud models cannot be achieved, and dispute exists on robustness of the fraud model.
Disclosure of Invention
The invention solves the problems that the traditional telecommunication anti-fraud model is easy to find a critical point by a fraud molecule through limited tests and tests the rule threshold of the model in the prior art, thereby pertinently avoiding the model identification, the model is easy to lose efficacy and the new fraud cannot respond quickly, and provides an optimized anti-telecommunication fraud identification method based on IMEI and communication behaviors.
The technical scheme adopted by the invention is that an anti-telecommunication fraud recognition method based on IMEI and communication behaviors comprises the following steps:
step 1: collecting IMEI data used by numbers for which telecommunications fraud has been confirmed;
step 2: expanding a set of suspicious numbers based on the collected IMEI data;
and step 3: cleaning the suspicious number set;
and 4, step 4: acquiring corresponding communication data based on the cleaned suspicious number set;
and 5: and analyzing the communication behavior based on the communication data, and judging whether the suspicious number is a highly suspicious fraud number.
Preferably, in step 1, tracing to the source in the operator database by using the number for confirming the telecom fraud, and finding the terminal IMEI information used by the number as the IMEI data.
Preferably, the IMEI data is screened with the time interval between the last use time and the earliest use time of any number in the mobile terminal being greater than a preset value.
Preferably, in step 2, based on matching the collected IMEI data with the user IMEI table of the operator, a number with the same IMEI data is obtained, and a suspicious number set is expanded.
Preferably, in the step 3, the expanded suspicious number set is screened on the condition that a single IMEI data corresponds to a number exceeding a preset value.
Preferably, in step 4, the communication data includes call volume, calling volume, and traffic usage data of any number.
Preferably, in the step 5, the communication behavior includes a calling dialing behavior in unit time and a communication state of a number without a call and/or a traffic.
Preferably, the step of determining the suspected number as the highly suspected fraud number includes that the number of calling out exceeds a threshold value in a unit time and the number is in a no-call and/or no-traffic state, and the number is in a corresponding call dormant state and/or a no-traffic state.
Preferably, the determining that the suspected number is a highly suspected fraud number further includes that the current number satisfies the calling rate, calling _ rate, greater than or equal to C1, total call count, calling _ cnt, greater than C2, and traffic usage net _ flux, less than or equal to N1 within the last N days, wherein calling _ rate = calling _ cnt/calling _ cnt, and calling _ cnt is the calling amount of the call.
Preferably, the determination that the suspected number is a highly suspected fraud number further includes that the total call _ cnt of the current number satisfying the last N days is C3 and the traffic usage net _ flux is N2.
The invention relates to an optimized anti-telecommunication fraud recognition method based on IMEI and communication behaviors, which comprises the steps of collecting IMEI data used by numbers with confirmed telecommunication fraud, reversely pushing and expanding a suspicious number set based on the IMEI data, cleaning the suspicious number set to obtain corresponding communication data, and judging whether the suspicious number is a highly suspicious fraud number.
The method is based on the characteristic that a plurality of fraud numbers use the same mobile phone terminal, can identify suspected fraud numbers through the mobile phone terminal used by a telecommunication fraud molecule, and then screens and determines highly suspected fraud numbers by combining the communication behaviors of the numbers; based on mining and analyzing a large number of fraud numbers, most fraud numbers have a large number of calling parties in a short time or are in a dormant state because the fraud numbers are not used for fraud temporarily, including call dormancy and data traffic use dormancy, so that targeted and targeted grabbing can be realized; the method has better robustness, can quickly counteract novel fraud, and can more efficiently attack group fraud.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The present invention is described in further detail with reference to the following examples, but the scope of the present invention is not limited thereto.
The invention relates to an anti-telecommunication fraud identification method based on IMEI and communication behaviors, wherein the English of IMEI is called International Mobile Equipment Identity, is an abbreviation of International Mobile Equipment Identity, corresponds to each Mobile phone one by one and is unique all over the world.
In the invention, for fraud molecules, the necessary fraud tools are a mobile phone terminal and a mobile phone number card, the mobile phone and the number card are used for carrying out massive calling fraud in the fraud process, and as the replacement cost of the mobile phone terminal is relatively higher, a fraudster can use a plurality of number cards in a single mobile phone terminal in the fraud process; suspicious numbers are captured directionally according to the IMEI number of the mobile phone terminal, and the suspected telecom fraud numbers can be captured accurately by combining the communication behavior characteristics of a large number of fraud numbers.
The communication behavior characteristics comprise that a large number of calling parties are dialed in a short time, and the number is not in communication, namely, the communication is dormant, and the flow is dormant.
In the invention, in fact, part of numbers with fraud molecules are reported by victims every day, public security or operators can collect reporting records containing fraud numbers and specific fraud time, and the operators can inquire the mobile phone terminal serial numbers (namely IMEI) used by the numbers in a database according to the numbers, so that other numbers using the same IMEI number can be expanded, and a large number of highly suspicious fraud numbers can be identified by combining the common characteristics of the fraud numbers, thereby solving the rapid countermeasures to novel fraud and having a certain function of fighting fraud groups.
The method comprises the following steps.
Step 1: IMEI data used by numbers for which telecommunications fraud has been confirmed is collected.
In the step 1, tracing the source in the operator database by using the number for confirming the telecom fraud, and finding the IMEI information of the terminal used by the number as the IMEI data.
And screening the IMEI data according to the time interval between the last use time and the earliest use time of any number in the mobile terminal, wherein the time interval is larger than a preset value.
In the present invention, the collected data typically originates from 12321 fraud telephone complaints and fraud telephone complaint records received by the police department.
In the invention, because the mobile phone of a salesman activates the card operation when opening the number, the IMEI of the salesman needs to be excluded, and the IMEI is generally excluded by using the existing time threshold of any number card at the terminal, if the terminal of the salesman is used, the using time of the terminal is less than the time threshold, such as 15 minutes.
Step 2: the suspect number set is augmented based on the collected IMEI data.
In step 2, based on the collected IMEI data, the IMEI data is matched with the user IMEI table of the operator, the number with the same IMEI data is obtained, and the suspicious number set is expanded.
In the invention, the collected IMEI data is utilized to be subjected to collision derivation with a user IMEI table of an operator generally in a unit of day, and the number using the same IMEI is found out.
In the present invention, the frequency of matching is generally every 24 hours.
And step 3: and cleaning the suspicious number set.
In the step 3, the expanded suspicious number set is screened under the condition that a single IMEI data corresponds to a number exceeding a preset value.
In the invention, the use of more than N cards on a single IMEI is excluded, generally, the IMEI of a mobile phone of an operator business hall personnel meets the filtering condition, and a batch of high-quality derivative numbers are obtained after filtering.
In the present invention, the filtering is mainly to filter the IMEI of the emulational machine and the IMEI of the operator office staff, because the IMEI of the emulational machine can be modified, many numbers related to the IMEI are not fraud numbers, and the IMEI of the operator office staff is generally large in number and is not a target number.
And 4, step 4: and acquiring corresponding communication data based on the cleaned suspicious number set.
In the step 4, the communication data includes call volume, calling volume, and traffic usage data of any number.
In the invention, the call volume, the calling volume and the flow volume are acquired by a time axis mode by using data.
And 5: and analyzing the communication behavior based on the communication data, and judging whether the suspicious number is a highly suspicious fraud number.
In the step 5, the communication behavior includes a calling dialing behavior in unit time and a communication state of a number under a no-call and/or no-flow state.
The step of judging the suspicious number as the highly suspicious fraud number comprises that the calling dialing times exceed a threshold value in unit time and the number is in a non-call state and/or a non-flow state, and the number corresponds to a call dormancy state and/or a flow dormancy state.
Judging the suspected number as a highly suspected fraud number further includes that the current number satisfies the calling call rate of the last N days, namely, calling _ rate is greater than or equal to C1, call total amount call _ cnt is greater than C2, and traffic usage net _ flux is less than or equal to N1, wherein calling _ rate = calling _ cnt/call _ cnt, and calling _ cnt is the calling call amount.
Determining the suspected number as a highly suspected fraud number further includes that the total call count call _ cnt of the current number satisfying the last N days is C3 and the traffic usage net _ flux is N2.
In the present invention, the communication behavior characteristics of the telecommunication fraud number generally include that a large number of callers are dialed out in a short time, and the number is dormant without a call, and is dormant without traffic usage, i.e. traffic dormancy.
In the invention, generally speaking, the communication data is more accurate to analyze by taking the data of nearly three days; for example, in the last three days, the loading _ rate is greater than or equal to 0.8, the total call volume call _ cnt is greater than 0 and the traffic usage net _ flux is less than or equal to 100M, or the call _ cnt is 0 and the traffic usage net _ flux is 0, and then the suspected number is determined to be a highly suspected fraud number.
The invention collects the IMEI data used by the numbers which confirm the telecommunication fraud, reversely pushes and expands the suspicious number set based on the IMEI data, cleans the suspicious number set, acquires the corresponding communication data and judges whether the suspicious number is a highly suspicious fraud number.
The method is based on the characteristic that a plurality of fraud numbers use the same mobile phone terminal, can identify suspected fraud numbers through the mobile phone terminal used by a telecommunication fraud molecule, and then screens and determines highly suspected fraud numbers by combining the communication behaviors of the numbers; based on mining and analyzing a large number of fraud numbers, most fraud numbers have a large number of calling parties in a short time or are in a dormant state because the fraud numbers are not used for fraud temporarily, including call dormancy and data traffic use dormancy, so that targeted and targeted grabbing can be realized; the method has better robustness, can quickly counteract novel fraud, and can more efficiently attack group fraud.
Claims (10)
1. An anti-telecommunication fraud recognition method based on IMEI and communication behavior is characterized in that: the method comprises the following steps:
step 1: collecting IMEI data used by numbers for which telecommunications fraud has been confirmed;
step 2: expanding a set of suspicious numbers based on the collected IMEI data;
and step 3: cleaning the suspicious number set;
and 4, step 4: acquiring corresponding communication data based on the cleaned suspicious number set;
and 5: and analyzing the communication behavior based on the communication data, and judging whether the suspicious number is a highly suspicious fraud number.
2. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 1, wherein said IMEI and communication behavior comprises: in the step 1, tracing the source in the operator database by using the number for confirming the telecom fraud, and finding the IMEI information of the terminal used by the number as the IMEI data.
3. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 2, wherein said IMEI and communication behavior comprises: and screening the IMEI data according to the time interval between the last use time and the earliest use time of any number in the mobile terminal, wherein the time interval is larger than a preset value.
4. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 1, wherein said IMEI and communication behavior comprises: in step 2, based on the collected IMEI data, the IMEI data is matched with the user IMEI table of the operator, the number with the same IMEI data is obtained, and the suspicious number set is expanded.
5. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 1, wherein said IMEI and communication behavior comprises: in the step 3, the expanded suspicious number set is screened under the condition that a single IMEI data corresponds to a number exceeding a preset value.
6. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 1, wherein said IMEI and communication behavior comprises: in the step 4, the communication data includes call volume, calling volume, and traffic usage data of any number.
7. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 1, wherein said IMEI and communication behavior comprises: in the step 5, the communication behavior includes a calling dialing behavior in unit time and a communication state of a number under a no-call and/or no-flow state.
8. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 7, wherein said IMEI and communication behavior comprises: the step of judging the suspicious number as the highly suspicious fraud number comprises that the calling dialing times exceed a threshold value in unit time and the number is in a non-call state and/or a non-flow state, and the number corresponds to a call dormancy state and/or a flow dormancy state.
9. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 8, wherein said IMEI and communication behavior comprises: judging the suspected number as a highly suspected fraud number further includes that the current number satisfies the calling call rate of the last N days, namely, calling _ rate is greater than or equal to C1, call total amount call _ cnt is greater than C2, and traffic usage net _ flux is less than or equal to N1, wherein calling _ rate = calling _ cnt/call _ cnt, and calling _ cnt is the calling call amount.
10. The IMEI and communication behavior based anti-telecommunication fraud recognition method of claim 8, wherein said IMEI and communication behavior comprises: determining the suspected number as a highly suspected fraud number further includes that the total call count call _ cnt of the current number satisfying the last N days is C3 and the traffic usage net _ flux is N2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911375045.6A CN111147668A (en) | 2019-12-27 | 2019-12-27 | Anti-telecommunication fraud identification method based on IMEI and communication behaviors |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911375045.6A CN111147668A (en) | 2019-12-27 | 2019-12-27 | Anti-telecommunication fraud identification method based on IMEI and communication behaviors |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111147668A true CN111147668A (en) | 2020-05-12 |
Family
ID=70520921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911375045.6A Withdrawn CN111147668A (en) | 2019-12-27 | 2019-12-27 | Anti-telecommunication fraud identification method based on IMEI and communication behaviors |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111147668A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114980116A (en) * | 2022-05-17 | 2022-08-30 | 中移互联网有限公司 | Target number identification method based on 5G message and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013030574A1 (en) * | 2011-08-31 | 2013-03-07 | Bae Systems Plc | Detection of potentially fraudulent activity by users of mobile communications networks |
| CN104486514A (en) * | 2014-12-05 | 2015-04-01 | 中国联合网络通信集团有限公司 | Method and device for recognizing dubious calls |
| CN105611084A (en) * | 2016-01-29 | 2016-05-25 | 中国联合网络通信集团有限公司 | User fraud suspiciousness degree calculation method and suspiciousness degree calculation system |
| CN106331390A (en) * | 2016-11-23 | 2017-01-11 | 杭州东信北邮信息技术有限公司 | Method and system for identifying fraud number based on call data |
| CN108270931A (en) * | 2016-12-30 | 2018-07-10 | 联芯科技有限公司 | The anti-anti-harassment method of swindle of mobile phone based on IMEI labels |
| CN108924333A (en) * | 2018-06-12 | 2018-11-30 | 阿里巴巴集团控股有限公司 | Fraudulent call recognition methods, device and system |
| CN110536302A (en) * | 2018-05-25 | 2019-12-03 | 中国移动通信集团广东有限公司 | Telecommunication fraud based reminding method and device |
-
2019
- 2019-12-27 CN CN201911375045.6A patent/CN111147668A/en not_active Withdrawn
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013030574A1 (en) * | 2011-08-31 | 2013-03-07 | Bae Systems Plc | Detection of potentially fraudulent activity by users of mobile communications networks |
| CN104486514A (en) * | 2014-12-05 | 2015-04-01 | 中国联合网络通信集团有限公司 | Method and device for recognizing dubious calls |
| CN105611084A (en) * | 2016-01-29 | 2016-05-25 | 中国联合网络通信集团有限公司 | User fraud suspiciousness degree calculation method and suspiciousness degree calculation system |
| CN106331390A (en) * | 2016-11-23 | 2017-01-11 | 杭州东信北邮信息技术有限公司 | Method and system for identifying fraud number based on call data |
| CN108270931A (en) * | 2016-12-30 | 2018-07-10 | 联芯科技有限公司 | The anti-anti-harassment method of swindle of mobile phone based on IMEI labels |
| CN110536302A (en) * | 2018-05-25 | 2019-12-03 | 中国移动通信集团广东有限公司 | Telecommunication fraud based reminding method and device |
| CN108924333A (en) * | 2018-06-12 | 2018-11-30 | 阿里巴巴集团控股有限公司 | Fraudulent call recognition methods, device and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114980116A (en) * | 2022-05-17 | 2022-08-30 | 中移互联网有限公司 | Target number identification method based on 5G message and electronic equipment |
| CN114980116B (en) * | 2022-05-17 | 2023-09-19 | 中移互联网有限公司 | Target number identification method based on 5G message and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3324607B1 (en) | Fraud detection on a communication network | |
| CN106791220B (en) | Method and system for preventing telephone fraud | |
| CN100579150C (en) | Method for screen selecting and catching vicious disturbing calls | |
| CN110381218B (en) | Method and device for identifying telephone fraud groups | |
| US6570968B1 (en) | Alert suppression in a telecommunications fraud control system | |
| US6636592B2 (en) | Method and system for using bad billed number records to prevent fraud in a telecommunication system | |
| CN111147668A (en) | Anti-telecommunication fraud identification method based on IMEI and communication behaviors | |
| CN108198086B (en) | Method and device for identifying disturbance source according to communication behavior characteristics | |
| CN114169438A (en) | Telecommunication network fraud identification method, device, equipment and storage medium | |
| CN102256255A (en) | Detection method for parallel-used-card proof based on time and geographic location collisions | |
| CN111901790A (en) | Method, device, electronic device and storage medium for identifying telecommunication fraud | |
| CN110536302A (en) | Telecommunication fraud based reminding method and device | |
| CN108848278A (en) | No.1 multiple terminals service security monitoring method, device and equipment | |
| CN107733900B (en) | A kind of communication network users abnormal call behavioral value method for early warning | |
| CN109087197A (en) | A kind of change recognition methods of number and device | |
| CN114168423A (en) | Abnormal number calling monitoring method, device, equipment and storage medium | |
| CN101600026A (en) | A kind of in communication network the method for monitoring harassing calls | |
| CN114205462A (en) | Fraud telephone identification method, device, system and computer storage medium | |
| CN113723788A (en) | Internet of things card risk identification method and system based on multi-dimensional correlation detection model | |
| CN101820367A (en) | Spam over internet telephony monitoring method, device and system | |
| CN114025041B (en) | System and method for rapidly identifying nuisance calls based on non-frequency characteristics of signaling | |
| CN113965932A (en) | Illegal user identification method, device and storage medium | |
| CN104486514B (en) | A kind of recognition methods of suspicious call and device | |
| CN113890941A (en) | Method and device for identifying illegal number | |
| CN109168155A (en) | A kind of number change verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200512 |