CN111385420B - User identification method and device, storage medium and electronic device - Google Patents

User identification method and device, storage medium and electronic device Download PDF

Info

Publication number
CN111385420B
CN111385420B CN201811643621.6A CN201811643621A CN111385420B CN 111385420 B CN111385420 B CN 111385420B CN 201811643621 A CN201811643621 A CN 201811643621A CN 111385420 B CN111385420 B CN 111385420B
Authority
CN
China
Prior art keywords
user
nwdaf
identified
weight matrix
characteristic value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811643621.6A
Other languages
Chinese (zh)
Other versions
CN111385420A (en
Inventor
王修中
李俊
王超
陆钱春
曹敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201811643621.6A priority Critical patent/CN111385420B/en
Priority to PCT/CN2019/114068 priority patent/WO2020134523A1/en
Publication of CN111385420A publication Critical patent/CN111385420A/en
Application granted granted Critical
Publication of CN111385420B publication Critical patent/CN111385420B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • H04M3/4365Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it based on information specified by the calling party, e.g. priority or subject
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6027Fraud preventions

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a user identification method and device. The method comprises the following steps: when a number is called, a network data analysis entity NWDAF inquires the identity of a user to be identified corresponding to the number, and merges the calling data with the identity; the NWDAF acquires a weight matrix obtained by carrying out neural network training on the characteristic value of the identified user; and the NWDAF calculates the characteristic value of the user to be identified through the weight matrix, and determines the possibility of the fraudulent user of the user to be identified according to the calculation result. The method and the device have the advantages that the defects that the judgment of the cheating user is simple and single at present and the judgment of the cheating user cannot be communicated with the network element in real time are overcome, and meanwhile, the accuracy can be obviously improved along with the learning process due to the independent learning.

Description

User identification method and device, storage medium and electronic device
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for identifying a user, a storage medium, and an electronic apparatus.
Background
In telecommunications networks, telephony fraud is a long-standing stubborn problem, both domestic and foreign. Telephone fraud mainly sends carpet fraud information through telephone and short message, and law enforcement department inspection is sometimes evaded through number changing and the like. Telephone fraud is mainly compromised as follows: firstly, precious network resources are occupied; secondly, the utility model is a nuisance for the user and an interruption to normal work and life; thirdly, after the scale of telephone fraud is gradually increased, the credit of a supervision department and the brand of an operator are lost, and a consumer can consider the supervision department and the operator not to be used as the loss.
Operators have taken some technical measures to circumvent this phenomenon, but with little success. The main reason is that the detection method and the processing method adopted at present are single and easy to avoid. These methods mainly have the following technical problems:
and (5) carrying out posterior analysis. The prior art is based on the analysis of Call Detail Record (CDR), such as CN108093405 and CN102567788 in the search report. The phone bill is collected from a Charging Gateway (CG) or a real-time Charging System (OCS) through a collection interface machine after the call of the user has been completed.
Based on the number. In the prior art, whether an intelligent algorithm is adopted or not is based on number analysis, because a third-party system cannot be communicated with a Home Subscription Server (HSS)/Home Location Register (HLR) of a core network, the account opening/Subscription information of a user cannot be acquired. In this case, even if a certain number can be determined to be a fraud number, a fraudster can avoid the fraud number by simply changing the number.
The model is simple. US 9729729729727, CN108093405, CN102567788 in the current search reports actually adopt clustering algorithms, and the result of the algorithm is very definite 0 or 1, namely fraud or not fraud. However, in practical situations, there are some numbers between the two, which cannot be judged by the user currently.
Disclosure of Invention
The embodiment of the invention provides a user identification method, a user identification device, a storage medium and an electronic device, which at least solve the problem of poor user experience caused by single laggard identification method of a cheating user in the related technology.
According to an embodiment of the present invention, there is provided a user identification method including: when a number is called, a network data analysis entity NWDAF inquires the identity of a user to be identified corresponding to the number, and merges the calling data with the identity; the NWDAF acquires a weight matrix obtained by carrying out neural network training on the characteristic value of the identified user; and the NWDAF calculates the characteristic value of the user to be identified through the weight matrix, and determines the possibility of the fraudulent user of the user to be identified according to the calculation result.
Optionally, the NWDAF queries the user identity by: the NWDAF sends an inquiry request to a unified data module UDM, wherein the inquiry request carries the call data; and the NWDAF receives the user identity which is searched by the UDM according to the call data.
Optionally, the characteristic value includes at least one of: calling times, calling frequency, called discreteness, number changing frequency, short-time conversation proportion and affinity.
Optionally, the called discreteness is calculated by the following formula:
Figure GDA0003464305880000021
wherein x isiA user parameter indicative of the user in question,
Figure GDA0003464305880000022
represents a mean value of the user parameters, n represents the number of the user parameters, wherein the user parameters at least comprise one of the following: geographical location parameters, group parameters, home address of the number, home operator information of the number.
Optionally, the affinity is calculated by the following formula:
Figure GDA0003464305880000031
wherein x istRepresenting calls to commonly used contacts, xfIndicating a call to a strange contact.
Optionally, the NWDAF performs neural network training on the eigenvalue of each user to obtain a weight matrix, including: and the NWDAF determines the weight matrix according to the predicted measurement and calculation result and the actual measurement and calculation result corresponding to the characteristic value of the identified user.
Optionally, the NWDAF determining the weight matrix according to the predicted and actual measurements of the eigenvalues of the identified users comprises: the NWDAF calculates the square difference of the predicted measuring and calculating result and the actual measuring and calculating result, and determines an error function; the NWDAF derives the characteristic value of the identified user through the error function, and obtains a weight value; constructing, by the NWDAF, the weight matrix according to the weight values.
Optionally, determining the fraudulent user probability of the user to be identified comprises: the NWDAF constructs an input matrix according to information contained in the characteristic value of the user to be identified; after the NWDAF multiplies the input matrix and the weight matrix, summing and averaging calculation is carried out on the multiplication result to obtain a measurement average value; the NWDAF determines a fraudulent user likelihood of the user to be identified from the measured average.
Optionally, the NWDAF determines whether a difference between the measured average and a fraud threshold falls within a preset difference; if the judgment result is yes, the NWDAF judges that the user is a fraudulent user; and under the condition that the judgment result is negative, the NWDAF judges that the user is a normal user.
Optionally, before the NWDAF queries the corresponding user identity of the number, the method further comprises: and the NWDAF receives voice call information of the number subscribed from a preset network element.
Optionally, when the preset network element selects a network element NSSF for a network service, the NWDAF receives subscribed voice slice information; when the preset network element is a session management network element (SMF) or an IP Multimedia Subsystem (IMS), the NWDAF receives subscribed voice attribute information; when the preset network element is a user plane network element UPF, the NWDAF receives VoIP data attribute information; wherein the voice attribute information or the VoIP attribute information at least includes one of the following: calling and called identification, time length, calling and called types, calling and called home networks and calling and called home locations.
Optionally, after determining whether the user is a fraudulent user, the method further comprises: before inquiring the identity of the user to be identified, the NWDAF receives a fraudulent user inquiry request sent by the SMF; the NWDAF returns the rogue user potential to the SMF for session control management.
According to another embodiment of the present invention, there is provided an identification apparatus of a user, including: the processing module is used for inquiring the identity of a user to be identified corresponding to the number when the number is called, and merging the calling data with the identity; the calculation module is used for acquiring a weight matrix obtained by carrying out neural network training on the characteristic values of the identified users; and the determining module is used for measuring and calculating the characteristic value of the user to be identified through the weight matrix and determining the possibility of the fraudulent user of the user to be identified according to a measuring and calculating result.
According to a further embodiment of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
By the method and the device, the neural network learning is carried out on the identified user in the network side, and the user to be identified is verified, so that the problem of poor user experience caused by the laggard and single identification method of the fraudulent user can be solved, the defects that the judgment of the fraudulent user is simple and crude, single and cannot be communicated with the network element in real time at present are overcome, and meanwhile, the accuracy can be obviously improved along with the learning process due to the autonomous learning.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart of a user identification method according to an embodiment of the present invention;
FIG. 2 is a graph showing the output of the measurement results according to the embodiment of the present invention;
FIG. 3 is a flow chart of voice information collection according to an embodiment of the present invention;
fig. 4 is a block diagram of a user identification apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Example 1
In this embodiment, a method for identifying a user is provided, and fig. 1 is a flowchart of a method for identifying a user according to an embodiment of the present invention, as shown in fig. 1, the flowchart includes the following steps:
step S102, when a number is called, a network data analysis entity NWDAF inquires the identity of a user to be identified corresponding to the number, and merges the calling data with the identity;
step S104, the NWDAF acquires a weight matrix obtained by carrying out neural network training on the characteristic value of the identified user;
and S106, the NWDAF calculates the characteristic value of the user to be identified through the weight matrix, and determines the possibility of the fraudulent user of the user to be identified according to the calculation result.
Optionally, the NWDAF queries the user identity by: the NWDAF sends an inquiry request to a unified data module UDM, wherein the inquiry request carries the call data; and the NWDAF receives the user identity which is searched by the UDM according to the call data.
Optionally, the characteristic value includes at least one of: calling times, calling frequency, called discreteness, number changing frequency, short-time conversation proportion and affinity.
Optionally, the called discreteness is calculated by the following formula:
Figure GDA0003464305880000061
wherein x isiA user parameter indicative of the user in question,
Figure GDA0003464305880000062
represents a mean value of the user parameters, n represents the number of the user parameters, wherein the user parameters at least comprise one of the following: geographical location parameters, group parameters, home address of the number, home operator information of the number.
Optionally, the affinity is calculated by the following formula:
Figure GDA0003464305880000063
wherein x istRepresenting calls to commonly used contacts, xfIndicating a call to a strange contact.
Optionally, the NWDAF performs neural network training on the eigenvalue of each user to obtain a weight matrix, including: and the NWDAF determines the weight matrix according to the predicted measurement and calculation result and the actual measurement and calculation result corresponding to the characteristic value of the identified user.
Optionally, the NWDAF determining the weight matrix according to the predicted and actual measurements of the eigenvalues of the identified users comprises: the NWDAF calculates the square difference of the predicted measuring and calculating result and the actual measuring and calculating result, and determines an error function; and the NWDAF derives the characteristic value of the identified user through the error function, and obtains a weight value.
In addition, for convenience of calculation, normalization processing is required in the above process, so that the value ranges of the predicted measurement result, the actual measurement result, and the feature values of the identified users are located in a closed interval between 0 and 1.
Specifically, the process of data training is as follows:
the definition F is the characteristic data of the signed user, the definition W is the weight coefficient, and the definition Y is the fraud possibility of the user. Then there are
Formula 1 where F and W are Y
Wherein F ═ F1,f2,...,fn),W=(w1,w2,...,wn)T
Training a weight coefficient matrix W by adopting a neural network model, setting the hidden layer depth of the neural network as d, and then
Figure GDA0003464305880000071
Obtaining a predicted measurement result through forward calculation, and defining an error coefficient delta as the square of the difference between the predicted measurement result Y and the actual measurement result Y', so as to have:
δ=||(X·W+b)-Y'||2formula 3
Where b is a bias term, and Y ═ X · W + b, where X is an input value of a feature value of the identified user. The error function δ is a quadratic function of the input variable X, and the derivation of X can be calculated to obtain the parameter values in the coefficient matrix W. And performing normalization processing on the input parameter X in the calculation process to enable the value ranges of the input variable X and the output variable Y to be in a closed interval of [0,1 ].
Defining a fraudulent user decision coefficient as delta, then
Figure GDA0003464305880000072
Optionally, determining whether the user to be identified is a fraudulent user includes: the NWDAF constructs an input matrix according to information contained in the characteristic value of the user to be identified; after the NWDAF multiplies the input matrix and the weight matrix, summing and averaging calculation is carried out on the multiplication result to obtain a measurement average value; the NWDAF determines a fraudulent user likelihood of the user to be identified from the measured average.
Optionally, the NWDAF determines whether a difference between the measured average and the fraud value falls within a preset difference threshold; if the judgment result is yes, the NWDAF determines that the user is a fraudulent user; and under the condition that the judgment result is negative, the NWDAF determines that the user is a normal user.
In particular, although the primary purpose of the NWDAF is to determine the likelihood of fraud for the user to be identified. In some embodiments the NWDAF may also be capable of giving a certain result based on the likelihood of fraud. I.e. whether it is a fraudulent user. For example, a value of 0.5 means an absolute fraudulent user, i.e. a fraud threshold, while a fraudulent user can be considered as a fraudulent user as long as a range of 0.4-0.6 is met. Then if the measured average value when the NWDAF determines is 0.3, the subscriber may be considered by the NWDAF as a normal subscriber because the difference with the fraud threshold of 0.5 is greater than 0.1 and the network element in communication with the NWDAF is notified. And if the measurement average is 0.42, the user may be considered a rogue user by the NWDAF as the difference from the fraud threshold of 0.5 is 0.1 rains, and the network element communicating with the NWDAF is notified.
Fig. 2 is an output display diagram of a measurement result according to an embodiment of the present invention. As shown in fig. 2, the closer a user is to the straight line where a fraudulent user is located, the greater the likelihood that fraud will exist. The further away from the line of the fraudulent user, the less likely it is that fraud is present. Meanwhile, the dotted line represents a preset difference, that is, the probability that the user falling within the dotted line is a fraudulent user is very high, and the NWDAF or the network element communicating with the nwdad can be directly regarded as the fraudulent user.
This is of course not absolute. Subsequently, if a third party or other application informs that a certain fraudulent user is considered as a normal user or a fraudulent user is a normal user, the NWDAF will continue learning the special case, i.e., incorporate it into neural network learning. Therefore, the weight matrix can be better perfected, the times of misjudgment are reduced, and the identification accuracy is improved.
Specifically, for a better understanding, the following examples are also provided:
for simplicity, take only 3 training eigenvalues as an example:
suppose that each user has 3 characteristic parameters, namely called discreteness, intimacy and disambiguation and call duration. In a certain time period, the number of calls collected by 3 users is respectively:
user 1: talk 3 times
Figure GDA0003464305880000091
And (4) a user 2: talk 6 times
Figure GDA0003464305880000092
In total of 6 rows
User 3: talk 20 times
Figure GDA0003464305880000093
20 lines in total
Let the hidden layer depth of the weight matrix W in equation 4 be 3, and the initial values of all weight coefficients in the matrix be 1, then there are:
Figure GDA0003464305880000094
in expression 1, the weight coefficient value in the weight matrix W is calculated by the back propagation method of expression 3. The calculation result is as follows:
Figure GDA0003464305880000101
in the following, the user is used for measurement and calculation, the input matrix X of the users 1, 2, and 3 is multiplied by the weight matrix W, and the calculation results are respectively:
Figure GDA0003464305880000102
Figure GDA0003464305880000103
Figure GDA0003464305880000104
where the calculated result for subscriber 3 is close to the threshold value (which may be different for different operators in different country regions) 0.5, the fraud for subscriber 3 is the greatest. User 1 and user 2 are less likely to be fraudulent.
Optionally, before the NWDAF queries the corresponding user identity of the number, the method further comprises: and the NWDAF receives voice information of the number subscribed from a preset network element.
Optionally, when the preset network element is NSSF, the NWDAF receives subscribed voice slice information; when the preset network element is SMF or IMS, the NWDAF receives subscribed voice attribute information; when the preset network element is UPF, the NWDAF receives VoIP data attribute information; wherein the voice attribute information or the VoIP data attribute information at least includes one of the following: calling and called identification, time length, calling and called types, calling and called home networks and calling and called home locations.
Fig. 3 is a flow chart of voice information collection according to an embodiment of the present invention, as shown in fig. 3, including:
step S1: the NWDAF subscribes voice-related slices to NSSF (Network Service Selection Function, slice Selection Network element);
step S2: NSSF informs NDDAF of all current voice slices, including but not limited to: the type of the slice, the ID of the slice, the network elements contained in the slice, etc.;
step S3: when a new voice slice or an existing slice is changed, the NSSF notifies the NWDAF;
step S4: the NWDAF subscribes the voice class detailed information to SMF/IMS (IP Multimedia Subsystem) in the related slice;
step S5, S6: the NWDAF subscribes to a specific DPI, i.e., VoIP-based DPI detail information, to a user plane network element (UPF);
step S7: the user session ends. The IMS reports the detailed voice information in the form of a CHR or CDR (Call Detail Record). Content includes, but is not limited to: calling party, duration, called party identification, calling party type, calling party attribution network, calling party attribution place and the like;
step S8: optionally, if the user initiates the VoIP, the user plane network element (e.g., UPF) identifies the VoIP according to the DPI filter;
it should be noted that, the method for identifying VoIP by DPI: if the Code stream adopts an RTP (real time Transport Protocol), judging according to the head value of the 'payload type' of the Protocol, and taking PCM (pulse Code modulation), adaptive incremental debugging, linear predictive coding and the like as voice coding; if the code stream adopts the TCP protocol, different applications have slight differences, for example, the wechat defines a "service type" field at the beginning of the message payload to determine whether the message is voice or video.
Step S9: optionally, the user plane network element reports the VoIP details to the NWDAF, where the reporting form is CDR (Call Detail Record) or CHR. Content includes, but is not limited to: calling party, duration, called party identification, calling party type, calling party attribution network, calling party attribution place and the like;
step S10: optionally, reporting the detailed information of the voice DPI by the 4G EPC, wherein the mode and the content are the same as UPF;
optionally, after determining whether the user is a fraudulent user, the method further comprises: the NWDAF sends a session creation request to the SMF, wherein the session creation request comprises: information indicative of whether the user is a fraudulent user.
It is noted that the NWDAF may actively carry this indication information at the session creation request. Or the indication information may be returned to the SMF after the SMF sends the query request.
It should be noted that, after receiving the indication message sent by the NWDAF, the SMF can perform corresponding session control management on the rogue user. For example, mobility is restricted, SLA (Service Level agreement) is lowered, origination of a call is restricted, a number is forbidden, and the like.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
In this embodiment, a user identification apparatus is further provided, and the apparatus is used to implement the foregoing embodiments and preferred embodiments, and the description already made is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 4 is a block diagram of a user identification apparatus according to an embodiment of the present invention, and as shown in fig. 4, the apparatus includes:
the processing module 42 is configured to, when a number is called, query an identity of a user to be identified corresponding to the number, and merge call data with the identity;
a calculation module 44, configured to obtain a weight matrix obtained by performing neural network training on the feature values of the identified users;
and the determining module 46 is configured to measure and calculate the feature value of the user to be identified through the weight matrix, and determine the possibility of the fraudulent user of the user to be identified according to a measurement and calculation result.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Example 3
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, when a number is called, a network data analysis entity NWDAF inquires the identity of a user to be identified corresponding to the number, and merges the calling data with the identity;
s2, the NWDAF acquires a weight matrix obtained by training the neural network on the characteristic value of the identified user;
and S3, the NWDAF calculates the characteristic value of the user to be identified through the weight matrix, and determines the possibility of the fraudulent user of the user to be identified according to the calculation result.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, when a number is called, a network data analysis entity NWDAF inquires the identity of a user to be identified corresponding to the number, and merges the calling data with the identity;
s2, the NWDAF acquires a weight matrix obtained by training the neural network on the characteristic value of the identified user;
and S3, the NWDAF calculates the characteristic value of the user to be identified through the weight matrix, and determines the possibility of the fraudulent user of the user to be identified according to the calculation result.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.

Claims (11)

1. A method for identifying a user, comprising:
when a number is called, a network data analysis entity NWDAF inquires the identity of a user to be identified corresponding to the number, and merges the calling data with the identity;
the NWDAF acquires a weight matrix obtained by carrying out neural network training on the characteristic value of the identified user;
the NWDAF calculates the characteristic value of the user to be identified through the weight matrix, and determines the possibility of a fraudulent user of the user to be identified according to the calculation result;
the NWDAF obtains a weight matrix after performing neural network training on the eigenvalue of each user, including: the NWDAF determines the weight matrix according to a prediction measuring and calculating result and an actual measuring and calculating result corresponding to the characteristic value of the identified user;
the NWDAF determining the weight matrix according to the predicted and actual measurements of the eigenvalues of the identified users, comprising: the NWDAF calculates the square difference of the predicted measuring and calculating result and the actual measuring and calculating result, and determines an error function; the NWDAF derives the characteristic value of the identified user through the error function, and obtains a weight value; constructing the weight matrix by the NWDAF according to the weight values;
determining a fraudulent user likelihood of the user to be identified, comprising: the NWDAF constructs an input matrix according to information contained in the characteristic value of the user to be identified; after the NWDAF multiplies the input matrix and the weight matrix, summing and averaging calculation is carried out on the multiplication result to obtain a measurement average value; the NWDAF determines the probability of a fraudulent user of the user to be identified according to the measured average value;
the characteristic value includes at least one of: calling times, calling frequency, called discreteness, number changing frequency, short-time conversation proportion and affinity.
2. The method of claim 1, wherein the NWDAF queries the user identity by:
the NWDAF sends an inquiry request to a unified data module UDM, wherein the inquiry request carries the call data of the number;
and the NWDAF receives the user identity which is searched by the UDM according to the call data of the number.
3. The method of claim 1, wherein the called discreteness is calculated by the formula:
Figure FDA0003495004610000021
wherein x isiA user parameter indicative of the user in question,
Figure FDA0003495004610000022
the average value of the user parameters is represented, n represents the number of the user parameters, wherein the types of the user parameters at least comprise one of the following: geographical location parameters, group parameters, home address of the number, home operator information of the number.
4. The method of claim 1, wherein the affinity is calculated by the formula:
Figure FDA0003495004610000023
wherein x istRepresenting calls to commonly used contacts, xfIndicating a call to a strange contact.
5. The method of claim 1, further comprising:
the NWDAF determining whether a difference between the measured average and a fraud threshold falls within a preset difference;
if the judgment result is yes, the NWDAF judges that the user is a fraudulent user;
and under the condition that the judgment result is negative, the NWDAF judges that the user is a normal user.
6. The method of claim 1, wherein prior to the NWDAF querying the corresponding subscriber identity of the number, the method further comprises:
and the NWDAF receives voice call information of the number subscribed from a preset network element.
7. The method of claim 6,
when the preset network element selects a network element NSSF for the network service, the NWDAF receives subscribed voice slice information;
when the preset network element is a session management network element (SMF) or an IP Multimedia Subsystem (IMS), the NWDAF receives subscribed voice attribute information;
when the preset network element is a user plane network element UPF, the NWDAF receives VoIP data attribute information;
wherein the voice attribute information or the VoIP attribute information at least includes one of the following: calling and called identification, time length, calling and called types, calling and called home networks and calling and called home locations.
8. The method of claim 1, wherein after determining whether the user is a rogue user, the method further comprises:
before inquiring the identity of the user to be identified, the NWDAF receives a fraudulent user inquiry request sent by the SMF;
the NWDAF returns the rogue user potential to the SMF for session control management.
9. An apparatus for identifying a user, comprising:
the processing module is used for inquiring the identity of a user to be identified corresponding to the number when the number is called, and merging the calling data with the identity;
the calculation module is used for acquiring a weight matrix obtained by carrying out neural network training on the characteristic values of the identified users;
the determining module is used for measuring and calculating the characteristic value of the user to be identified through the weight matrix and determining the possibility of the fraudulent user of the user to be identified according to the measuring and calculating result;
the calculation module performs neural network training on the eigenvalue of each user to obtain a weight matrix in the following way: determining the weight matrix according to a prediction measuring and calculating result and an actual measuring and calculating result corresponding to the characteristic value of the identified user;
the calculation module determines the weight matrix according to the predicted measurement result and the actual measurement result of the characteristic value of the identified user in the following way: calculating the square difference of the predicted measuring and calculating result and the actual measuring and calculating result, and determining an error function; deriving the characteristic value of the identified user through the error function, and acquiring a weight value; constructing the weight matrix according to the weight value;
the determining module determines the probability of a fraudulent user of the user to be identified by: constructing an input matrix according to the information contained in the characteristic value of the user to be identified; after multiplying the input matrix and the weight matrix, performing summation average calculation on the multiplication result to obtain a measurement average value; determining the possibility of the fraudulent user of the user to be identified according to the measurement average value;
the characteristic value includes at least one of: calling times, calling frequency, called discreteness, number changing frequency, short-time conversation proportion and affinity.
10. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 8 when executed.
11. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 8.
CN201811643621.6A 2018-12-29 2018-12-29 User identification method and device, storage medium and electronic device Active CN111385420B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811643621.6A CN111385420B (en) 2018-12-29 2018-12-29 User identification method and device, storage medium and electronic device
PCT/CN2019/114068 WO2020134523A1 (en) 2018-12-29 2019-10-29 User identification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811643621.6A CN111385420B (en) 2018-12-29 2018-12-29 User identification method and device, storage medium and electronic device

Publications (2)

Publication Number Publication Date
CN111385420A CN111385420A (en) 2020-07-07
CN111385420B true CN111385420B (en) 2022-04-29

Family

ID=71127446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811643621.6A Active CN111385420B (en) 2018-12-29 2018-12-29 User identification method and device, storage medium and electronic device

Country Status (2)

Country Link
CN (1) CN111385420B (en)
WO (1) WO2020134523A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992801B (en) * 2020-07-27 2024-06-18 中国移动通信集团有限公司 Method and device for identifying illegal numbers, storage medium and computer equipment
EP4179749A4 (en) * 2020-07-30 2023-08-09 Huawei Technologies Co., Ltd. Entities and methods for enabling control of a usage of collected data in multiple analytics phases in communication networks
CN112788016B (en) * 2020-12-31 2023-04-18 上海欣方智能系统有限公司 Illegal user identification method and device, electronic equipment and storage medium
CN113766066A (en) * 2021-09-13 2021-12-07 上海欣方智能系统有限公司 Method and device for recognizing fraud
GB2612660A (en) * 2021-11-08 2023-05-10 Samsung Electronics Co Ltd Timing of network analytics
CN114143786A (en) * 2021-11-29 2022-03-04 爱浦路网络技术(北京)有限公司 User identification method, system, device and storage medium based on 5G
CN114567698A (en) * 2022-03-01 2022-05-31 恒安嘉新(北京)科技股份公司 Detection method, device, equipment and storage medium for fraud-related numbers

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8793131B2 (en) * 2005-04-21 2014-07-29 Verint Americas Inc. Systems, methods, and media for determining fraud patterns and creating fraud behavioral models
CN105611084A (en) * 2016-01-29 2016-05-25 中国联合网络通信集团有限公司 User fraud suspiciousness degree calculation method and suspiciousness degree calculation system
CN105636047A (en) * 2014-10-29 2016-06-01 中兴通讯股份有限公司 Fraud user detecting method, fraud user detecting device and fraud user detecting system
CN107038449A (en) * 2016-02-04 2017-08-11 中国移动(深圳)有限公司 A kind of recognition methods of fraudulent user and device
CN108093405A (en) * 2017-11-06 2018-05-29 北京邮电大学 A kind of fraudulent call number analysis method and apparatus
CN108564460A (en) * 2018-01-12 2018-09-21 阳光财产保险股份有限公司 Real-time fraud detection method under internet credit scene and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6850606B2 (en) * 2001-09-25 2005-02-01 Fair Isaac Corporation Self-learning real-time prioritization of telecommunication fraud control actions
CN107889111A (en) * 2016-09-30 2018-04-06 北京金山安全软件有限公司 Crank call identification method and device based on deep neural network
CN107944557B (en) * 2017-12-13 2021-08-13 广州市景心科技股份有限公司 Crank call identification method
CN108449482A (en) * 2018-02-09 2018-08-24 北京泰迪熊移动科技有限公司 The method and system of Number Reorganization

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8793131B2 (en) * 2005-04-21 2014-07-29 Verint Americas Inc. Systems, methods, and media for determining fraud patterns and creating fraud behavioral models
CN105636047A (en) * 2014-10-29 2016-06-01 中兴通讯股份有限公司 Fraud user detecting method, fraud user detecting device and fraud user detecting system
CN105611084A (en) * 2016-01-29 2016-05-25 中国联合网络通信集团有限公司 User fraud suspiciousness degree calculation method and suspiciousness degree calculation system
CN107038449A (en) * 2016-02-04 2017-08-11 中国移动(深圳)有限公司 A kind of recognition methods of fraudulent user and device
CN108093405A (en) * 2017-11-06 2018-05-29 北京邮电大学 A kind of fraudulent call number analysis method and apparatus
CN108564460A (en) * 2018-01-12 2018-09-21 阳光财产保险股份有限公司 Real-time fraud detection method under internet credit scene and device

Also Published As

Publication number Publication date
WO2020134523A1 (en) 2020-07-02
CN111385420A (en) 2020-07-07

Similar Documents

Publication Publication Date Title
CN111385420B (en) User identification method and device, storage medium and electronic device
US10917315B2 (en) Network service quality evaluation method and system, and network device
CN106993104B (en) Incoming call processing method and device and terminal
EP3324607A1 (en) Fraud detection on a communication network
CN110337059B (en) Analysis algorithm, server and network system for family relationship of user
WO2012078091A1 (en) Method and arrangement for ranking users
CN109168168B (en) Method for detecting international embezzlement
CN104113869B (en) A kind of potential report user's Forecasting Methodology and system based on signaling data
CN107295491B (en) Method and system for automatically screening calling subscriber during call forwarding
CN108513313A (en) One germplasm difference cell determining method and equipment
CN107231494A (en) A kind of acquisition methods of user communication characteristic, storage medium and electronic equipment
US20210352516A1 (en) Estimating apparatus, system, method, and computer-readable medium, and learning apparatus, method, and computer-readable medium
CN110113748A (en) Harassing call monitoring method, device
CN114169438A (en) Telecommunication network fraud identification method, device, equipment and storage medium
CN110677269A (en) Method and device for determining communication user relationship and computer readable storage medium
US20230344932A1 (en) Systems and methods for use in detecting anomalous call behavior
US10439919B2 (en) Real time event monitoring and analysis system
CN113517990B (en) Method and device for predicting net recommendation value NPS (network performance indicator)
CN111818473B (en) Method and system for realizing accurate slicing of flow call bill
CN106888229A (en) A kind of call management method and server
CN113411828A (en) Method, device and equipment for sensing call quality and computer readable storage medium
CN112887491B (en) User missing information acquisition method and device
TWI763216B (en) System and method for forecasting and warning of call detail records and computer-readable medium
CN112307075A (en) User relationship identification method and device
CN111131626B (en) Group harmful call detection method and device based on stream data atlas and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant