CN111800546A - Method, device and system for constructing recognition model and recognizing and electronic equipment - Google Patents

Method, device and system for constructing recognition model and recognizing and electronic equipment Download PDF

Info

Publication number
CN111800546A
CN111800546A CN202010648920.XA CN202010648920A CN111800546A CN 111800546 A CN111800546 A CN 111800546A CN 202010648920 A CN202010648920 A CN 202010648920A CN 111800546 A CN111800546 A CN 111800546A
Authority
CN
China
Prior art keywords
identification
server
organization
result data
telephone number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010648920.XA
Other languages
Chinese (zh)
Other versions
CN111800546B (en
Inventor
程佩哲
吕博良
叶红
金驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010648920.XA priority Critical patent/CN111800546B/en
Publication of CN111800546A publication Critical patent/CN111800546A/en
Application granted granted Critical
Publication of CN111800546B publication Critical patent/CN111800546B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/01Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Technology Law (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present disclosure provides a fraud phone identification method, including: receiving an identification request for a target telephone number sent by a request initiating mechanism, wherein the request initiating mechanism is a first mechanism for providing financial services or a second mechanism for providing communication services; notifying a server of the first organization to determine first intermediate identification information corresponding to the target telephone number and notifying a server of the second organization to determine second intermediate identification information corresponding to the target telephone number based on the identification request; determining an identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to determine whether the target telephone number is a fraudulent telephone. The present disclosure also provides a method of building a fraud phone identification model, a fraud phone identification apparatus, a system for identifying fraud phones, an apparatus for building a fraud phone identification model, an electronic device and a computer-readable storage medium.

Description

Method, device and system for constructing recognition model and recognizing and electronic equipment
Technical Field
The present disclosure relates to the field of computer technology, and more particularly, to a fraudulent phone identification method, a method of building a fraudulent phone identification model, a fraudulent phone identification apparatus, a system for identifying fraudulent phones, an apparatus for building a fraudulent phone identification model, an electronic device, and a computer-readable storage medium.
Background
With the rapid development of communication technology, communication devices such as mobile phones and the like become an essential part in life and work of people, great convenience is brought to users, but a plurality of hidden dangers are brought to users, for example, the number of telecom fraud crimes is on a rising trend, so that the property and spirit of people are greatly lost, and the crisis of social trust is deepened.
In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art:
financial institutions and telecom operators can analyze the customer's asset data and communication data, respectively, but there still remains the problem of insufficient recognition capability. Although the financial institution grasps the fund change condition of the customer, the telecommunication fraud is mostly induced to operate by the customer himself, the fraud behavior cannot be found only through the account information, and the telecommunication fraud is difficult to be distinguished from the attacks such as phishing and automatic operation, so that the telecommunication fraud behavior is difficult to be accurately identified, and the customer cannot be accurately prompted for risks in time. And the telecom operators mark and seal fraud mobile phone numbers before fraud is implemented mainly based on customer complaints, lawless persons can bypass the fraud by frequently changing numbers and the like, and meanwhile, because the operators cannot master asset change information of users, whether fraud is successfully implemented or not is difficult to judge, and telecommunication fraud cannot be intercepted in time in the process. Therefore, how to improve the recognition capability of recognizing telecommunication fraud becomes a technical problem to be solved urgently.
Disclosure of Invention
In view of the above, the present disclosure provides a fraudulent phone identification method, a method of building a fraudulent phone identification model, a fraudulent phone identification apparatus, a system for identifying fraudulent phones, an apparatus for building a fraudulent phone identification model, an electronic device and a computer-readable storage medium.
One aspect of the present disclosure provides a method performed by a federated platform device, comprising: receiving an identification request for a target telephone number sent by a request initiating entity, the request initiating entity being a first entity for providing a financial service or a second entity for providing a communication service; based on the identification request, notifying a server of the first mechanism to determine first intermediate identification information corresponding to the target telephone number, and notifying a server of the second mechanism to determine second intermediate identification information corresponding to the target telephone number, wherein the first intermediate identification information is obtained by the first mechanism through a first identification submodel and a first identification feature corresponding to the target telephone number, and the second intermediate identification information is obtained by the second mechanism through a second identification submodel and a second identification feature corresponding to the target telephone number; and determining an identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to determine whether the target telephone number is a fraud telephone.
According to an embodiment of the present disclosure, the first and second recognition submodels are established in advance based on: updating a first initial submodel of a first mechanism and a second initial submodel of a second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, wherein in each updating process: receiving first intermediate result data sent by a server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and the second organization; receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of common telephone numbers; obtaining total result data based on the first intermediate result data and the second intermediate result data; and sending the total result data to the server of the first organization and the server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
According to the embodiment of the present disclosure, in each update process, the method further includes: receiving label information sent by a server of the first organization or a server of the second organization; obtaining total result data based on the first intermediate result data and the second intermediate result data comprises: and obtaining total result data based on the first intermediate result data, the second intermediate result data and the label information.
According to an embodiment of the present disclosure, the process of establishing the first and second recognition submodels further includes: receiving encrypted data of a first telephone number set sent by a server of the first organization; receiving encrypted data of a second telephone number set sent by a server of the second organization; and determining a telephone number commonly owned by the first organization and the second organization based on the encrypted data of the first set of telephone numbers and the encrypted data of the second set of telephone numbers.
According to an embodiment of the present disclosure, the method further comprises: determining whether the target telephone number is a telephone number common to the first institution and the second institution; if so, notifying the server of the first organization to determine the first intermediate identification information, and notifying the server of the second organization to determine the second intermediate identification information; and if not, informing the initiating mechanism to carry out single-side identification.
According to an embodiment of the present disclosure, the first intermediate identification information and the intermediate second intermediate identification information are encrypted data; the determining a recognition result of the target phone number based on the first intermediate recognition information and the intermediate second intermediate recognition information includes: and calculating the encrypted first intermediate identification information and the encrypted second intermediate identification information by using an encryption operator to obtain the identification result.
According to an embodiment of the present disclosure, the method further comprises: and sending the identification result to the request initiating mechanism so that the request initiating mechanism takes corresponding measures based on the identification result.
Another aspect of the present disclosure provides a fraud telephone identification method, performed by a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising: receiving an identification notice sent by the joint platform equipment; extracting an identification feature corresponding to a target phone number from locally stored data based on the identification notification; obtaining intermediate identification information based on the identification submodel and the identification characteristics; and sending the intermediate identification information to the combined platform equipment so that the combined platform equipment combines the intermediate identification information and another intermediate identification information sent by a combined mechanism of the execution mechanism to obtain an identification result of the target telephone number, wherein the combined mechanism of the financial mechanism is a communication mechanism, and the combined mechanism of the communication mechanism is a financial mechanism.
According to an embodiment of the present disclosure, the identification submodel is established in advance based on the following manner: extracting sample features corresponding to a plurality of common numbers from local storage data to form a sample feature set, wherein the common numbers are telephone numbers owned by the execution mechanism and the united mechanism; based on the sample feature set, updating the initial sub-model for multiple times to obtain the identifier model, wherein in each updating process: inputting the sample feature set into the initial submodel, and calculating to obtain intermediate result data; sending the intermediate result data to the joint platform device so that the joint platform device obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism; and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
According to an embodiment of the present disclosure, the process of establishing the identification submodel further includes: encrypting a stored telephone number set to obtain encrypted data of the telephone number set, and sending the encrypted data to the combined platform equipment or a server of the combined mechanism so as to enable the combined platform equipment or the server of the combined mechanism to determine the common number; or receiving encrypted data of another telephone number set sent by a server of the united organization, and determining the common number based on the encrypted data of the other telephone number set.
According to an embodiment of the present disclosure, the method further comprises: responding to the received unilateral identification notice sent by the combined platform equipment, and obtaining an identification result based on the identification feature and a pre-established third identification model; and/or in response to receiving the identification result sent by the joint platform device, freezing an account corresponding to the target telephone number or reminding other users communicating with the target telephone number if the target telephone number is a fraud telephone.
According to an embodiment of the present disclosure, the identification feature is a financial-related feature of the target telephone number, including at least one of a binding feature, a transaction feature, a balance feature; or the identification feature is a communication related feature of the target telephone number, and comprises at least one of a call feature, a contact feature, a short message feature and a network feature.
Another aspect of the present disclosure provides a fraud phone identification method, including: sending, by a server of a first organization for providing financial services or a server of a second organization for providing communication services, an identification request for a target telephone number to a federated platform device; the joint platform device sends identification notifications to the server of the first organization and the server of the second organization based on the identification requests; the server of the first organization, in response to receiving the identification notification, determines first intermediate identification information based on a first identification submodel and a first identification feature corresponding to the target telephone number; the server of the second organization, in response to receiving the identification notification, determines second intermediate identification information based on a second identification submodel and a second identification feature corresponding to the target telephone number; and the joint platform device determines the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information so as to judge whether the target telephone number is a fraud telephone.
Another aspect of the present disclosure provides a method of building a fraud phone identification model, performed by a federated platform device, comprising: updating a first initial submodel of a first mechanism and a second initial submodel of a second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, wherein in each updating process: receiving first intermediate result data sent by a server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and the second organization; receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of common telephone numbers; obtaining total result data based on the first intermediate result data and the second intermediate result data; and sending the total result data to the server of the first organization and the server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
Another aspect of the present disclosure provides a method of building a fraud phone identification model, performed by a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising: extracting sample features corresponding to a plurality of common numbers from local storage data to form a sample feature set, wherein the common numbers are telephone numbers owned by the execution mechanism and the united mechanism; based on the sample feature set, updating the initial sub-model for multiple times to obtain the identifier model, wherein in each updating process: inputting the sample feature set into the initial submodel, and calculating to obtain intermediate result data; sending the intermediate result data to the joint platform device so that the joint platform device obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism; and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
Another aspect of the present disclosure provides a fraud phone identification apparatus for a joint platform device, including: the system comprises a receiving request module, a processing module and a processing module, wherein the receiving request module is used for receiving an identification request of a target telephone number, which is sent by a request initiating mechanism, and the request initiating mechanism is a first mechanism for providing financial services or a second mechanism for providing communication services; a notification identification module, configured to notify, based on the identification request, a server of the first mechanism to determine first intermediate identification information corresponding to the target telephone number, and notify a server of the second mechanism to determine second intermediate identification information corresponding to the target telephone number, where the first intermediate identification information is obtained by the first mechanism through a first identification submodel and a first identification feature corresponding to the target telephone number, and the second intermediate identification information is obtained by the second mechanism through a second identification submodel and a second identification feature corresponding to the target telephone number; and the identification module is used for determining the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information so as to judge whether the target telephone number is a fraud telephone.
Another aspect of the present disclosure provides a fraud telephone identification apparatus for a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising: the notification receiving module is used for receiving an identification notification sent by the combined platform equipment; a feature extraction module for extracting an identification feature corresponding to the target phone number from the local storage data based on the identification notification; the model calculation module is used for obtaining intermediate identification information based on the identification submodel and the identification characteristics; and the sending module is used for sending the intermediate identification information to the combined platform equipment so that the combined platform equipment combines the intermediate identification information and another intermediate identification information sent by a combined mechanism of the execution mechanism to obtain an identification result of the target telephone number, wherein the combined mechanism of the financial mechanism is a communication mechanism, and the combined mechanism of the communication mechanism is a financial mechanism.
Another aspect of the present disclosure provides a system for recognizing a fraud phone, including a server of a first organization for providing a financial service, a server of a second organization for providing a communication service, and a consolidated platform device, wherein the server of the first organization or the server of the second organization transmits an identification request for a target phone number to the consolidated platform device; the joint platform device sends identification notifications to the server of the first organization and the server of the second organization based on the identification requests; the server of the first organization, in response to receiving the identification notification, determines first intermediate identification information based on a first identification submodel and a first identification feature corresponding to the target telephone number; the server of the second organization, in response to receiving the identification notification, determines second intermediate identification information based on a second identification submodel and a second identification feature corresponding to the target telephone number; and the joint platform device determines the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information so as to judge whether the target telephone number is a fraud telephone.
Another aspect of the present disclosure provides an apparatus for building a fraud phone identification model for a federated platform device, comprising: the first updating module is used for updating a first initial submodel of the first mechanism and a second initial submodel of the second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, and in each updating process: receiving first intermediate result data sent by a server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and the second organization; receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of common telephone numbers; obtaining total result data based on the first intermediate result data and the second intermediate result data; and sending the total result data to the server of the first organization and the server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
Another aspect of the present disclosure provides an apparatus for constructing a fraud phone identification model, for a server of an execution agency, the execution agency being a financial institution or a communication institution, including: the extraction module is used for extracting sample features corresponding to a plurality of common numbers from local storage data to form a sample feature set, wherein the common numbers are telephone numbers shared by the execution mechanism and the joint mechanism; a second updating module, configured to update the initial sub-model for multiple times based on the sample feature set to obtain the identifier model, and in each updating process: inputting the sample feature set into the initial submodel, and calculating to obtain intermediate result data; sending the intermediate result data to the joint platform device so that the joint platform device obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism; and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
Another aspect of the disclosure provides an electronic device comprising one or more processors and memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, the combined platform equipment can combine two parties to cooperatively establish the telecommunication fraud recognition model under the condition of protecting the data privacy of the financial institution and the communication institution, the telecommunication fraud recognition model constructed based on the mode integrates the characteristics of the financial institution side and the telecommunication operator side, the defect of single-party characteristic dimension is made up, and the recognition accuracy of fraud calls is improved. In the model training process, user data of one party does not need to be sent to the other party or the platform, only an intermediate result of training is fed back, and privacy of the user data is protected.
According to the embodiment of the disclosure, after a fraud telephone identification model is obtained by utilizing characteristic modeling of a financial institution side and a communication institution side, when a certain telephone number needs to be identified, the combined platform device can be combined with the financial institution side and the communication institution side to respectively utilize own sub-models and characteristics for calculation, and an intermediate result of the calculation is fed back to the combined platform mechanism, and the combined platform mechanism obtains an identification result of a target telephone number based on the two intermediate results. Based on the technical scheme, on one hand, the recognition capability of the fraud telephone is improved by combining the characteristics of the financial institution side and the characteristics of the communication institution side for recognition, and on the other hand, the data safety of the two parties is ensured, the data of each party is kept locally, the data leakage is not needed to be worried about, and the legal compliance requirements are met.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an exemplary system architecture to which a fraud telephone identification method may be applied, according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a method of building a fraud phone identification model performed by a federated platform device, in accordance with an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a fraud telephone identification method performed by a federated platform device in accordance with an embodiment of the present disclosure;
FIG. 4 schematically illustrates a schematic diagram of a decision tree recognition model according to an embodiment of the present disclosure;
FIG. 5 schematically shows a flow chart of a fraud telephone identification method performed by a financial institution or a communication institution according to an embodiment of the present disclosure;
FIG. 6 schematically shows a flow chart of a fraud phone identification method according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of a fraud telephone identification apparatus for a federated platform device, in accordance with an embodiment of the present disclosure;
FIG. 8 schematically shows a block diagram of a fraud telephone identification apparatus for a financial institution or a communication institution according to an embodiment of the present disclosure; and
fig. 9 schematically shows a block diagram of an electronic device adapted to implement a fraud phone identification method or a method of building a fraud phone identification model according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Embodiments of the present disclosure provide a fraud phone identification method performed by a consolidated platform device, comprising: an identification request for a target telephone number sent by a request initiating entity is received, the request initiating entity being either a first entity for providing financial services or a second entity for providing communication services. Then, based on the identification request, the server of the first organization is informed to determine first intermediate identification information corresponding to the target telephone number, and the server of the second organization is informed to determine second intermediate identification information corresponding to the target telephone number, wherein the first intermediate identification information is obtained by the first organization through a first identification submodel and a first identification feature corresponding to the target telephone number, and the second intermediate identification information is obtained by the second organization through a second identification submodel and a second identification feature corresponding to the target telephone number. And determining the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information so as to judge whether the target telephone number is a fraud telephone. Embodiments of the present disclosure also provide a fraud phone identification method performed by a server of a financial institution or a server of a communication institution, a fraud phone identification method, a method of constructing a fraud phone identification model performed by a consolidated platform device, a method of constructing a fraud phone identification model performed by a server of a financial institution or a server of a communication institution, a fraud phone identification apparatus for a consolidated platform device, a fraud phone identification apparatus for a server of a financial institution or a server of a communication institution, a system for identifying fraud phones, an apparatus for constructing a fraud phone identification model for a joint platform device, an apparatus for constructing a fraud phone identification model for a server of a financial institution or a communication institution, an electronic device, and a computer-readable storage medium.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which a fraud telephone identification method may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include a federated platform device 101, a server 102 of a first organization, and a server 103 of a second organization. Further, a database 104 of the first institution and a database 105 of the second institution may also be included. The first mechanism can be a financial mechanism such as a bank and the like, and can provide financial services such as deposit, transfer, card opening, payment and the like for the user. The second organization may refer to a communication operator, and may provide communication services such as call, short message, network, and the like for the user. The federated platform may be independent of the first and second institutions, for example, deployed in an official agency environment such as the government, or may also be deployed in a Trusted Execution Environment (TEE) on either the first or second institution.
The server 102 of the first organization may obtain raw sample data of the first organization side from the database 104 of the first organization, which may include, for example, all or part of the phone numbers and account information of its users collected by the first organization. The server 102 of the first institution may perform feature extraction on the account information to extract financial-related features of the sample.
The server 103 of the second institution may obtain the original sample data of the second institution side from the database 105 of the second institution, and the original sample data of the second institution side may include, for example, the telephone number and communication information of all or part of users thereof collected by the second institution. The server 103 of the second organization may perform feature extraction on the communication information to extract the communication-related features of the sample.
The federated platform device 101 can federate two parties to collaboratively co-establish a telecom fraud identification model while protecting the data privacy of the first and second organizations. The servers of the first mechanism and the second mechanism can respectively utilize local feature data to train on local submodels, and feed back training intermediate results to the combined platform device 101, the combined platform device 101 integrates the intermediate results of the two parties, and feeds back the integrated results to the two parties, so that the two parties update the submodels according to the integrated results, after multiple updates, the models converge, the model training is completed, the submodels owned by the two parties respectively form a complete telecom fraud recognition model, and the submodels owned by the two parties are stored locally.
When a certain telephone number needs to be identified, the combined platform device 101 may be used to combine the submodels on the first mechanism side and the second mechanism side for analysis, the combined platform device 101 may notify the first mechanism side to identify the telephone number by using the submodel thereof to obtain an intermediate result, and notify the second mechanism side to identify the telephone number by using the submodel thereof to obtain another intermediate result, and the combined platform device 101 may combine the two intermediate results for analysis to obtain an identification result.
The telecommunication fraud recognition model constructed based on the mode integrates the characteristics of the financial institution side and the telecommunication operator side, overcomes the defect of single-party characteristic dimension, and accordingly improves the recognition accuracy of fraud calls.
It should be understood that the numbers of federated platform devices, servers and databases of the first organization, and servers and databases of the second organization in FIG. 1 are merely illustrative. There may be any number of federated platform devices, servers and databases of the first organization, and servers and databases of the second organization, as desired for the implementation.
For ease of understanding, the process of building the model is described next, followed by the process of applying the model.
FIG. 2 schematically illustrates a flow chart of a method of building a fraud phone identification model performed by a federated platform in accordance with an embodiment of the present disclosure.
As shown in fig. 2, according to an embodiment of the present disclosure, a first recognition submodel and a second recognition submodel are previously established based on the following operations S210 (including operations S211 to S214) before the model is applied, where operation S210 is subject to the joint platform device as an execution subject. The first identification submodel belongs to a first organization, the second identification submodel belongs to a second organization, the first organization can be a financial organization such as a bank and the like and can provide financial services such as savings, account transfer, card opening, payment and the like for a user, and the second organization can be a telecommunication operator and can provide communication services such as communication, short messages, networks and the like for the user.
In operation S210, the first initial sub-model of the first mechanism and the second initial sub-model of the second mechanism are updated for multiple times until training is completed, so as to obtain a first identification sub-model and a second identification sub-model, and the following operations S211 to S214 are performed in each updating process.
In operation S211, first intermediate result data transmitted by a server of a first organization is received, wherein the first intermediate result data is obtained by the server of the first organization based on a first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and a second organization.
In operation S212, second intermediate result data transmitted by the server of the second organization is received, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and the second sample feature set corresponding to the plurality of common telephone numbers.
In operation S213, total result data is obtained based on the first intermediate result data and the second intermediate result data.
In operation S214, the total result data is transmitted to the server of the first organization and the server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
The operations performed by the first mechanism, the second mechanism, and the federated platform, respectively, in the modeling process, and the interaction process between any of the two, are described and explained below.
According to the embodiment of the disclosure, since the user groups of the first institution and the second institution are not completely overlapped, the common telephone numbers of the first institution and the second institution can be determined, and then model training is performed by using the common telephone numbers, so that the telephone numbers for modeling can be guaranteed to have the characteristics of the financial institution side and the communication institution side. The first organization and the second organization have telephone number information of respective users, and the server of the first organization and the server of the second organization can find the common users of the two organizations on the premise of data encryption by adopting an asymmetric encryption protocol (such as an RSA encryption algorithm). Specifically, the server of the first organization and the server of the second organization encrypt the telephone numbers owned by the two parties to obtain Hash (Hash) values of the telephone numbers, and then send the Hash values of the telephone numbers to the other party by using an asymmetric encryption protocol, so that the other party determines the intersection of the telephone numbers according to the Hash values, for example, the same telephone numbers are collided by adopting a Hash collision mode, and thus, the two parties determine a plurality of telephone numbers shared by the two parties. In the whole interaction process, no plaintext data interaction exists, and the original mobile phone number cannot be analyzed even in a violent or collision mode, so that the difference set part of the data of the two parties is protected.
According to another embodiment of the present disclosure, the process of establishing the first and second recognition submodels may further include: the method includes receiving, by the consolidated platform, encrypted data of a first set of telephone numbers sent by a server of the first organization and encrypted data of a second set of telephone numbers sent by a server of the second organization, and determining, based on the encrypted data of the first set of telephone numbers and the encrypted data of the second set of telephone numbers, a telephone number that is commonly owned by the first organization and the second organization.
For example, after the server of the first organization and the server of the second organization encrypt the telephone numbers, the encrypted data of the respective telephone numbers may be both sent to the combined platform device, the combined platform device determines the telephone numbers owned by both parties, and notifies the both parties of the common telephone numbers. Wherein, the two means are the first mechanism and the second mechanism.
After determining the common telephone number, the server of the first institution may extract a first sample feature corresponding to each of the plurality of common numbers from the locally stored data to form a first sample feature set. For example, the server of the first organization may extract a first sample feature corresponding to each common number, the first sample feature may refer to a financial-related feature, and optionally, the first sample feature may include at least one of a plurality of features shown in table 1:
TABLE 1
Number of telephone number history binding identity cards
Number of bank cards bound to telephone number history
Historical binding of the number of judiciously frozen bank cards
Network points related to historical binding card
Number of different network points related to historical binding card
Number of devices logged in by telephone number association card within N days of account opening
Balance after opening account for N days by associated card
Maximum transfer-out amount within N days of opening account by associated card
Average daily maximum transaction amount for associated cards
Large surplus average retention time of associated card
Number of active days associated with card
Number of transactions of associated card
Number of trade days of the associated card
Number of counterparties of the associated card
Average daily transaction amount of associated card
After determining the common telephone number, the server of the second organization may extract a second sample feature corresponding to each of the plurality of common numbers from the locally stored data to form a second sample feature set. For example, the server of the second organization may extract a second sample feature corresponding to each common number, where the second sample feature may refer to a communication-related feature, and optionally, the second sample feature may include at least one of the features shown in table 2:
TABLE 2
Figure BDA0002573102600000151
Figure BDA0002573102600000161
After obtaining the first sample feature set of the common number, the server of the first organization may perform a first round of calculation to obtain first intermediate result data based on the first sample feature and a first initial sub-model calculation at the first organization side. The first initial sub-model may be, for example, one of a Logistic Regression (LR) model, a Gradient Boosting Decision Tree (GBDT) model, an eXtreme Gradient Boosting model (XgBoost), a Convolutional Neural Network (CNN) model, a Recurrent Neural Network (RNN) model, and the like. For linear models such as logistic regression model and neural network models, the first intermediate result data may refer to a predicted value or a loss value or a gradient obtained after the first sample feature is input into the first initial sub-model, taking the logistic regression model as an example, the first mechanism side is trained by using features x1 and x2, model weights of the two features are w1 and w2, respectively, then the predicted value may be w1 × 1+ w2 × 2, and for a side with a true value (i.e., a true class label), the predicted value and the true value may be calculated by using a loss function to obtain the loss value. For a non-linear model such as a decision tree, the first intermediate result data may refer to, for example, respective information gains calculated for each feature attribute that the first mechanism side has.
After the server of the first mechanism obtains the first intermediate result data of the first round, the first intermediate result data may be sent to the combined platform device.
Similarly, the server of the second organization may perform a first round of calculation after obtaining a second sample feature set of the common number, and input a second initial sub-model on the second organization side based on the second sample feature to obtain second intermediate result data. Wherein the second initial submodel is of the same type as the first initial submodel. For linear models such as logistic regression model and neural network model, the first intermediate result data may refer to a predicted value or a loss value or a gradient obtained by inputting the second sample feature into the second initial sub-model, taking the logistic regression model as an example, the first mechanism side is trained by using features x3 and x4, model weights of the two features are w3 and w4, respectively, and the predicted value may be w3 × 3+ w4 × 4. For a non-linear model such as a decision tree, the first intermediate result data may mean, for example, that a respective information gain is calculated for each feature attribute that the second mechanism side has.
After the second mechanism obtains the second intermediate result data of the first round, the second intermediate result data of the first round may be sent to the combined platform device.
After the joint platform device receives the first intermediate result data and the second intermediate result data of the first round, the first intermediate result data and the second intermediate result data can be integrated to obtain total result data. For linear models such as logistic regression models and neural network models, the total result data may refer to total loss or total gradient of both sides, for example, in the case of logistic regression models, the joint platform device may sum the predicted values of both sides (w1 × 1+ w2 × 2) + (w3 × 3+ w4 × 4) to obtain a total predicted value, and then calculate the total predicted value and the total true value to obtain the total loss. For a non-linear model such as a decision tree, the joint platform device may compare information gains of the attributes uploaded by the two parties, to obtain an attribute with the largest information gain (for example, x3), and use the attribute as a first split point of the tree.
After the joint platform device obtains the total result data of the first round, the total result data can be sent back to the server of the first organization and the server of the second organization.
The server of the first organization and the server of the second organization receive the total result data of the first round, and may perform a first round of updating on the parameters of the first initial sub-model and the second initial sub-model by using the total result data, respectively, for example, the model parameters may be calculated according to a back propagation algorithm, based on partial derivatives of the loss function, and the model parameters may be iteratively updated through gradient descent. For models such as decision trees, the information gain for each attribute on the next node may be calculated based on the total result data.
And entering a second round of calculation process after the first initial submodel and the second initial submodel are updated. And the server of the first mechanism calculates to obtain first intermediate result data of the second round based on the first sample feature set and the updated first initial sub-model, and the server of the second mechanism calculates to obtain second intermediate result data of the second round based on the second sample feature set and the updated second initial sub-model. And the joint platform equipment integrates the first intermediate result data and the second intermediate result data of the second round to obtain total result data of the second round, and feeds the total result data back to the server of the first mechanism and the server of the second mechanism, so that the server of the first mechanism and the server of the second mechanism respectively update the parameters of the first initial sub-model and the second initial sub-model in the second round. By parity of reasoning, the combined platform equipment integrates the intermediate result data of the same turn and feeds the intermediate result data back to the first mechanism and the second mechanism for updating until the model training is finished, and the first mechanism and the second mechanism respectively obtain a first recognition sub-model and a second recognition sub-model.
The server of the first mechanism and the server of the second mechanism can also send the hyper-parameters of the model, such as the step length, the learning rate and the like, to the joint platform equipment, so that the joint platform equipment unifies the hyper-parameters of the first initial sub-model and the second initial sub-model. The hyper-parameters may be sent to the federated platform device along with intermediate result data.
According to an embodiment of the present disclosure, in the update process, the combined platform device may further: and receiving label information sent by the server of the first organization or the server of the second organization.
For example, over a long accumulation of first agencies, some of the user's telephone numbers have been identified by the first agencies as fraudulent telephones, the first agencies have set up the labels of fraudulent telephones for the respective users, and other telephone numbers can set up the labels of non-fraudulent telephones. Likewise, through the long accumulation of the second organisation, some of the users' telephone numbers have been identified by the second organisation as fraudulent telephones, the second organisation has set up the respective users with the labels of fraudulent telephones, and other telephone numbers can be set up with the labels of non-fraudulent telephones. The first mechanism grasps the fund dynamics of the user and can grasp the exact crime evidence, so the telephone number marked as a fraud telephone by the first mechanism is usually the telephone number of the real fraud. The second organization grasps the communication information of the user without knowing the capital dynamics, and can only determine the suspected fraud phone according to the telecommunication criminal traces, and therefore, the phone number marked as a fraud phone by the second organization is usually a suspected fraud phone number.
According to actual requirements, the label information of the first mechanism or the label information of the second mechanism can be selected for modeling. For example, if the purpose of building a fraud phone identification model is to identify an exact fraud phone, the tag information of the first organization may be employed, and if the purpose of building a fraud phone identification model is to identify a suspected fraud phone, the tag information of the second organization may be employed.
The party selected with the tag information can simultaneously send the tag information Y to the combined platform device when sending the intermediate result data to the combined platform device. The federated platform device may derive total result data based on the first intermediate result data, the second intermediate result data, and the tag information. For example, the joint platform device may calculate an overall true value based on each tag information, and may further calculate an overall loss or an overall gradient in combination with the overall predicted value. The tag information Y may be transmitted only in the first round of training.
According to embodiments of the present disclosure, the first intermediate result data may be encrypted before the server of the first organization sends the first intermediate result data to the federated platform authority, and likewise, the second intermediate result data may be encrypted before the server of the second organization sends the second intermediate result data to the federated platform authority, e.g., the first and second organizations may employ a homomorphic encryption technique for encryption.
According to an embodiment of the present disclosure, the receiving of the first intermediate result data transmitted by the server of the first organization in operation S211 may refer to: encrypted first intermediate result data sent by a server of a first organization is received. Likewise, the receiving of the second intermediate result data transmitted by the server of the second organization in operation S212 may refer to: and receiving the encrypted second intermediate result data sent by the server of the second organization. Obtaining the total result data based on the first intermediate result data and the second intermediate result data in operation S213 may include: and based on a preset encryption operator, carrying out operation on the encrypted first intermediate result data and the encrypted second intermediate result data to obtain total result data. That is to say, the combined platform device can directly calculate the encrypted intermediate result data uploaded by the two parties without decrypting the data, and the total result data obtained by calculation is also encrypted data.
Homomorphic encryption is an encryption scheme for solving the problem of safe multi-party computation, and can compute ciphertext data without decryption, directly compute ciphertext after homomorphic encryption, and encrypt an operation result after plaintext is computed to obtain the same result. The homomorphic encryption technology realizes that the data processing right and the data ownership can be separated, further protects the data privacy of the first mechanism and the second mechanism, and can finish the data operation processing while the first mechanism and the second mechanism prevent the data leakage.
In addition, the label information and the hyper-parameters can be encrypted, and the combined platform equipment can also perform operation based on the encrypted label information and the hyper-parameters, so that the absolute privacy of data of two parties is guaranteed.
Based on the scheme, the first mechanism and the second mechanism respectively obtain a first identification submodel and a second identification submodel, and the two submodels are used as two sub-parts of the identification model to form a complete fraud telephone identification model. The telecommunication fraud recognition model constructed based on the mode integrates the characteristics of the financial institution side and the telecommunication operator side, makes up the defects of single characteristic dimensionality, and accordingly improves the recognition accuracy rate of fraud calls. In the model training process, user data of one party does not need to be sent to the other party or the platform, only an intermediate result of training is fed back, and privacy of the user data is protected. And the data uploaded to the joint platform by the first mechanism and the second mechanism are encrypted data, and the joint platform equipment directly calculates the encrypted data, so that the absolute privacy of the data of the first mechanism and the second mechanism is guaranteed, data leakage is not needed to be worried about, and the legal compliance requirements are met.
After the identification model of the fraudulent phone is built, the fraudulent phone can be identified by utilizing the fraudulent phone identification model.
FIG. 3 schematically illustrates a flow chart of a fraud telephone identification method performed by a consolidated platform device, according to an embodiment of the disclosure.
As shown in fig. 3, the identification method may include operations S310 to S330.
In operation S310, an identification request for a target phone number transmitted by a request originating entity, which is either a first entity for providing a financial service or a second entity for providing a communication service, is received.
For example, the first mechanism may initiate an identification request to the consolidated platform device with the phone number of the user currently conducting account operations such as transfer, deposit, etc. as the target phone number. Or, the first mechanism side may, for example, first perform preliminary judgment on the telephone number by using a local rule or model, and initiate an identification request to the combined platform device to perform further identification and confirmation by using the risk telephone number that is preliminarily judged to be suspected of fraud as a target telephone number. The target telephone number sent by the first mechanism to the combined platform device is an encrypted telephone number, and for example, a homomorphic encryption mode can be adopted.
The second organization may, for example, initiate an identification request to the platform integration device with the phone number of the user currently performing communication operations such as call and short message as a target phone number. Or, the second organization side may, for example, first perform preliminary judgment on the telephone number by using the local rule or model, and initiate an identification request to the combined platform device to perform further identification and confirmation by using the risk telephone number that is preliminarily judged to be suspected of fraud as the target telephone number. The target telephone number sent by the first mechanism to the combined platform device is an encrypted telephone number, and for example, a homomorphic encryption mode can be adopted.
In operation S320, based on the identification request, the server of the first organization is notified to determine first intermediate identification information corresponding to the target phone number, and the server of the second organization is notified to determine second intermediate identification information corresponding to the target phone number, wherein the first intermediate identification information is obtained by the first organization through a first identification submodel and a first identification feature corresponding to the target phone number, and the second intermediate identification information is obtained by the second organization through a second identification submodel and a second identification feature corresponding to the target phone number.
For example, the federated platform device may send a target telephone number to another party other than the request originator, notifying the other party to perform calculations based on the target telephone number, while notifying the request originator to perform calculations based on the target telephone number.
After receiving the calculation notification, the server of the first mechanism may extract a first identification feature corresponding to the target phone number from the locally stored data of the first mechanism side, where the first identification feature corresponds to the first sample feature, which may be specifically referred to in table 1. Then, the server of the first mechanism may input the first identification feature into the first identification submodel, calculate to obtain first intermediate identification information, and send the first intermediate identification information to the combined platform device. The first intermediate identification information may be, for example, a predicted value, and taking a logistic regression model as an example, if the first identification feature is x1 'and x 2', and the model weights of the two features are w1 'and w 2', respectively, the predicted value L1 may be w1 '× x 1' + w2 '× 2'.
After receiving the calculation notification, the second mechanism may extract a second identification feature of the target phone number from the locally stored data at the second mechanism side, where the second identification feature corresponds to the second sample feature, which may be specifically referred to in table 2. Then, the server of the second organization may input the second identification feature into the second identification submodel, calculate to obtain second intermediate identification information, and send the second intermediate identification information to the combined platform device. The second intermediate identification information may be, for example, a predicted value, and taking a logistic regression model as an example, if the second identification feature is x3 'and x 4', and the model weights of the two features are w3 'and w 4', respectively, the predicted value L2 may be w3 '× x 3' + w4 '× 4'.
In operation S330, an identification result of the target phone number is determined based on the first intermediate identification information and the intermediate second intermediate identification information to determine whether the target phone number is a fraudulent phone.
For example, the joint platform device may integrate the first intermediate identification information and the second intermediate identification information to obtain the identification result. For example, L1 and L2 may be summed to obtain a total predicted value, and the categories of the target telephone number, including fraudulent and non-fraudulent, are determined based on the total predicted value.
FIG. 4 schematically illustrates a schematic diagram of a decision tree recognition model according to an embodiment of the present disclosure;
as shown in fig. 4, after the nonlinear models such as the decision tree are constructed, the combined platform device may have an overall framework of the decision tree, and the first mechanism and the second mechanism respectively retain the operation parameters such as the threshold values on the corresponding attribute nodes. In the identification process, after the combined platform equipment receives an identification request, the first mechanism and the second mechanism are coordinated to perform operation in sequence based on the whole framework of the decision tree until a classification result is obtained. For example, the bank side has features x1 and x2, the telecommunication side has features x3 and x4, the combined platform device firstly classifies according to the feature x3 according to the overall framework judgment, so that the server of the second mechanism is informed to perform operation judgment according to the feature x3, if the final classification result cannot be obtained according to the feature x3, the judgment is continuously performed according to the next node, if the next node of the feature x3 is not the feature owned by the second mechanism, the second mechanism feeds back to the combined platform device, the combined platform device finds that the feature x2 should be called again according to the overall framework to perform judgment, the server of the first mechanism is informed to perform judgment according to the feature x2, and the like until a certain party obtains the final judgment result, and feeds back the final judgment result to the combined platform device.
According to the embodiment of the disclosure, after a fraud telephone identification model is obtained by utilizing characteristic modeling of a financial institution side and a communication institution side, when a certain telephone number needs to be identified, the combined platform device can be combined with the financial institution side and the communication institution side to respectively utilize own sub-models and characteristics for calculation, and an intermediate result of the calculation is fed back to the combined platform mechanism, and the combined platform mechanism obtains an identification result of a target telephone number based on the two intermediate results. Based on the technical scheme, on one hand, the recognition capability of the fraud telephone is improved by combining the characteristics of the financial institution side and the characteristics of the communication institution side for recognition, and on the other hand, the data safety of the two parties is ensured, the data of each party is kept locally, the data leakage is not needed to be worried about, and the legal compliance requirements are met.
According to an embodiment of the present disclosure, the fraud phone identification method may further include: determining whether the target telephone number is a telephone number common to the first organization and the second organization, if so, notifying a server of the first organization to determine first intermediate identification information, and notifying a server of the second organization to determine second intermediate identification information; if not, the initiating mechanism is informed to carry out single-side identification.
For example, after receiving the identification request, the combined platform device may determine whether the target telephone number is a telephone number common to the first organization and the second organization before notifying the first organization and the second organization of the identification calculation, so as to determine whether the target telephone number has a corresponding record in another party except the requesting party. If the target phone number is a common phone number, operations S320 and S330 may be described above. If the target telephone number is not a common telephone number, the target telephone number can be fed back to the requester, and the requester can perform local analysis and identification based on other rules and models built by the requester.
According to an embodiment of the present disclosure, the first intermediate identification information and the intermediate second intermediate identification information are encrypted data.
Determining the recognition result of the destination phone number based on the first intermediate recognition information and the intermediate second intermediate recognition information includes: and calculating the encrypted first intermediate identification information and the encrypted second intermediate identification information by using an encryption operator to obtain an identification result.
For example, the first intermediate identification information and the intermediate second intermediate identification information sent by the first mechanism and the second mechanism to the joint platform device are homomorphic encrypted data, and the joint platform device may perform operation and aggregation on the intermediate identification information based on a predetermined encryption operator to obtain an identification result. Based on the mode, the data privacy of the first mechanism and the second mechanism can be further protected, and the data operation processing can be completed while the first mechanism and the second mechanism prevent the data leakage.
According to an embodiment of the present disclosure, the first identification feature is a financial-related feature of the target telephone number, including at least one of a binding feature, a transaction feature, and a balance feature, see table 1 in particular. The binding features may include, for example: at least one of the number of historical telephone number binding identity cards, the number of historical telephone number binding bank cards, the number of historical binding judicial frozen bank cards, the number of network points related to the historical binding cards and the number of cities of different network points related to the historical binding cards; transaction characteristics may include, for example: at least one of the maximum transfer-out amount within N days of account opening of the associated card of the telephone number, the average daily maximum transaction amount of the associated card, the transaction times of the associated card, the transaction days of the associated card, the number of transaction opponents of the associated card and the active balance average transaction amount of the associated card; balance characteristics may include, for example: and at least one of the balance after the associated card opens an account for N days and the average retention time of the large balance of the associated card. Further, the first identifying feature may further include: the number of active days of the associated card, the number of devices which are registered in the associated card within N days of the account opening, and the like. Wherein N is an integer of 1 or more.
According to an embodiment of the present disclosure, the second identification feature is a communication-related feature of the target phone number, including at least one of a call feature, a contact feature, a short message feature, and a network feature, which may be specifically referred to in table 2. The call feature may include, for example: at least one of the number of historical telephone calls dialed in a preset time period, the number of historical telephone calls received in the preset time period, the average calling time in the preset time period, the average called time in the preset time period, the number/distribution of calling numbers and the number distribution of called numbers; the contact characteristics may include, for example: the number of long-term contacts of the telephone number; the short message features may include, for example: historical short message receiving and sending quantity in a preset time period; network characteristics may include, for example: at least one of the network traffic usage of the telephone number in the network duration and the telephone number division duration. Further, the second identifying feature may further include: the number of the telephone numbers is determined according to the number of the telephone numbers, the number of the telephone numbers in the past mobile provinces in a preset time period, the marking information (such as complaint marks, high-risk marks and the like) of the telephone numbers, and the like. The predetermined period of time may be, for example, approximately 3 months or 6 months.
According to an embodiment of the present disclosure, the fraudulent call identification method may further include: and sending the identification result to the request initiating mechanism so that the request initiating mechanism takes corresponding measures based on the identification result.
For example, the first mechanism is a request initiating mechanism, after the combined platform device obtains the identification result, the result can be fed back to the first mechanism, and in the case that the target telephone number is a fraud telephone, the first mechanism can freeze an account corresponding to the target telephone number.
For example, the second organization is a request initiating organization, after the combined platform device obtains the identification result, the result can be fed back to the second organization, and in the case that the target telephone number is a fraud telephone, the second organization can remind other users communicating with the target telephone number through customer service.
Or the joint platform device can feed the result back to the first mechanism and the second mechanism, so that both parties can take corresponding measures to jointly prevent the occurrence of fraud.
According to the embodiment of the disclosure, the problems that data islands exist in the existing telecommunication fraud information and the identification model is difficult to jointly construct are solved, and the efficient telecommunication fraud identification model construction is carried out by combining a financial institution and a communication institution on the premise of guaranteeing the information security during big data exchange, protecting the privacy of terminal data and personal data and guaranteeing legal compliance. On one hand, data safety is guaranteed, all data are kept locally, data leakage is not needed to be worried about, and legal compliance requirements are met; on the other hand, the telecom fraud recognition capability is enhanced, the telecom fraud recognition and defense capability is improved, a cross-domain collaborative co-construction model is realized, information sharing and technology fusion of financial institutions and telecom operators are realized, and the telecom fraud is monitored and blocked in a full flow around two key links of 'communication flow' and 'fund flow'.
Another aspect of the embodiments of the present disclosure provides a fraud telephone identification method, which is performed by a server of an execution agency, the execution agency being a financial institution or a communication institution.
Fig. 5 schematically shows a flowchart of a fraud telephone identification method performed by a financial institution or a communication institution according to an embodiment of the present disclosure.
As shown in fig. 5, the method may include operations S510 to S540.
In operation S510, an identification notification sent by a federated platform device is received.
In operation S520, an identification feature corresponding to the target phone number is extracted from the local storage data based on the identification notification. Wherein, for the case that the execution mechanism is a financial mechanism, the identification feature is the first identification feature; in the case where the actuator is a communication means, the identification feature is the above-described second identification feature.
In operation S530, intermediate recognition information is obtained based on the recognizer models and the recognition features. In the case where the execution institution is a financial institution, the identification submodel is the first identification submodel, and the intermediate identification information is the first intermediate identification information. In the case where the actuator is the communication means, the identification submodel is the second identification submodel described above, and the intermediate identification information is the second intermediate identification information described above.
In operation S540, the intermediate identification information is transmitted to the consolidated platform device, so that the consolidated platform device combines the intermediate identification information and another intermediate identification information transmitted by the consolidated entity of the execution entity to obtain the identification result of the target phone number.
In this case, the joint organization of the financial institution is the communication institution, and the joint organization of the communication institution is the financial institution, that is, in the case where the execution institution is the financial institution, the joint organization in operation S440 is the communication institution, and in the case where the execution institution is the communication institution, the joint organization in operation S440 is the financial institution.
According to an embodiment of the present disclosure, the identification submodel is established in advance based on the following operations (1) to (2):
(1) and extracting sample characteristics corresponding to a plurality of common numbers from the locally stored data to form a sample characteristic set, wherein the common numbers are telephone numbers shared by the execution mechanism and the united mechanism. For the case that the executing organization is a financial organization, the sample feature set is the first sample feature set; for the case where the actuator is a communication mechanism, the sample feature set is the second sample feature set described above.
(2) Based on the sample feature set, the initial submodel is updated for multiple times to obtain an identification submodel, and in each updating process: inputting the sample characteristic set into an initial sub-model, and calculating to obtain intermediate result data; sending the intermediate result data to the joint platform equipment so that the joint platform equipment obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism; and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
According to an embodiment of the present disclosure, the process of establishing the identification submodel further includes: encrypting the stored telephone number set to obtain encrypted data of the telephone number set, and sending the encrypted data to the combined platform equipment or a server of a combined mechanism so as to enable the combined platform equipment or the server of the combined mechanism to determine a common number; or receiving encrypted data of another set of telephone numbers sent by a server of the affiliate and determining a common number based on the encrypted data of the other set of telephone numbers.
According to an embodiment of the present disclosure, the fraud phone identification method may further include: obtaining an identification result based on the identification characteristics and a pre-established third identification model in response to receiving a single-side identification notification sent by the joint platform equipment; and/or in response to receiving the identification result sent by the joint platform device, freezing an account corresponding to the target telephone number or reminding other users communicating with the target telephone number if the target telephone number is a fraud telephone.
For example, the financial institution and the communication institution may establish a local recognition model other than the above-described sub-models based on the local data, and in the case where the target telephone numbers are not common numbers, the financial institution or the communication institution may recognize the target telephone numbers based on the respective local recognition models.
According to an embodiment of the present disclosure, identifying a financial-related feature as a target telephone number includes at least one of a binding feature, a transaction feature, a balance feature; or the identification characteristic is a communication related characteristic of the target telephone number, and the identification characteristic comprises at least one of a call characteristic, a contact characteristic, a short message characteristic and a network characteristic.
Specifically, the fraud telephone identification method performed by the financial institution or the communication institution may refer to the description of the corresponding operation performed by the financial institution or the communication institution in the above content, and will not be described in detail herein.
Another aspect of the disclosed embodiments provides a fraud telephone identification method, performed in conjunction with a server of a first organization, a server of a second organization, and a joint platform device.
FIG. 6 schematically shows a flow chart of a fraud phone identification method according to another embodiment of the present disclosure.
As shown in fig. 6, the method includes operations S610 to S650.
In operation S610, an identification request for a target phone number is transmitted to a consolidated platform device by a server of a first institution for providing financial services or a server of a second institution for providing communication services.
In operation S620, the federated platform device sends an identification notification to the server of the first organization and the server of the second organization based on the identification request.
In operation S630, the server of the first organization determines first intermediate identification information based on the first identification submodel and the first identification feature corresponding to the target phone number in response to receiving the identification notification.
In operation S640, the server of the second organization determines second intermediate identification information based on the second identification submodel and the second identification feature corresponding to the target phone number in response to receiving the identification notification.
In operation S650, the consolidated platform device determines an identification result of the target phone number based on the first intermediate identification information and the intermediate second intermediate identification information to determine whether the target phone number is a fraud phone.
Specifically, the fraud call identification method may refer to the description of the corresponding operation in the above content, and is not described herein again.
Another aspect of the disclosed embodiments provides a method of building a fraud phone identification model, performed by a federated platform device. The method comprises the following steps: updating a first initial submodel of a first mechanism and a second initial submodel of a second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, and executing the following operations (1) to (4) in each updating process:
(1) and receiving first intermediate result data sent by the server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of shared telephone numbers, and the shared telephone numbers are telephone numbers commonly owned by the first organization and the second organization.
(2) And receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of shared telephone numbers.
(3) Based on the first intermediate result data and the second intermediate result data, total result data is obtained.
(4) And sending the total result data to a server of the first organization and a server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
Specifically, the method for constructing the fraud phone identification model may refer to the description of the corresponding operation in the above content, and is not described herein again.
Another aspect of the disclosed embodiments provides a method for constructing a fraud telephone identification model, which is executed by a server of an execution mechanism, wherein the execution mechanism is a financial mechanism or a communication mechanism. The method comprises the following operations (1) to (2):
(1) and extracting sample characteristics corresponding to a plurality of common numbers from the local storage data to form a sample characteristic set, wherein the common numbers are telephone numbers shared by the execution mechanism and the united mechanism.
(2) Based on the sample feature set, the initial submodel is updated for multiple times to obtain an identification submodel, and in each updating process: inputting the sample characteristic set into an initial sub-model, and calculating to obtain intermediate result data; sending the intermediate result data to the joint platform equipment so that the joint platform equipment obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism; and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
Specifically, the method for constructing the fraud phone identification model may refer to the description of the corresponding operation in the above content, and is not described herein again.
Another aspect of the disclosed embodiments provides a fraud telephone identification apparatus for a joint platform device.
Fig. 7 schematically shows a block diagram of a fraud telephone identification apparatus 700 for a joint platform device according to an embodiment of the present disclosure.
As shown in fig. 7, the apparatus 700 includes a receive request module 710, a notification identification module 720, and an identification module 730.
The receive request module 710 is configured to receive an identification request for a target phone number sent by a request initiating entity, the request initiating entity being a first entity for providing financial services or a second entity for providing communication services.
The notification identification module 720 is configured to notify the server of the first organization to determine first intermediate identification information corresponding to the target phone number and notify the server of the second organization to determine second intermediate identification information corresponding to the target phone number based on the identification request, where the first intermediate identification information is obtained by the first organization through a first identification submodel and a first identification feature corresponding to the target phone number, and the second intermediate identification information is obtained by the second organization through a second identification submodel and a second identification feature corresponding to the target phone number.
The identification module is used 730 to determine the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to determine whether the target telephone number is a fraud telephone.
It should be noted that the fraud telephone identification apparatus part for the joint platform device in the embodiment of the present disclosure corresponds to the fraud telephone identification method part for the joint platform device of the present disclosure, and is not described herein again.
Another aspect of the embodiments of the present disclosure provides a fraud telephone recognition apparatus for a server of an execution institution, the execution institution being a financial institution or a communication institution.
Fig. 8 schematically shows a block diagram of a fraud phone recognition apparatus 800 for a financial institution or a communication institution according to an embodiment of the present disclosure.
As shown in fig. 8, the apparatus 800 includes a notification receiving module 810, a feature extraction module 820, a model calculation module 830, and a sending module 840.
The notification receiving module 810 is configured to receive an identification notification sent by a federated platform device.
The feature extraction module 820 is configured to extract an identification feature corresponding to the target phone number from the locally stored data based on the identification notification.
The model calculation module 830 is configured to obtain intermediate identification information based on the identifier model and the identification characteristics.
The sending module 840 is configured to send the intermediate identification information to the combined platform device, so that the combined platform device obtains an identification result of the target phone number by combining the intermediate identification information and another intermediate identification information sent by a combined entity of the execution mechanism, where the combined entity of the financial institution is a communication institution, and the combined entity of the communication institution is a financial institution.
It should be noted that the fraud telephone identification apparatus part for the financial institution or the communication institution in the embodiment of the disclosure corresponds to the fraud telephone identification method part for the financial institution or the communication institution in the disclosure, and the description thereof is omitted.
Another aspect of the disclosed embodiments provides a system for identifying fraudulent calls comprising a server of a first organization, a server of a second organization, and a federated platform device. Wherein the first institution is for providing financial services and the second institution's server is for providing communication services. The federated platform device may be a server or a cluster of servers.
The server of the first organization or the server of the second organization sends a request for identification of the target telephone number to the consolidated platform device.
The federated platform device sends an identification notification to the server of the first organization and the server of the second organization based on the identification request.
The server of the first organization, in response to receiving the identification notification, determines first intermediate identification information based on the first identification submodel and a first identification feature corresponding to the target telephone number.
The server of the second organization, in response to receiving the identification notification, determines second intermediate identification information based on the second identification submodel and a second identification feature corresponding to the destination telephone number.
The joint platform device determines the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to judge whether the target telephone number is a fraud telephone.
The joint platform device may include a basic computing unit and a scheduling control unit. The basic computing unit is mainly used for providing basic encryption arithmetic operators and carrying out operation and aggregation on encryption parameters and intermediate result data sent by the financial institutions and the communication institutions. The basic calculation unit provides three functions of matrix operation, function calculation and basic calculation based on homomorphic encryption technology, including but not limited to encryption matrix addition, multiplication, encryption numerical comparison, encryption normalization and other operations, and realizes residual calculation and gradient update of the combined model. The dispatching control unit is mainly used for coordinating the joint modeling of the financial institution and the communication institution, interactively synchronizing the synchronous execution states of the two parties and guiding the two parties to perform the next action. The scheduling control unit can provide four functions of event triggering, job scheduling, task management and resource allocation based on Hadoop, Spark and other distributed big data frames. And the event trigger is used for acquiring the current execution states of the modeling two parties and providing a subsequent operation instruction. For example, the scheduling control unit may obtain training rounds of the financial institution and the communication institution, and due to different processing capabilities of the financial institution and the communication institution, training speeds of the financial institution and the communication institution are different, for example, after the second round of intermediate data on the financial institution side has been uploaded to the basic computing unit, the communication institution side has not computed the intermediate result of the second round, and the scheduling control unit may notify the basic computing unit to wait until the communication institution side uploads the intermediate result of the second round and then controls the basic computing unit to start operation. Job scheduling and task management ensure that training of different batches can be in distributed parallel; as a high-strength encryption algorithm is adopted in the model training and application processes, the volume of one floating point number reaches thousands of bits, so that the resource allocation is responsible for coordinating software and hardware resources, and accurate and efficient execution of calculation is ensured.
Another aspect of the disclosed embodiments provides an apparatus for building a fraud phone identification model for a federated platform device. The device comprises a first updating module and a second updating module, wherein the first updating module is used for updating a first initial submodel of a first mechanism and a second initial submodel of a second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, and the following operations (1) to (4) are executed in each updating process:
(1) and receiving first intermediate result data sent by the server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of shared telephone numbers, and the shared telephone numbers are telephone numbers commonly owned by the first organization and the second organization.
(2) And receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of shared telephone numbers.
(3) Based on the first intermediate result data and the second intermediate result data, total result data is obtained.
(4) And sending the total result data to a server of the first organization and a server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
Another aspect of the disclosed embodiments provides an apparatus for constructing a fraud phone identification model for a server of an execution agency, the execution agency being a financial institution or a communication institution, the apparatus including an extraction module and a second update module.
The extraction module is used for extracting sample characteristics corresponding to a plurality of common numbers from the local storage data to form a sample characteristic set, wherein the common numbers are telephone numbers owned by the execution mechanism and the union mechanism.
The second updating module is used for updating the initial sub-model for multiple times based on the sample feature set to obtain an identification sub-model, and in each updating process: inputting the sample characteristic set into an initial sub-model, and calculating to obtain intermediate result data; sending the intermediate result data to the joint platform equipment so that the joint platform equipment obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism; and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
It should be noted that, the apparatus part for constructing the fraud phone identification model in the embodiment of the disclosure corresponds to the method part for constructing the fraud phone identification model of the disclosure, and is not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
Another aspect of the disclosed embodiments provides an electronic device comprising one or more processors and a memory. The memory is used for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the fraud phone identification method or the method of building a fraud phone identification model as described above.
Fig. 9 schematically shows a block diagram of an electronic device adapted to implement the above described method according to an embodiment of the present disclosure. The electronic device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 900 may also include input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present disclosure. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM902 and/or the RAM 903 described above and/or one or more memories other than the ROM902 and the RAM 903.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (22)

1. A fraud telephone identification method, performed by a consolidated platform device, comprising:
receiving an identification request for a target telephone number sent by a request initiating entity, the request initiating entity being a first entity for providing a financial service or a second entity for providing a communication service;
based on the identification request, notifying a server of the first mechanism to determine first intermediate identification information corresponding to the target telephone number, and notifying a server of the second mechanism to determine second intermediate identification information corresponding to the target telephone number, wherein the first intermediate identification information is obtained by the first mechanism through a first identification submodel and a first identification feature corresponding to the target telephone number, and the second intermediate identification information is obtained by the second mechanism through a second identification submodel and a second identification feature corresponding to the target telephone number; and
determining an identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to determine whether the target telephone number is a fraud telephone.
2. The method of claim 1, wherein the first and second recognition submodels are pre-established based on:
updating a first initial submodel of a first mechanism and a second initial submodel of a second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, wherein in each updating process:
receiving first intermediate result data sent by a server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and the second organization;
receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of common telephone numbers;
obtaining total result data based on the first intermediate result data and the second intermediate result data; and
and sending the total result data to a server of the first organization and a server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
3. The method of claim 2, wherein:
in the updating process, the method further comprises the following steps: receiving label information sent by a server of the first organization or a server of the second organization;
obtaining total result data based on the first intermediate result data and the second intermediate result data comprises: and obtaining total result data based on the first intermediate result data, the second intermediate result data and the label information.
4. The method of claim 2, wherein establishing the first and second identifying submodels further comprises:
receiving encrypted data of a first telephone number set sent by a server of the first organization;
receiving encrypted data of a second telephone number set sent by a server of the second organization; and
determining a phone number commonly owned by the first organization and the second organization based on the encrypted data of the first set of phone numbers and the encrypted data of the second set of phone numbers.
5. The method of claim 1, further comprising:
determining whether the target telephone number is a telephone number common to the first institution and the second institution;
if so, notifying the server of the first organization to determine the first intermediate identification information, and notifying the server of the second organization to determine the second intermediate identification information; and
if not, the initiating mechanism is informed to carry out single-side identification.
6. The method of claim 1, wherein:
the first intermediate identification information and the intermediate second intermediate identification information are encrypted data;
the determining a recognition result of the target phone number based on the first intermediate recognition information and the intermediate second intermediate recognition information includes:
and calculating the encrypted first intermediate identification information and the encrypted second intermediate identification information by using an encryption operator to obtain the identification result.
7. The method of claim 1, further comprising:
and sending the identification result to the request initiating mechanism so that the request initiating mechanism takes corresponding measures based on the identification result.
8. A fraud telephone recognition method performed by a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising:
receiving an identification notice sent by the joint platform equipment;
extracting an identification feature corresponding to a target phone number from locally stored data based on the identification notification;
obtaining intermediate identification information based on the identification submodel and the identification characteristics; and
and sending the intermediate identification information to the combined platform equipment so that the combined platform equipment combines the intermediate identification information and another intermediate identification information sent by a combined mechanism of the execution mechanism to obtain an identification result of the target telephone number, wherein the combined mechanism of the financial mechanism is a communication mechanism, and the combined mechanism of the communication mechanism is a financial mechanism.
9. The method of claim 8, wherein the identification submodel is pre-established based on:
extracting sample features corresponding to a plurality of common numbers from local storage data to form a sample feature set, wherein the common numbers are telephone numbers owned by the execution mechanism and the united mechanism;
based on the sample feature set, updating the initial sub-model for multiple times to obtain the identifier model, wherein in each updating process:
inputting the sample feature set into the initial submodel, and calculating to obtain intermediate result data;
sending the intermediate result data to the joint platform device so that the joint platform device obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism;
and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
10. The method of claim 9, wherein establishing the identification submodel further comprises:
encrypting a stored telephone number set to obtain encrypted data of the telephone number set, and sending the encrypted data to the combined platform equipment or a server of the combined mechanism so as to enable the combined platform equipment or the server of the combined mechanism to determine the common number; or
Receiving encrypted data of another set of telephone numbers sent by a server of the affiliate, and determining the common number based on the encrypted data of the other set of telephone numbers.
11. The method of claim 8, further comprising:
responding to the received unilateral identification notice sent by the combined platform equipment, and obtaining an identification result based on the identification feature and a pre-established third identification model; and/or
In response to receiving the identification result sent by the joint platform device, freezing an account corresponding to the target telephone number or reminding other users communicating with the target telephone number if the target telephone number is a fraud telephone.
12. The method of claim 8, wherein:
the identification feature is a financial-related feature of the target telephone number, and comprises at least one of a binding feature, a transaction feature and a balance feature; or
The identification feature is a communication related feature of the target telephone number, and comprises at least one of a call feature, a contact feature, a short message feature and a network feature.
13. A fraud telephone identification method, comprising:
sending, by a server of a first organization for providing financial services or a server of a second organization for providing communication services, an identification request for a target telephone number to a federated platform device;
the joint platform device sends identification notifications to the server of the first organization and the server of the second organization based on the identification requests;
the server of the first organization, in response to receiving the identification notification, determines first intermediate identification information based on a first identification submodel and a first identification feature corresponding to the target telephone number;
the server of the second organization, in response to receiving the identification notification, determines second intermediate identification information based on a second identification submodel and a second identification feature corresponding to the target telephone number; and
the joint platform device determines the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to judge whether the target telephone number is a fraud telephone.
14. A method of building a fraud telephone identification model, performed by a federated platform device, comprising:
updating a first initial submodel of a first mechanism and a second initial submodel of a second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, wherein in each updating process:
receiving first intermediate result data sent by a server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and the second organization;
receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of common telephone numbers;
obtaining total result data based on the first intermediate result data and the second intermediate result data; and
and sending the total result data to a server of the first organization and a server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
15. A method of constructing a fraud telephone identification model, performed by a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising:
extracting sample features corresponding to a plurality of common numbers from local storage data to form a sample feature set, wherein the common numbers are telephone numbers owned by the execution mechanism and the united mechanism;
based on the sample feature set, updating the initial sub-model for multiple times to obtain the identifier model, wherein in each updating process:
inputting the sample feature set into the initial submodel, and calculating to obtain intermediate result data;
sending the intermediate result data to the joint platform device so that the joint platform device obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism;
and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
16. A fraud telephone identification apparatus for use in association with a platform device, comprising:
the system comprises a receiving request module, a processing module and a processing module, wherein the receiving request module is used for receiving an identification request of a target telephone number, which is sent by a request initiating mechanism, and the request initiating mechanism is a first mechanism for providing financial services or a second mechanism for providing communication services;
a notification identification module, configured to notify, based on the identification request, a server of the first mechanism to determine first intermediate identification information corresponding to the target telephone number, and notify a server of the second mechanism to determine second intermediate identification information corresponding to the target telephone number, where the first intermediate identification information is obtained by the first mechanism through a first identification submodel and a first identification feature corresponding to the target telephone number, and the second intermediate identification information is obtained by the second mechanism through a second identification submodel and a second identification feature corresponding to the target telephone number; and
an identification module, configured to determine an identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information, so as to determine whether the target telephone number is a fraud telephone.
17. A fraud telephone identification apparatus for a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising:
the notification receiving module is used for receiving an identification notification sent by the combined platform equipment;
a feature extraction module for extracting an identification feature corresponding to the target phone number from the local storage data based on the identification notification;
the model calculation module is used for obtaining intermediate identification information based on the identification submodel and the identification characteristics; and
and the sending module is used for sending the intermediate identification information to the combined platform equipment so that the combined platform equipment combines the intermediate identification information and another intermediate identification information sent by a combined mechanism of the execution mechanism to obtain an identification result of the target telephone number, wherein the combined mechanism of the financial mechanism is a communication mechanism, and the combined mechanism of the communication mechanism is a financial mechanism.
18. A system for identifying fraudulent calls, comprising:
a server of a first institution, the first institution to provide financial services;
a server of a second organization for providing communication services;
a combined platform installation, wherein,
a server of a first organization or a server of a second organization sends an identification request of a target telephone number to the combined platform equipment;
the joint platform device sends identification notifications to the server of the first organization and the server of the second organization based on the identification requests;
the server of the first organization, in response to receiving the identification notification, determines first intermediate identification information based on a first identification submodel and a first identification feature corresponding to the target telephone number;
the server of the second organization, in response to receiving the identification notification, determines second intermediate identification information based on a second identification submodel and a second identification feature corresponding to the target telephone number; and
the joint platform device determines the identification result of the target telephone number based on the first intermediate identification information and the intermediate second intermediate identification information to judge whether the target telephone number is a fraud telephone.
19. An apparatus for building a fraud phone identification model for a federated platform device, comprising:
the first updating module is used for updating a first initial submodel of the first mechanism and a second initial submodel of the second mechanism for multiple times to obtain a first identification submodel and a second identification submodel, and in each updating process:
receiving first intermediate result data sent by a server of the first organization, wherein the first intermediate result data is obtained by the server of the first organization based on the first initial sub-model and a first sample feature set corresponding to a plurality of common telephone numbers, and the common telephone numbers are telephone numbers commonly owned by the first organization and the second organization;
receiving second intermediate result data sent by the server of the second organization, wherein the second intermediate result data is obtained by the server of the second organization based on the second initial sub-model and a second sample feature set corresponding to the plurality of common telephone numbers;
obtaining total result data based on the first intermediate result data and the second intermediate result data; and
and sending the total result data to a server of the first organization and a server of the second organization, so that the server of the first organization and the server of the second organization respectively update the first initial sub-model and the second initial sub-model based on the total result data.
20. An apparatus for constructing a fraud telephone recognition model for a server of an execution agency, the execution agency being a financial institution or a communication institution, comprising:
the extraction module is used for extracting sample features corresponding to a plurality of common numbers from local storage data to form a sample feature set, wherein the common numbers are telephone numbers shared by the execution mechanism and the joint mechanism;
a second updating module, configured to update the initial sub-model for multiple times based on the sample feature set to obtain the identifier model, and in each updating process:
inputting the sample feature set into the initial submodel, and calculating to obtain intermediate result data;
sending the intermediate result data to the joint platform device so that the joint platform device obtains total result data based on the intermediate result data and another intermediate result data sent by the joint mechanism;
and receiving total result data sent by the combined platform equipment, and updating the parameters of the initial sub-model based on the total result data.
21. An electronic device, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-15.
22. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 15.
CN202010648920.XA 2020-07-07 2020-07-07 Method, device and system for constructing recognition model and recognizing and electronic equipment Active CN111800546B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010648920.XA CN111800546B (en) 2020-07-07 2020-07-07 Method, device and system for constructing recognition model and recognizing and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010648920.XA CN111800546B (en) 2020-07-07 2020-07-07 Method, device and system for constructing recognition model and recognizing and electronic equipment

Publications (2)

Publication Number Publication Date
CN111800546A true CN111800546A (en) 2020-10-20
CN111800546B CN111800546B (en) 2021-12-17

Family

ID=72809681

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010648920.XA Active CN111800546B (en) 2020-07-07 2020-07-07 Method, device and system for constructing recognition model and recognizing and electronic equipment

Country Status (1)

Country Link
CN (1) CN111800546B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112365270A (en) * 2020-10-30 2021-02-12 上海欣方智能系统有限公司 Financial fraud identification and interception method

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003038666A1 (en) * 2001-11-01 2003-05-08 Inovatech Limited Wavelet based fraud detection system
US20120101937A1 (en) * 2009-03-04 2012-04-26 Fair Isaac Corporation Fraud detection based on efficient frequent-behavior sorted lists
US20120263285A1 (en) * 2005-04-21 2012-10-18 Anthony Rajakumar Systems, methods, and media for disambiguating call data to determine fraud
CN103731832A (en) * 2013-12-26 2014-04-16 黄伟 System and method for preventing phone and short message frauds
CN106970911A (en) * 2017-03-28 2017-07-21 广州中国科学院软件应用技术研究所 A kind of strick precaution telecommunication fraud system and method based on big data and machine learning
CN107343077A (en) * 2016-04-28 2017-11-10 腾讯科技(深圳)有限公司 Identify malicious call and establish the method, apparatus of identification model, equipment
CN108243049A (en) * 2016-12-27 2018-07-03 中国移动通信集团浙江有限公司 Telecoms Fraud recognition methods and device
CN108616890A (en) * 2018-04-16 2018-10-02 中山易美信息技术有限公司 A kind of swindle ticket analysis system
CN108924333A (en) * 2018-06-12 2018-11-30 阿里巴巴集团控股有限公司 Fraudulent call recognition methods, device and system
CN109429230A (en) * 2017-08-28 2019-03-05 中国移动通信集团浙江有限公司 A kind of communication swindle recognition methods and system
CN110717816A (en) * 2019-07-15 2020-01-21 上海氪信信息技术有限公司 Artificial intelligence technology-based global financial risk knowledge graph construction method
CN111222025A (en) * 2019-12-27 2020-06-02 南京中新赛克科技有限责任公司 Fraud number identification method and system based on convolutional neural network

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003038666A1 (en) * 2001-11-01 2003-05-08 Inovatech Limited Wavelet based fraud detection system
US20120263285A1 (en) * 2005-04-21 2012-10-18 Anthony Rajakumar Systems, methods, and media for disambiguating call data to determine fraud
US20120101937A1 (en) * 2009-03-04 2012-04-26 Fair Isaac Corporation Fraud detection based on efficient frequent-behavior sorted lists
CN103731832A (en) * 2013-12-26 2014-04-16 黄伟 System and method for preventing phone and short message frauds
CN107343077A (en) * 2016-04-28 2017-11-10 腾讯科技(深圳)有限公司 Identify malicious call and establish the method, apparatus of identification model, equipment
CN108243049A (en) * 2016-12-27 2018-07-03 中国移动通信集团浙江有限公司 Telecoms Fraud recognition methods and device
CN106970911A (en) * 2017-03-28 2017-07-21 广州中国科学院软件应用技术研究所 A kind of strick precaution telecommunication fraud system and method based on big data and machine learning
CN109429230A (en) * 2017-08-28 2019-03-05 中国移动通信集团浙江有限公司 A kind of communication swindle recognition methods and system
CN108616890A (en) * 2018-04-16 2018-10-02 中山易美信息技术有限公司 A kind of swindle ticket analysis system
CN108924333A (en) * 2018-06-12 2018-11-30 阿里巴巴集团控股有限公司 Fraudulent call recognition methods, device and system
CN110717816A (en) * 2019-07-15 2020-01-21 上海氪信信息技术有限公司 Artificial intelligence technology-based global financial risk knowledge graph construction method
CN111222025A (en) * 2019-12-27 2020-06-02 南京中新赛克科技有限责任公司 Fraud number identification method and system based on convolutional neural network

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112365270A (en) * 2020-10-30 2021-02-12 上海欣方智能系统有限公司 Financial fraud identification and interception method

Also Published As

Publication number Publication date
CN111800546B (en) 2021-12-17

Similar Documents

Publication Publication Date Title
US11790078B2 (en) Computer-based systems configured for managing authentication challenge questions in a database and methods of use thereof
US11240372B2 (en) System architecture for fraud detection
CN111860865B (en) Model construction and analysis method, device, electronic equipment and medium
CN112039702B (en) Model parameter training method and device based on federal learning and mutual learning
CN111539810A (en) Anti-fraud method, device, system, apparatus and storage medium
WO2022156594A1 (en) Federated model training method and apparatus, electronic device, computer program product, and computer-readable storage medium
CN109117994A (en) Event prediction method and device, electronic equipment
CN111383113A (en) Suspicious client prediction method, device, equipment and readable storage medium
CN113011632A (en) Enterprise risk assessment method, device, equipment and computer readable storage medium
CN111800546B (en) Method, device and system for constructing recognition model and recognizing and electronic equipment
US20210112068A1 (en) Data security method utilizing mesh network dynamic scoring
CN110913397A (en) Short message verification method and device, storage medium and computer equipment
CN113033717A (en) Model generation method and device for model generation
CN112966878A (en) Loan overdue prediction and learning method and device
CN110264222A (en) Responsible investigation method, apparatus and terminal device based on data acquisition
CN113988867A (en) Fraud detection method and device, computer equipment and storage medium
CN109919767B (en) Transaction risk management method, device and equipment
CN112054891A (en) Block chain-based common user determination method, electronic device and storage medium
CN115114666B (en) Attendance data privacy calculation method and system based on blockchain
CN116055150B (en) Internet of vehicles intrusion detection platform, method and related equipment
CN116049322B (en) Data sharing platform and method based on privacy calculation
CN114996733B (en) Aggregation model updating processing method and device
US11706091B2 (en) Method and a system for retrieving and applying dynamic policy rules in a network
US20240078466A1 (en) Systems and methods for adapting platform behavior using machine-learning-based remote entity lifecycle monitoring
CN117314437A (en) Fraudulent party identification method, apparatus, computer device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant