CN114169438A - Telecommunication network fraud identification method, device, equipment and storage medium - Google Patents

Telecommunication network fraud identification method, device, equipment and storage medium Download PDF

Info

Publication number
CN114169438A
CN114169438A CN202111491526.0A CN202111491526A CN114169438A CN 114169438 A CN114169438 A CN 114169438A CN 202111491526 A CN202111491526 A CN 202111491526A CN 114169438 A CN114169438 A CN 114169438A
Authority
CN
China
Prior art keywords
fraud
ticket data
preset
charging ticket
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111491526.0A
Other languages
Chinese (zh)
Inventor
张宁
王方圆
尚程
傅强
梁彧
蔡琳
田野
王杰
杨满智
金红
陈晓光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN202111491526.0A priority Critical patent/CN114169438A/en
Publication of CN114169438A publication Critical patent/CN114169438A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2462Approximate or statistical queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computational Linguistics (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Biology (AREA)
  • Fuzzy Systems (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Meter Arrangements (AREA)

Abstract

The technical scheme of the embodiment of the invention discloses a method, a device, equipment and a storage medium for identifying telecommunication network fraud. The method comprises the following steps: obtaining historical charging ticket data of fraud numbers in historical telecommunication network fraud events; performing feature extraction on historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type; forming a telecommunication network fraud identification model according to the characteristic data matched with the preset telecommunication network fraud type in the target historical charging ticket data; and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication network fraud identification model to obtain a telecommunication network fraud identification result of the target number. The method can detect the telecommunication phishing in advance, thereby avoiding the loss caused by the telecommunication phishing.

Description

Telecommunication network fraud identification method, device, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of network communication, in particular to a method, a device, equipment and a storage medium for identifying telecommunication network fraud.
Background
Harassing calls often cause great trouble to normal life of people, influence work and life, bring extra mental stress to users, even change the phase to attract the users to consume or participate in illegal activities, and cause economic loss of the users.
The traditional management of telecommunication network fraud usually carries out the treatment of the subsequent fraud case through various reported data, and several or dozens of fraud calls are usually carried out under the treatment mode, so that the property of the user is damaged.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a device and a storage medium for identifying telecommunication phishing, which can detect telecommunication phishing in advance, thereby avoiding losses caused by telecommunication phishing.
In a first aspect, an embodiment of the present invention provides a method for identifying telecommunications phishing, the method including:
obtaining historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
performing feature extraction on the historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type;
forming a telecommunication phishing identification model according to the characteristic data matched with the preset telecommunication phishing type in the target historical charging ticket data;
and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication phishing identification model to obtain a telecommunication phishing identification result of the target number.
In a second aspect, an embodiment of the present invention further provides a telecommunications phishing identification apparatus, which includes:
a historical charging ticket data acquisition module, which is used for acquiring historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
the target historical charging ticket data determining module is used for extracting the characteristics of the historical charging ticket data and determining the target historical charging ticket data meeting the preset telecommunication network fraud type;
the telecommunication phishing identification model forming module is used for forming a telecommunication phishing identification model according to the characteristic data matched with the preset telecommunication phishing type in the target historical charging ticket data;
and the telecommunication network fraud identification result determining module is used for acquiring target charging ticket data of the target number in real time and inputting the target charging ticket data into the telecommunication network fraud identification model to obtain a telecommunication network fraud identification result of the target number.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method for identifying telecommunication phishing as recited in any embodiments of the present invention.
In a fourth aspect, embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements a method for identifying telecommunication phishing according to any of the embodiments of the present invention.
According to the technical scheme of the embodiment of the invention, historical charging ticket data of fraud numbers in historical telecommunication network fraud events are obtained; performing feature extraction on historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type; forming a telecommunication network fraud identification model according to the characteristic data matched with the preset telecommunication network fraud type in the target historical charging ticket data; and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication network fraud identification model to obtain a telecommunication network fraud identification result of the target number, so that the problem of identification of telecommunication network fraud is solved, and telecommunication network fraud is detected in advance, thereby avoiding the loss caused by the telecommunication network fraud.
Drawings
FIG. 1a is a flowchart of a method for identifying telecommunication phishing according to an embodiment of the present invention;
FIG. 1b is a flowchart of a further method for identifying telecommunication phishing according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a telecommunication phishing identification apparatus provided in the second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to a third embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
FIG. 1a is a flow chart of a telecommunication phishing identification method provided in an embodiment of the present invention, which can be applied to the case of identifying fraud-conducting cell phone numbers in a telecommunication network for fraud pre-warning, especially for identifying phishing cell phone numbers, and can be executed by a telecommunication phishing identification device, which can be implemented by software, and/or hardware, and can be integrated in an electronic device such as a mobile phone, a server or a computer, as shown in FIG. 1a, and specifically comprises:
step 110, obtaining historical charging ticket data of the fraud number in the historical telecommunication network fraud event.
Wherein, the historical telecommunication phishing events can be events formed by reporting the recorded historical fraud information to related departments by the fraud users. In particular, the historical telecommunication phishing events may be phishing type fraud events. The fraud number may be identification information of an illegal person performing fraud, such as a cell phone number used by an illegal person performing fraud.
In the embodiment of the invention, the charging ticket data can be user data and service data of a B domain. In some specific implementation manners, the charging ticket data of the embodiment of the present invention may also have an O-domain signaling ticket and an M-domain client ticket for assistance.
The charging ticket has the characteristics of multiple fields, certain time delay and complete data. For example, the billing ticket includes various call information fields and user information fields, such as whether roaming is performed, where roaming is performed, call charges, International Mobile Subscriber Identity (IMEI), International Mobile Equipment International Identity (IMSI), and user package type. Specifically, the charging ticket may be issued by backfilling of an operator group, with a certain delay. For the number belonging to the province operator, whether roaming to province or province, the number can obtain all call records of the number, and the number behavior of roaming out of province can be completely analyzed and detected, so that the method has the characteristic of complete data.
Correspondingly, the embodiment of the invention adopts the charging ticket data to carry out the telecom network fraud recognition, and has the characteristics of multi-scene, high accuracy and early warning in advance. Specifically, as the charging ticket with a plurality of fields and full data can be obtained, the whole telecommunication network fraud event can be analyzed from the perspective of fraud numbers, so that the telecommunication network fraud identification method has stronger applicability. According to the telecommunication phishing identification method provided by the embodiment of the invention, early warning can be carried out according to the obtained telecommunication phishing identification result, for example, the subsequent use of the identified fraud number is closed, so that the subsequent fraud operation carried out by the fraud number is blocked in advance, and even if the adopted charging ticket has a certain time delay, the effect of preventing telecommunication phishing can be achieved well.
Specifically, the charging ticket may include information of one or more of the following fields: the system comprises a user number, an opposite terminal number, a user number type, an opposite terminal number type, a call duration, a call starting time, a call ending time, a calling and called identification, a home terminal position cell number, a home terminal station number, an opposite terminal position cell number, an opposite terminal station number, an electronic serial number, a long distance network type, a video call mark, a home terminal attribution area number, a home terminal visiting area number, an opposite terminal attribution area number, an opposite terminal visiting area number, an account opening time, basic call charge, long distance call charge and date.
Illustratively, the historical charging ticket data acquired in the embodiment of the present invention may further include a statistical result of the charging ticket data within a first preset time period. Wherein the first preset time period may be 8 days. The statistical result of the charging ticket data can comprise the information of one or more fields as follows: the number of active days of a calling party in eight days, the number of times that the number type of a calling opposite terminal in eight days is 7, the number of cell numbers (not divided into calling and called) in eight days, the number of base stations (not divided into calling and called) in eight days, the number of fixed telephone numbers of called opposite terminals in eight days, the number of numbers that the calling of the same number in eight days has an interval of more than 1 hour, the basic call charge in eight days, the number of IMEI (International Mobile Equipment identity) in eight days, the proportion that the first call of each number in eight days is the calling, the average number of calling contact days in eight days, whether the number in eight days is in a high risk province, whether the number in eight days is in a first line and a new first line city, the number of fixed telephone numbers in eight days, the number type of a calling opposite terminal in eight days is 6, the number ratio that the number type of the calling opposite terminal in eight days is more than 0.7, the number of the calling opposite terminal attribution places in eight days, the number of the calling opposite terminals, the number of the opposite terminals in eight days, the calling opposite terminals are in the local place of the local place, the number ratio of the local terminal in eight days, The method comprises the following steps of measuring the attribution dispersion of calling numbers in eight days, the coincidence proportion of the calling number periods in eight days, the frequency ratio of calling mobile phone numbers in eight days, the frequency ratio of calling on weekends in eight days, the total number of calling in eight days, the total calling duration in eight days, the maximum active span of calling in eight days, the maximum number of calling contact days in eight days, the hour of the latest calling call in eight days and the hour of the earliest calling call in eight days.
For another example, the historical charging ticket data obtained in the embodiment of the present invention may further include a daily charging ticket data statistical result. Wherein, the current day can be understood as the last day of a fraud number in the historical charging ticket data, or the day of fraud. The daily billing ticket data statistics result can comprise the information of one or more fields as follows: the number of called times of the day, the average time length of the called times of the day, the total time length of the called times of the day, the longest time length of the called times of the day, the number of called numbers of the called times of the day, the average called times of a single number of the day, the average calling times of a single number of the day, the maximum calling times of a single number of the day, the calling times ratio of the day, the average time length of the calling times of the day, the total time length of the calling times of the day, the longest time length of the calling times of the day, the number of calling numbers of the calling times of the day, the number of location cells when the calling times of the day, and the occupation ratio of the longest calling time length of the day in the total calling times of the day.
Still illustratively, the historical charging ticket data acquired in the embodiment of the present invention may further include an average daily charging ticket data statistical result. The average daily charging ticket data statistical result may include information of one or more of the following fields: average calling duration per day, average daily call charges, and average number of calling numbers per day.
And 120, extracting characteristics of the historical charging ticket data, and determining the target historical charging ticket data meeting the preset telecommunication network fraud type.
The characteristic extraction can be analysis and summary of historical charging ticket data, common characteristics of fraud events under the preset telecommunication network fraud type are obtained, the common characteristics are extracted, and finally target historical charging ticket data meeting the preset telecommunication network fraud type are obtained. In the embodiment of the present invention, the preset telecommunication phishing type may be an online shopping type fraud.
Specifically, in an optional implementation manner of the embodiment of the present invention, the performing feature extraction on the historical charging ticket data, and determining the target historical charging ticket data that meets the preset telecommunication network fraud type includes: performing feature extraction on the historical charging ticket data, and determining alternative historical charging ticket data meeting general fraud feature conditions matched with telecommunication network fraud; and screening out target historical charging ticket data meeting branch fraud characteristic conditions matched with preset telecommunication network fraud types from the alternative historical charging ticket data.
Wherein, the universal fraud feature condition may be a condition used in the preliminary feature extraction under the preset telecommunication phishing type. For example, the generic fraud feature conditions may be conditions constituted by typical features possessed by fraud-like mobile phone numbers.
Specifically, in an optional implementation manner of the embodiment of the present invention, the performing feature extraction on the historical charging ticket data, and determining the alternative historical charging ticket data that satisfies the universal fraud feature condition matched by the telecommunication network fraud includes: and performing feature extraction on the historical charging ticket data, and determining alternative historical charging ticket data which meet the conditions that the calling proportion of the fraud number is greater than or equal to a preset calling proportion threshold value within a first preset time period, the inconsistent proportion of the places of the calling terminal and the called terminal is greater than or equal to a preset region difference threshold value, and the number of times of dialing the mobile phone number in calling conversation is greater than or equal to a preset calling mobile phone threshold value.
The general fraud characteristic condition may be a condition that a calling proportion of the fraud number is greater than or equal to a preset calling proportion threshold value within a first preset time period, an inconsistent proportion of the locations of the calling terminal and the called terminal is greater than or equal to a preset region difference threshold value, and the number of times of dialing the mobile phone number in the calling call is greater than or equal to a preset calling mobile phone threshold value.
For example, the general fraud feature condition may be that the calling proportion is greater than or equal to 0.73 within eight days by a fraud number; the inconsistency ratio of the locations of the home terminal and the opposite terminal of the fraud number in the communication within eight days is more than or equal to 0.95; and the condition that the ratio of the number of times of dialing the mobile phone number by the fraud number in all calling calls within eight days is more than or equal to 0.92.
In the embodiment of the invention, the characteristic preliminary extraction is carried out on the historical charging ticket data, that is, the alternative historical charging ticket data meeting the general fraud characteristic conditions is screened out, only the fraud number is determined to have the typical fraud event characteristics, and whether the fraud event really has the specific characteristics matched with the preset telecommunication network fraud type needs to be further judged through the branch fraud characteristic conditions.
Specifically, in an optional implementation manner of the embodiment of the present invention, the screening out, from the alternative historical charging ticket data, target historical charging ticket data that satisfies the branch fraud feature condition matched with the preset telecommunication network fraud type includes: and screening out target historical charging ticket data meeting the first branch fraud characteristic condition and/or the second branch fraud characteristic condition matched with the preset telecommunication network fraud type from the alternative historical charging ticket data.
Wherein the first branch fraud-characteristic condition comprises at least one of: the number of calling times of the fraud number in a first preset time period is greater than or equal to a first preset calling time threshold, the total calling time is greater than or equal to a first preset calling time threshold, the type of the location of the called terminal is greater than or equal to a first preset opposite terminal area type threshold, the number of active days is greater than or equal to a preset active days threshold, and the total telephone charge is greater than or equal to a preset telephone charge threshold; and/or the presence of a gas in the gas,
the first branch fraud-characteristic condition comprises at least one of: the number of calling times of the fraud number in a second preset time period is greater than or equal to a second preset calling time threshold, the number of types of cells at the calling end is less than or equal to a preset position cell type threshold, the average call duration of the calling meets a first preset call duration condition, and the type of the location of the called end is greater than or equal to a second preset opposite-end area type threshold;
the second branch fraud-characteristic condition comprises at least one of: the method comprises the steps that the toll charges of fraud numbers in a first preset time period meet a preset toll charge condition, the total calling call time of the fraud numbers in a second preset time period is greater than or equal to a second preset call time threshold, the type of the places of called terminals is greater than or equal to a second preset opposite terminal area type threshold, the average calling time per call meets the second preset call time condition, the average call charge per active day is greater than or equal to a preset average call charge threshold, and the total calling call time per active day is greater than or equal to a preset active call time threshold.
Illustratively, the first branch fraud feature condition may specifically include one or more of: the calling number of times of calling and calling of the fraud number is more than or equal to 250 within eight days, the total calling duration of the fraud number is more than or equal to 11000 within eight days, the type of the place where the calling opposite end (called end) of the fraud number is more than or equal to 38 within eight days, the number of days that the fraud number is active is more than or equal to 6 days, and the total telephone charge of the fraud number within eight days is more than or equal to 130 yuan; and/or the number of calling times of the fraud number on the day is more than or equal to 38, the number of calling position cell types of the fraud number on the day is less than or equal to 3, the average calling time per call of the fraud number on the day is more than or equal to 20 seconds and less than or equal to 160 seconds, and the type of calling opposite ends of the fraud number on the day is more than or equal to 25.
As yet another example, the second branch fraud feature condition may specifically include one or more of: the long-distance telephone charge of the fraud number in eight days is 0, the total calling call time of the fraud number in the day is more than or equal to 1000 seconds, the type of the calling opposite terminal of the fraud number in the day is more than or equal to 4, the average calling per-call time of the fraud number in the day is more than or equal to 45 seconds, the average telephone charge per active day of the fraud number is more than or equal to 9 yuan, and the total calling call time per active day of the fraud number in the average is more than or equal to 1300 seconds.
And step 130, forming a telecommunication network fraud identification model according to the characteristic data matched with the preset telecommunication network fraud type in the target historical charging ticket data.
Wherein, the feature data in the target historical charging ticket data, which matches the preset telecommunication network fraud type, may be data associated with the common feature extracted in step 120. For example, the feature data may include data on a usual time duration situation, a calling and called situation, a situation where a fraud number is located, and a telephone charge situation. The forming of the telecommunication phishing recognition model according to the feature data can be that the feature data and the corresponding fraud markers form a sample of a model, and the training of the machine learning model is performed through the sample to form the telecommunication phishing recognition model.
Specifically, in an optional implementation manner of the embodiment of the present invention, forming a telecommunication phishing identification model according to feature data in the target historical charging ticket data, where the feature data is matched with the preset telecommunication phishing type, includes: taking data associated with the universal fraud feature condition and the branch fraud feature condition in the target historical charging ticket data as feature data matched with the preset telecommunication network fraud type; and performing model training by adopting a machine learning model according to the characteristic data to form a telecommunication network fraud recognition model.
The data associated with the universal fraud characteristic conditions and the branch fraud characteristic conditions may include charging ticket data related to the universal fraud characteristic conditions and the branch fraud characteristic conditions, such as a calling proportion, an inconsistent proportion between a calling end and a called end, and the number of times of dialing mobile phone numbers in a calling call within a first preset time period; calling times, the total calling duration, the type of the location of a called terminal, the number of active days and the total telephone charge in a first preset time period; calling times, the number of types of cells at the position of a calling terminal, the average per-call duration of the calling terminal and the type of the location of a called terminal in a second preset time period; the method comprises the steps of long distance call charge in a first preset time period, total call time of a calling party in a second preset time period, the type of the location of a called terminal, average call time per calling party, average call charge per active day number and average total call time per active day number.
Furthermore, the data associated with the generic fraud feature conditions and the branch fraud feature conditions may also comprise charging ticket data derived from the generic fraud feature conditions and the branch fraud feature conditions, such as data describing fraud number behavior information from one or more of the following perspectives: time information describing the talking behavior of the fraud number, long distance talking type information describing the fraud number, basic talking behavior describing the fraud number and background information describing the fraud number.
Specifically, the derived charging ticket data may include one or more of the following items: time information data describing the talking behavior of the fraud numbers, such as the average absolute deviation of the hour time of the first talk each day of the fraud numbers within eight days, the average absolute deviation of the hour time of the last talk each day of the fraud numbers within eight days, the average of the hour time of the first talk each day of the fraud numbers within eight days, and the average of the hour time of the last talk each day of the fraud numbers within eight days; describing fraud number long-distance call type information data, such as the proportion of fraud numbers dialing to non-attribution or non-location within eight days, the number of locations corresponding to fraud numbers within eight days and the corresponding proportion, the long-distance type types corresponding to fraud numbers within eight days and the corresponding proportion, and the long-distance packet types corresponding to fraud numbers within eight days and the corresponding proportion; describing basic call behavior data of the fraud number, such as the number times of calling the fraud number in the previous seven days of the current day, the occupied proportion, the number times of calling a bank class or service class number in eight days, the average number of calling the bank class per active day, the number times of the service class number, and the average number times of calling the fraud number with each number in the current day; the fraud number background information data is described, such as the package type used by the fraud number, the location where the fraud number last called, the number and proportion of locations corresponding to the fraud number for eight days, and the roaming category corresponding to the fraud number for eight days.
And step 140, acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecom phishing identification model to obtain a telecom phishing identification result of the target number.
Wherein, the target number can be a cell phone number for fraud detection in the telecommunication network. Specifically, in order to reduce the workload of fraud detection in the telecommunication network, the target number may be a mobile phone number whose target charging ticket data satisfies the general fraud feature conditions. The target charging ticket data input into the telecommunication phishing identification model may be part of the charging ticket data, for example, data corresponding to samples adopted when training the telecommunication phishing identification model. Specifically, the target charging ticket data input into the telecommunication network fraud identification model may be data associated with the universal fraud feature condition and the branch fraud feature condition. The telecommunication network fraud recognition model can determine whether the target number has telecommunication network fraud behaviors according to the target charging ticket data of the target number, thereby taking certain intervention measures for the target number, preventing the target number from fraud in advance and ensuring the property safety of users.
On the basis of the foregoing embodiment, optionally, after obtaining the target charging ticket data of the target number in real time and inputting the target charging ticket data to the telecommunication phishing identification model to obtain the telecommunication phishing identification result of the target number, the method further includes: and if the telecommunication phishing identification result is that the target number is a suspected fraud number, shutting down the target number.
Wherein, for the target number with telecommunication network fraud behavior, the target number can be shut down. The shutdown can be understood as that the operator stops serving the target number, the target number cannot be called, and other operations cannot be carried out, so that fraud behaviors cannot be carried out, and for other users in the telecommunication network, the shutdown of the target number achieves the effect of preventing fraud events in advance.
When the embodiment of the invention is used for stopping the target number, a black and white list comparison mechanism and/or a history access comparison mechanism can be introduced to avoid misoperation on the target number. Specifically, the numbers in the white list can be numbers used by high-quality users identified by the operator, and no fraudulent behaviors exist. The black list may consist of numbers that are reported or labeled. The black-and-white list comparison mechanism may be that if the target number is a suspected fraud number and the target number is a number in the white list, the target number may not be shut down, thereby avoiding shutting down a trusted user. The black-and-white list comparison mechanism can also be used for directly shutting down the target number if the target number is a suspected fraud number and is a number in the black list, so that the loss of other users is avoided. The historical access comparison mechanism may be that if the target number is a suspected fraud number and the target number is a new account opening number, the target number may be shut down and return visit to the target number, return visit feedback information of the target number is obtained, and if the feedback information is complaint information, the target number may be shut down. The historical access comparison mechanism can also be used for sending the identification result of the target number and the historical access information to the detection platform if the target number is a suspected fraud number and the historical access of the target number is normal; the method comprises the steps of obtaining shutdown confirmation information of a detection platform aiming at a target number according to an actual application scene, and performing shutdown processing on the target number according to the shutdown confirmation information, so that missing discovery and missing processing of target number fraud behaviors can be avoided, and the accuracy of the shutdown processing of the target number can be improved.
On the basis of the foregoing embodiment, optionally, the method further includes: according to the historical charging ticket data and the charging ticket data of the suspected fraud number, performing feature extraction to determine the user portrait feature; and forming a user early warning portrait according to the user portrait characteristics, and screening early warning users matched with the user early warning portrait in a telecommunication network for early warning notification.
The user profile feature may be extracted from the user features of fraud events (historical fraud events or currently identified fraud events). Specifically, the M-domain information in the fraud event may be extracted, for example, information such as the age, sex, occupation, and online shopping website of the user may be extracted to form the user warning image.
In the embodiment of the invention, the formation of the user early warning portrait can be realized by adopting a LightGBM algorithm. The LightGBM is a lightweight GB (gradient boosting) framework, and supports distribution based on a learning algorithm of a decision tree. The histogram algorithm is used, so that the occupied memory is lower, and the complexity of data separation is lower. Finding out one leaf with the maximum splitting gain (generally, the maximum data volume) from all the current leaves at a time by adopting a leaf-wise growth strategy, splitting, and circulating; but a deeper decision tree is grown to generate overfitting, LightGBM can add a maximum depth limit above the leaf-wise to prevent overfitting while ensuring high efficiency.
After the user early warning portrait is formed, the early warning notice can be given to the users with the characteristics matched with the user early warning portrait in the telecommunication network, so that the users are more alert and are prevented from being cheated. The warning notification may be in various manners, for example, the warning notification may be a short message notification, a telephone notification, or application software push.
According to the technical scheme of the embodiment, historical charging ticket data of fraud numbers in historical telecommunication network fraud events are obtained; performing feature extraction on historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type; forming a telecommunication network fraud identification model according to the characteristic data matched with the preset telecommunication network fraud type in the target historical charging ticket data; and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication network fraud identification model to obtain a telecommunication network fraud identification result of the target number, so that the problem of identification of telecommunication network fraud is solved, and telecommunication network fraud is detected in advance, thereby avoiding the loss caused by the telecommunication network fraud.
FIG. 1b is a flow chart of a further telecommunication phishing identification method provided by an embodiment of the present invention, and as shown in FIG. 1b, the telecommunication phishing identification method provided by the embodiment of the present invention can be applied to operators of various levels, and timely detect and close the operated mobile phone numbers when online shopping fraud is involved, thereby ensuring the property safety of users and maintaining the public image of the operators.
As shown in FIG. 1b, a specific usage flow of the telecommunication phishing identification method can be: obtaining historical charging ticket data of fraud numbers in historical telecommunication network fraud events provided by operators; and home identification of the fraud number. If the fraud number does not belong to the current operator management, historical charging ticket data of the fraud number can be discarded; if the fraud number belongs to the current carrier management, it can be determined whether the fraud number is a virtual carrier. If the fraud number is a virtual operator, historical charging ticket data of the fraud number can be discarded; if the fraud number is not a virtual operator, the historical charging ticket data of the fraud number can be subjected to preliminary feature extraction. After the preliminary feature extraction is performed, the two-layer feature extraction (feature extraction according to the branch fraud feature condition) may be continued. The two-layer feature extraction may include global feature analysis (e.g., data analysis within eight days), feature analysis of the current day, and dialing orientation analysis. If the historical charging ticket data of the fraud number meets the primary characteristic extraction and the two-layer characteristic extraction, establishing a telecommunication network fraud identification model according to the extracted characteristic data; if the historical charging ticket data of the fraud number does not meet the primary feature extraction and the two-layer feature extraction, the historical charging ticket data of the fraud number can be discarded, and the next fraud event is processed. After the telecommunication network fraud recognition model is established, the target charging ticket data of the target number can be obtained in real time, telecommunication network fraud recognition is carried out on the target number, and whether the target number is a suspected fraud number or not is determined. If the target number is not a suspected fraud number, the target number may be added to a white list; if the target number is a suspected fraud number, whether the target number is authentic can be further determined according to a black-and-white list comparison mechanism and/or a historical access comparison mechanism. If the target number is credible, the target number can be added into a white list; if the destination number is not authentic, the destination number may be shut down.
Through the telecommunication network fraud identification method shown in fig. 1b, the mobile phone numbers of suspected online shopping fraud in the telecommunication network can be automatically identified in batch and in real time based on the charging ticket data provided by the operator and are shut down, so that illegal persons can be fundamentally blocked from online shopping fraud through communication phones, and the property safety of users is effectively guaranteed; and further research and judge the suspected fraud number through a black-and-white list comparison mechanism and a historical access comparison mechanism, so that the condition that the mobile phone number is judged by mistake can be avoided.
Example two
FIG. 2 is a schematic structural diagram of a telecommunication phishing identification apparatus provided in the second embodiment of the present invention. With reference to fig. 2, the apparatus comprises: a historical charging ticket data acquisition module 210, a target historical charging ticket data determination module 220, a telecommunication phishing identification model forming module 230 and a telecommunication phishing identification result determination module 240. Wherein:
a historical charging ticket data acquiring module 210, configured to acquire historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
a target historical charging ticket data determining module 220, configured to perform feature extraction on the historical charging ticket data, and determine target historical charging ticket data that meets a preset telecommunication network fraud type;
a telecommunication phishing identification model forming module 230, configured to form a telecommunication phishing identification model according to the feature data, matched with the preset telecommunication phishing type, in the target historical charging ticket data;
the telecommunication phishing identification result determining module 240 is configured to obtain target charging ticket data of the target number in real time, and input the target charging ticket data to the telecommunication phishing identification model to obtain a telecommunication phishing identification result of the target number.
Optionally, the target historical charging ticket data determining module 220 includes:
the alternative historical charging ticket data determining unit is used for extracting the characteristics of the historical charging ticket data and determining alternative historical charging ticket data meeting the universal fraud characteristic conditions matched with the telecommunication network fraud;
and the target historical charging ticket data determining unit is used for screening out target historical charging ticket data meeting branch fraud characteristic conditions matched with preset telecommunication network fraud types from the alternative historical charging ticket data.
Optionally, the alternative historical charging ticket data determining unit is specifically configured to:
and performing feature extraction on the historical charging ticket data, and determining alternative historical charging ticket data which meet the conditions that the calling proportion of the fraud number is greater than or equal to a preset calling proportion threshold value within a first preset time period, the inconsistent proportion of the places of the calling terminal and the called terminal is greater than or equal to a preset region difference threshold value, and the number of times of dialing the mobile phone number in calling conversation is greater than or equal to a preset calling mobile phone threshold value.
Optionally, the target historical charging ticket data determining unit is specifically configured to:
screening out target historical charging ticket data meeting the first branch fraud characteristic condition and/or the second branch fraud characteristic condition matched with the preset telecommunication network fraud type from the alternative historical charging ticket data;
wherein the first branch fraud-characteristic condition comprises at least one of: the number of calling times of the fraud number in a first preset time period is greater than or equal to a first preset calling time threshold, the total calling time is greater than or equal to a first preset calling time threshold, the type of the location of the called terminal is greater than or equal to a first preset opposite terminal area type threshold, the number of active days is greater than or equal to a preset active days threshold, and the total telephone charge is greater than or equal to a preset telephone charge threshold; and/or the presence of a gas in the gas,
the first branch fraud-characteristic condition comprises at least one of: the number of calling times of the fraud number in a second preset time period is greater than or equal to a second preset calling time threshold, the number of types of cells at the calling end is less than or equal to a preset position cell type threshold, the average call duration of the calling meets a first preset call duration condition, and the type of the location of the called end is greater than or equal to a second preset opposite-end area type threshold;
the second branch fraud-characteristic condition comprises at least one of: the method comprises the steps that the toll charges of fraud numbers in a first preset time period meet a preset toll charge condition, the total calling call time of the fraud numbers in a second preset time period is greater than or equal to a second preset call time threshold, the type of the places of called terminals is greater than or equal to a second preset opposite terminal area type threshold, the average calling time per call meets the second preset call time condition, the average call charge per active day is greater than or equal to a preset average call charge threshold, and the total calling call time per active day is greater than or equal to a preset active call time threshold.
Optionally, the telecommunications phishing identification model forming module 230 comprises:
a characteristic data determining unit, configured to use data associated with the common fraud characteristic condition and the branch fraud characteristic condition in the target historical charging ticket data as characteristic data matching the preset telecommunication network fraud type;
and the telecommunication phishing identification model forming unit is used for carrying out model training by adopting a machine learning model according to the characteristic data to form a telecommunication phishing identification model.
Optionally, the apparatus further includes:
and the target number shutdown module is used for obtaining target charging ticket data of a target number in real time, inputting the target charging ticket data into the telecommunication phishing identification model, and shutting down the target number if the telecommunication phishing identification result is that the target number is a suspected fraud number after the telecommunication phishing identification result of the target number is obtained.
Optionally, the apparatus further includes:
the user portrait feature determination module is used for performing feature extraction to determine the user portrait feature according to the historical charging ticket data and the charging ticket data of the suspected fraud number;
and the early warning notification module is used for forming a user early warning portrait according to the user portrait characteristics and screening early warning users matched with the user early warning portrait in a telecommunication network for early warning notification.
The telecommunication phishing identification device provided by the embodiment of the invention can execute the telecommunication phishing identification method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE III
Fig. 3 is a schematic structural diagram of an electronic device according to a third embodiment of the present invention, and as shown in fig. 3, the electronic device includes:
one or more processors 310, one processor 310 being illustrated in FIG. 3;
a memory 320;
the apparatus may further include: an input device 330 and an output device 340.
The processor 310, the memory 320, the input device 330 and the output device 340 of the apparatus may be connected by a bus or other means, and fig. 3 illustrates the connection by a bus as an example.
The memory 320 is a non-transitory computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to a telecommunication phishing identification method in the embodiment of the present invention (for example, the historical charging ticket data acquisition module 210, the target historical charging ticket data determination module 220, the telecommunication phishing identification model forming module 230, and the telecommunication phishing identification result determination module 240 shown in fig. 2). The processor 310 executes various functional applications and data processing of the computer device by executing the software programs, instructions and modules stored in the memory 320, namely, implementing a telecommunication phishing identification method of the above-mentioned method embodiments, namely:
obtaining historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
performing feature extraction on the historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type;
forming a telecommunication phishing identification model according to the characteristic data matched with the preset telecommunication phishing type in the target historical charging ticket data;
and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication phishing identification model to obtain a telecommunication phishing identification result of the target number.
The memory 320 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 320 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 320 may optionally include memory located remotely from processor 310, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 330 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. The output device 340 may include a display device such as a display screen.
Example four
The fourth embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for identifying telecommunication phishing, according to the fourth embodiment of the present invention:
obtaining historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
performing feature extraction on the historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type;
forming a telecommunication phishing identification model according to the characteristic data matched with the preset telecommunication phishing type in the target historical charging ticket data;
and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication phishing identification model to obtain a telecommunication phishing identification result of the target number.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A telecommunications phishing identification method, characterized in that said method comprises:
obtaining historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
performing feature extraction on the historical charging ticket data, and determining target historical charging ticket data meeting the preset telecommunication network fraud type;
forming a telecommunication phishing identification model according to the characteristic data matched with the preset telecommunication phishing type in the target historical charging ticket data;
and acquiring target charging ticket data of the target number in real time, and inputting the target charging ticket data into the telecommunication phishing identification model to obtain a telecommunication phishing identification result of the target number.
2. The method as claimed in claim 1, wherein performing feature extraction on the historical charging ticket data, and determining the target historical charging ticket data satisfying a preset telecommunication network fraud type comprises:
performing feature extraction on the historical charging ticket data, and determining alternative historical charging ticket data meeting general fraud feature conditions matched with telecommunication network fraud;
and screening out target historical charging ticket data meeting branch fraud characteristic conditions matched with preset telecommunication network fraud types from the alternative historical charging ticket data.
3. The method as claimed in claim 2, wherein the performing feature extraction on the historical charging ticket data, and determining the alternative historical charging ticket data satisfying the universal fraud feature condition matched by the telecommunication network fraud comprises:
and performing feature extraction on the historical charging ticket data, and determining alternative historical charging ticket data which meet the conditions that the calling proportion of the fraud number is greater than or equal to a preset calling proportion threshold value within a first preset time period, the inconsistent proportion of the places of the calling terminal and the called terminal is greater than or equal to a preset region difference threshold value, and the number of times of dialing the mobile phone number in calling conversation is greater than or equal to a preset calling mobile phone threshold value.
4. The method as claimed in claim 2, wherein the screening out, from the alternative historical charging ticket data, target historical charging ticket data satisfying the branch fraud feature condition matched with the preset telecommunication network fraud type comprises:
screening out target historical charging ticket data meeting the first branch fraud characteristic condition and/or the second branch fraud characteristic condition matched with the preset telecommunication network fraud type from the alternative historical charging ticket data;
wherein the first branch fraud-characteristic condition comprises at least one of: the number of calling times of the fraud number in a first preset time period is greater than or equal to a first preset calling time threshold, the total calling time is greater than or equal to a first preset calling time threshold, the type of the location of the called terminal is greater than or equal to a first preset opposite terminal area type threshold, the number of active days is greater than or equal to a preset active days threshold, and the total telephone charge is greater than or equal to a preset telephone charge threshold; and/or the presence of a gas in the gas,
the first branch fraud-characteristic condition comprises at least one of: the number of calling times of the fraud number in a second preset time period is greater than or equal to a second preset calling time threshold, the number of types of cells at the calling end is less than or equal to a preset position cell type threshold, the average call duration of the calling meets a first preset call duration condition, and the type of the location of the called end is greater than or equal to a second preset opposite-end area type threshold;
the second branch fraud-characteristic condition comprises at least one of: the method comprises the steps that the toll charges of fraud numbers in a first preset time period meet a preset toll charge condition, the total calling call time of the fraud numbers in a second preset time period is greater than or equal to a second preset call time threshold, the type of the places of called terminals is greater than or equal to a second preset opposite terminal area type threshold, the average calling time per call meets the second preset call time condition, the average call charge per active day is greater than or equal to a preset average call charge threshold, and the total calling call time per active day is greater than or equal to a preset active call time threshold.
5. The method as claimed in claim 2, wherein forming a telecommunication phishing identification model according to the feature data in the target historical charging ticket data matching with the preset telecommunication phishing type comprises:
taking data associated with the universal fraud feature condition and the branch fraud feature condition in the target historical charging ticket data as feature data matched with the preset telecommunication network fraud type;
and performing model training by adopting a machine learning model according to the characteristic data to form a telecommunication network fraud recognition model.
6. The method as recited in any one of claims 1-5, wherein after obtaining target charging ticket data of a target number in real time and inputting the data into said telecom phishing identification model to obtain telecom phishing identification result of said target number, further comprising:
and if the telecommunication phishing identification result is that the target number is a suspected fraud number, shutting down the target number.
7. The method of claim 6, further comprising:
according to the historical charging ticket data and the charging ticket data of the suspected fraud number, performing feature extraction to determine the user portrait feature;
and forming a user early warning portrait according to the user portrait characteristics, and screening early warning users matched with the user early warning portrait in a telecommunication network for early warning notification.
8. A telecommunications phishing identification apparatus, comprising:
a historical charging ticket data acquisition module, which is used for acquiring historical charging ticket data of fraud numbers in historical telecommunication network fraud events;
the target historical charging ticket data determining module is used for extracting the characteristics of the historical charging ticket data and determining the target historical charging ticket data meeting the preset telecommunication network fraud type;
the telecommunication phishing identification model forming module is used for forming a telecommunication phishing identification model according to the characteristic data matched with the preset telecommunication phishing type in the target historical charging ticket data;
and the telecommunication network fraud identification result determining module is used for acquiring target charging ticket data of the target number in real time and inputting the target charging ticket data into the telecommunication network fraud identification model to obtain a telecommunication network fraud identification result of the target number.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
CN202111491526.0A 2021-12-08 2021-12-08 Telecommunication network fraud identification method, device, equipment and storage medium Pending CN114169438A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111491526.0A CN114169438A (en) 2021-12-08 2021-12-08 Telecommunication network fraud identification method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111491526.0A CN114169438A (en) 2021-12-08 2021-12-08 Telecommunication network fraud identification method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114169438A true CN114169438A (en) 2022-03-11

Family

ID=80484480

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111491526.0A Pending CN114169438A (en) 2021-12-08 2021-12-08 Telecommunication network fraud identification method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114169438A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430442A (en) * 2022-04-02 2022-05-03 广东创新科技职业学院 Fraud number identification and analysis method based on artificial intelligence
CN115021937A (en) * 2022-06-21 2022-09-06 中国银行股份有限公司 User identity authentication method, system, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430442A (en) * 2022-04-02 2022-05-03 广东创新科技职业学院 Fraud number identification and analysis method based on artificial intelligence
CN115021937A (en) * 2022-06-21 2022-09-06 中国银行股份有限公司 User identity authentication method, system, electronic equipment and storage medium
CN115021937B (en) * 2022-06-21 2024-02-09 中国银行股份有限公司 User identity authentication method, system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108924333B (en) Fraud telephone identification method, device and system
CN109600752B (en) Deep clustering fraud detection method and device
EP3214861B1 (en) Method, device and system for detecting fraudulent user
CN110337059B (en) Analysis algorithm, server and network system for family relationship of user
CN107819747B (en) Telecommunication fraud association analysis system and method based on communication event sequence
CN114169438A (en) Telecommunication network fraud identification method, device, equipment and storage medium
CN106936997B (en) A kind of rubbish voice recognition methods and system based on social networks map
CN107770777B (en) Method for identifying recorded fraud calls
CN110611929A (en) Abnormal user identification method and device
CN111918226A (en) Real-time signaling-based method and device for analyzing international high-settlement embezzlement behavior
CN110167030B (en) Method, device, electronic equipment and storage medium for identifying crank calls
CN108198086B (en) Method and device for identifying disturbance source according to communication behavior characteristics
CN109819125A (en) A kind of method and device limiting telecommunication fraud
CN103167502B (en) Based on the method for the illegal calling of OTA technology regulation
CN115659217A (en) Fraud recognition model training method and device, electronic equipment and storage medium
CN114168423A (en) Abnormal number calling monitoring method, device, equipment and storage medium
CN116170537A (en) Information processing method, equipment and storage medium
CN108769434A (en) Call processing method, apparatus and system
CN114205462A (en) Fraud telephone identification method, device, system and computer storage medium
CN111064850A (en) System and method for realizing prevention, control and reminding of crank calls based on communication network
CN113723788A (en) Internet of things card risk identification method and system based on multi-dimensional correlation detection model
CN113411828A (en) Method, device and equipment for sensing call quality and computer readable storage medium
CN112040068B (en) False international number identification method, device, equipment and readable storage medium
CN110062114A (en) Fraudulent call prediction technique and forecasting system based on ARIMA
CN113286035B (en) Abnormal call detection method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination