CN115243268A - Community fraud relationship identification method and system and readable storage medium - Google Patents
Community fraud relationship identification method and system and readable storage medium Download PDFInfo
- Publication number
- CN115243268A CN115243268A CN202210862406.5A CN202210862406A CN115243268A CN 115243268 A CN115243268 A CN 115243268A CN 202210862406 A CN202210862406 A CN 202210862406A CN 115243268 A CN115243268 A CN 115243268A
- Authority
- CN
- China
- Prior art keywords
- fraud
- mobile phone
- phone number
- relationship
- target mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a group fraud relationship identification method, a group fraud relationship identification system and a readable storage medium, wherein the method comprises the following steps: acquiring a group fraud relationship identification request sent by a terminal, wherein the group fraud relationship identification request carries a target mobile phone number; judging whether the target mobile phone number is a black product; if yes, acquiring a plurality of pieces of associated information corresponding to the target mobile phone number; inputting the multiple pieces of associated information into a preset group fraud relationship identification model to perform group fraud relationship atlas analysis, so as to obtain a group fraud relationship atlas corresponding to the target mobile phone number; and sending the group fraud relationship map to the terminal. The method, the system and the readable storage medium can solve the problems that the existing group fraud relationship identification method is easy to generate post-processing, the judgment accuracy of fraud relationships is low, the judgment coverage rate of fraud relationships is low and the like.
Description
Technical Field
The present invention relates to the field of network technologies, and in particular, to a method, a system, and a readable storage medium for identifying a group fraud relationship.
Background
At present, group fraud relationship identification mainly depends on technical means such as information collection, malicious information collection, user service layer data behavior analysis, abnormal information (IP and mobile phone number) library and the like, and problems such as post-processing, low fraud relationship judgment accuracy, low fraud relationship judgment coverage rate and the like are easy to generate.
Disclosure of Invention
The present invention provides a group fraud relationship identification method, system and readable storage medium, which can implement pre-processing and have high fraud relationship determination accuracy.
In a first aspect, the present invention provides a community fraud relationship identification method, comprising:
acquiring a group fraud relationship identification request sent by a terminal, wherein the group fraud relationship identification request carries a target mobile phone number;
judging whether the target mobile phone number is a black product;
if yes, acquiring a plurality of pieces of associated information corresponding to the target mobile phone number;
inputting the multiple pieces of associated information into a preset group fraud relationship recognition model for group fraud relationship atlas analysis to obtain a group fraud relationship atlas corresponding to the target mobile phone number;
and sending the group fraud relationship map to the terminal.
Further, the determining whether the target mobile phone number is a black product specifically includes:
acquiring a target IP address and a target international mobile subscriber identity IMSI number corresponding to the target mobile phone number;
and performing black product identification on the target mobile phone number according to a preset black product account library, the target IP address and the target IMSI number, and obtaining a black product identification result.
Further, the identifying the black product of the target mobile phone number according to a preset black product account library, the target IP address and the target IMSI number and obtaining a black product identification result specifically includes:
calculating an accurate matching distance between the target mobile phone number and each first Heisha mobile phone number in the Heisha account library according to the following formula:
x=1,2,3,…,C
wherein C is the number of the first Heiyao mobile phone number in the Heiyao account library,
is composed of
The transpose of (a) is performed,
the converted value of the target IP address corresponding to the target mobile phone number and the target IMSI number,
the first IP address corresponding to the xth first Heishao mobile phone number in the Heishao account library and the converted value of the first IMSI number, eta is an adjustment coefficient, M is an automatic adjustment time range,
the start time of the black producing behavior corresponding to the xth first black producing mobile phone number,
the end time of the black birth action corresponding to the xth first black birth mobile phone number, d x An accurate matching distance between the target mobile phone number and the x-th first Heishan mobile phone number is obtained;
acquiring the minimum value of all the accurate matching distances, and judging whether the minimum value of the accurate matching distances is smaller than or equal to a preset distance threshold value or not;
and if so, determining that the target mobile phone number is a black product, otherwise, not determining that the target mobile phone number is the black product.
Further, the group fraud relationship identification model includes a convolution portion, a pooling portion and a full connection portion, the group fraud relationship spectrum analysis is performed by inputting the plurality of pieces of associated information into a preset group fraud relationship identification model, so as to obtain the group fraud relationship spectrum corresponding to the target mobile phone number, and the method specifically includes:
obtaining a matrix U formed by eigenvectors of the normalized graph Laplacian matrix corresponding to the plurality of pieces of associated information through the convolution part;
carrying out average pooling treatment on the U through the pooling part to obtain a pooling result;
and connecting the average pooling result into a one-dimensional vector through the full-connection part to obtain the community fraud relationship map.
Further, the obtaining, by the convolution portion, a matrix U composed of eigenvectors of the normalized graph laplacian matrix corresponding to the pieces of associated information specifically includes:
and acquiring an abnormal relation judgment accuracy W and an abnormal relation judgment coverage rate C corresponding to each piece of associated information through the convolution part, and forming a vector according to W and C to obtain U, wherein U = [ W, C ].
Further, the graph laplacian matrix L satisfies the following formula:
in the formula I N Is a unit matrix, D is a degree matrix of the graph, A is a diagonal matrix composed of the adjacent matrix of the graph and A is a characteristic of L, U is T Is a matrix transpose composed of the eigenvectors of the normalized graph laplacian matrix.
Further, each piece of association information includes the following attributes: the method comprises the following steps that a user unique identifier, black birth behavior starting time, black birth behavior ending time, a calling type, a charging party IMSI number, a target mobile phone number, a home terminal attribution area number, an ordered opposite party number, an opposite terminal attribution area number and call duration are set;
eigenvalue function g of said L θ (Λ) satisfies the following equation:
wherein, the first and the second end of the pipe are connected with each other,
T k (∧)=2∧T k-1 (∧)-T k-2 (^),T 0 (^)=1,T 1 (^)=∧
in the formula, theta 1 、θ 2 、θ 3 、θ 4 、θ 5 、θ 6 、θ 7 、θ 8 、θ 9 、θ 10 Respectively mapping the unique user identifier, the black birth behavior starting time, the black birth behavior ending time, the call type, the IMSI number of the charging party, the target mobile phone number, the home terminal attribution area number, the normalized opposite party number, the opposite terminal attribution area number and the call duration theta k ∈R k Is a Chebyshev coefficient vector, and the maximum eigenvalue matrix variation of Chebyshev with the lambda being lambda, T k (^) is Chebyshev polynomial, lambda max Is the maximum eigenvalue of L, T k-1 (∧)、T k-2 (^) is a recursive Chebyshev polynomial;
the change L of the Chebyshev maximum eigenvalue matrix of the L meets the following formula:
L=2L/λ max -I N =UΛU T 。
in a second aspect, the present invention provides a group fraud relationship identification system, comprising:
an identification request acquisition module, configured to acquire a group fraud relationship identification request sent by a terminal, where the group fraud relationship identification request carries a target mobile phone number;
the black product judging module is connected with the identification request acquiring module and is used for judging whether the target mobile phone number is a black product;
the associated information acquisition module is connected with the black product judgment module and used for acquiring a plurality of pieces of associated information corresponding to the target mobile phone number if the associated information is positive;
the spectrum analysis module is connected with the associated information acquisition module and is used for inputting the plurality of pieces of associated information into a preset group fraud relationship recognition model to perform group fraud relationship spectrum analysis so as to obtain a group fraud relationship spectrum corresponding to the target mobile phone number;
and the recognition result sending module is connected with the spectrum analysis module and is used for sending the community fraud relationship spectrum to the terminal.
In a third aspect, the present invention provides a group fraud relationship identification system, comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to implement the group fraud relationship identification method of the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium, having stored thereon a computer program, which when executed by a processor, implements the community fraud relationship identification method of the first aspect.
The method, the system and the readable storage medium for identifying the group fraud relationship provided by the invention comprise the steps of firstly obtaining a group fraud relationship identification request sent by a terminal, wherein the group fraud relationship identification request carries a target mobile phone number, then judging whether the target mobile phone number is a black product or not, if so, obtaining a plurality of pieces of associated information corresponding to the target mobile phone number, inputting the plurality of pieces of associated information into a preset group fraud relationship identification model for group fraud relationship atlas analysis, obtaining a group fraud relationship atlas corresponding to the target mobile phone number, and finally sending the group fraud relationship atlas to the terminal. The method and the device can realize pre-processing, have the advantages of high judgment accuracy of the fraud relationship, high judgment coverage rate of the fraud relationship and the like, and solve the problems that the conventional group fraud relationship identification method is easy to generate post-processing, low judgment accuracy of the fraud relationship, low judgment coverage rate of the fraud relationship and the like.
Drawings
FIG. 1 is a scene diagram of a group fraud relationship identification method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a community fraud relationship identification method according to embodiment 1 of the present invention;
FIG. 3 is a schematic structural diagram of a community fraud relationship identification system according to embodiment 2 of the present invention;
FIG. 4 is a schematic structural diagram of a community fraud relationship identification system according to embodiment 3 of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the following detailed description will be made with reference to the accompanying drawings.
It is to be understood that the specific embodiments and figures described herein are merely illustrative of the invention and are not limiting of the invention.
It is to be understood that the embodiments and features of the embodiments can be combined with each other without conflict.
It is to be understood that, for the convenience of description, only parts related to the present invention are shown in the drawings of the present invention, and parts not related to the present invention are not shown in the drawings.
It should be understood that each unit and module related in the embodiments of the present invention may correspond to only one physical structure, may also be composed of multiple physical structures, or multiple units and modules may also be integrated into one physical structure.
It will be understood that, without conflict, the functions, steps, etc. noted in the flowchart and block diagrams of the present invention may occur in an order different from that noted in the figures.
It is to be understood that the flowchart and block diagrams of the present invention illustrate the architecture, functionality, and operation of possible implementations of systems, apparatus, devices and methods according to various embodiments of the present invention. Each block in the flowchart or block diagrams may represent a unit, module, segment, code, which comprises executable instructions for implementing the specified function(s). Furthermore, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by a hardware-based system that performs the specified functions or by a combination of hardware and computer instructions.
It is to be understood that the units and modules involved in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware, for example, the units and modules may be located in a processor.
As shown in fig. 1, a scene diagram of a community fraud relationship identification method provided in the embodiment of the present application is shown, wherein each part is described as follows:
(1) Network transfer signaling, 3A log: mobile network signaling is operator-specific underlying signaling data, and is control signals required in a wireless communication system to ensure normal communications in order to operate network-wide anecdotally, in addition to transmitting user information. The 3A log is raw data information unique to the operator.
(2) Signaling and 3A data extraction, transformation server: the method is used for continuously screening the black product data in the Mobile network signaling and/or 3A log and adding the black product data into a black product account library, and specifically, the signaling and 3A data are extracted, and a conversion server continuously classifies, extracts and converts data such as a user unique identifier, black product behavior starting time, black product behavior ending time, a call type (a calling party 1 and a called party 2), an International Mobile Subscriber Identity (IMSI) number of a charging party, a Mobile phone number, a home terminal attribution area number, a normalized opposite party number, an opposite terminal attribution area number, call duration, an Internet Protocol (Internet Protocol) address, IP login time (year, month, hour, minute, second) and the like, and sends the classified, extracted and converted data to the black product account library.
(3) A black product account library: the data storage module is used for storing black product data and can comprise data such as a unique user identifier, black product behavior starting time, black product behavior ending time, a call type (calling party 1 and called party 2), a charging party IMSI number, a mobile phone number, a home terminal attribution area number, an organized opposite party number, an opposite terminal attribution area number, call duration, an IP address, IP login time (year, month, day, hour, minute and second) and the like.
(4) website/APP: for providing an interface for interacting with the corporate fraud relationship identification system, the user may send a corporate fraud relationship identification request to the corporate fraud relationship identification system through the website/APP on the terminal device.
(5) The community fraud relationship identification system: and the group fraud relationship analysis module is used for analyzing the group fraud relationship map according to the group fraud relationship identification request of the user and feeding back the corresponding group fraud relationship map to the terminal.
Based on the scenario diagram shown in fig. 1, the following describes a related embodiment of the community fraud relationship identification method related to the present application.
Example 1:
the present embodiment provides a group fraud relationship identification method, as shown in fig. 2, the method includes:
step S101: and acquiring a group fraud relationship identification request sent by a terminal, wherein the group fraud relationship identification request carries a target mobile phone number.
In this embodiment, the user may send a group fraud relationship identification request to the group fraud relationship identification system through a website/APP on a terminal device, such as a mobile phone, a tablet, etc., where the group fraud relationship identification request carries a target mobile phone number and may also carry an IP address or an IP login time (year, month, day, hour, minute, second), the IP address is an IP address allocated by the target mobile phone number through a telecommunication access network, and may be an IPV4 address or an IPV6 address, and the terminal sends the group fraud relationship identification request to the group fraud relationship identification system to issue an identification application.
Step S102: and judging whether the target mobile phone number is a black product or not.
In this embodiment, after receiving the group fraud relationship identification request, the group fraud relationship identification system first determines whether the target mobile phone number is a black product, and specifically, the group fraud relationship identification system first obtains a target IP address and a target IMSI number corresponding to the target mobile phone number, and then performs black product identification on the target mobile phone number according to a preset black product account library, the target IP address and the target IMSI number, and obtains a black product identification result. The IMSI number is used for uniquely identifying a mobile user in a global mobile communication network and is an international identification code, and the IMSI number and the IP address which are associated with all mobile phone numbers are stored in an operator database in advance; the black product account library is generated based on the bottom layer signaling data unique to the operator, and the black product data acquired currently are stored in the black product account library.
Optionally, the performing black product identification on the target mobile phone number according to a preset black product account library, the target IP address, and the target IMSI number, and obtaining a black product identification result specifically includes:
calculating an accurate matching distance between the target mobile phone number and each first Heiyuan mobile phone number in the Heiyuan account library according to the following formula:
x=1,2,3,…,C
wherein C is the number of the first Heiyao mobile phone number in the Heiyao account library,
is composed of
The method (2) is implemented by the following steps,
the converted value of the target IP address corresponding to the target mobile phone number and the target IMSI number,
the first IP address corresponding to the xth first Heishao mobile phone number in the Heishao account library and the converted value of the first IMSI number, eta is an adjustment coefficient, M is an automatic adjustment time range,
the start time of the black product behavior corresponding to the xth first black product mobile phone number,
end time of black birth action corresponding to the x-th first black birth mobile phone number, d x An accurate matching distance between the target mobile phone number and the x-th first Heishan mobile phone number is obtained;
acquiring the minimum value of all the accurate matching distances, and judging whether the minimum value of the accurate matching distances is smaller than or equal to a preset distance threshold value or not;
and if so, determining that the target mobile phone number is a black product, otherwise, not determining that the target mobile phone number is a black product.
In this embodiment, in order to realize accurate identification of the black product user, the accurate matching distance formula is used for judgment, it should be noted that the accurate matching distance formula is only an example, and in this embodiment, the accurate matching distance between the target mobile phone number and each first black product mobile phone number in the black product account library may also be calculated by using other distance calculation formulas.
Step S103: and if so, acquiring a plurality of pieces of associated information corresponding to the target mobile phone number.
In this embodiment, each piece of association information includes the following attributes: the method comprises the steps that unique identification of a user, black birth behavior starting time, black birth behavior ending time, calling types (calling party 1 and called party 2), an IMSI (international mobile subscriber identity) number of a charging party, a target mobile phone number, a home terminal attribution area number, an organized opposite party number, an opposite terminal attribution area number and call duration, and an IP address and IP login time (year, month, day and hour, second) can be further included, all attribute information can be obtained from a black birth account library or other account libraries, wherein the organized opposite party number refers to a number meeting a preset format, for example, the number of certain numbers cannot be supplemented correspondingly, or the number of certain numbers exceeds (for example, the number of the former number exceeds 0), and can be removed correspondingly. The charging party IMSI number may be a calling IMSI number or a called IMSI number, and is specifically obtained according to the specification of an operator.
Step S104: and inputting the plurality of pieces of associated information into a preset group fraud relationship identification model to perform group fraud relationship atlas analysis, so as to obtain a group fraud relationship atlas corresponding to the target mobile phone number.
In the present embodiment, the preset community fraud relationship identification model is a graph neural network-based model, which includes a convolution portion, a pooling portion, and a full-connection portion.
Optionally, the inputting the multiple pieces of association information into a preset group fraud relationship identification model for performing group fraud relationship atlas analysis to obtain a group fraud relationship atlas corresponding to the target mobile phone number may specifically include:
obtaining a matrix U formed by eigenvectors of the normalized graph Laplacian matrix corresponding to the plurality of pieces of associated information through the convolution part;
carrying out average pooling treatment on the U through the pooling part to obtain a pooling result;
and connecting the average pooling result into a one-dimensional vector through the full-connection part to obtain the community fraud relationship map.
In this embodiment, each piece of associated information is input into the group fraud relationship identification model as a record, the record is a node, the column value of the record is an attribute, and the attribute of each piece of associated information is shown in table 1, where the mobile phone number is specifically the target mobile phone number.
Table 1: attribute of associated information
Optionally, the obtaining, by the convolution part, a matrix U formed by eigenvectors of the normalized graph laplacian matrix corresponding to the multiple pieces of associated information may specifically include:
and acquiring an abnormal relation judgment accuracy W and an abnormal relation judgment coverage rate C corresponding to each piece of associated information through the convolution part, and forming a vector according to W and C to obtain U, wherein U = [ W, C ].
In this embodiment, the convolution portion maps the unique user identifier associated with the target mobile phone number, the black birth action start time, the black birth action end time, the call type (calling party 1, called party 2), the IMSI number of the charging party, the target mobile phone number, the home location number, the normalized number of the opposite party, the home location number, and the call duration to θ 1 ,θ 2 ,θ 3 ,θ 4 ,θ 5 ,θ 6 ,θ 7 ,θ 8 ,θ 9 ,θ 10 Forming a vector mapping U by using the abnormal relation judgment accuracy W and the abnormal relation judgment coverage rate C of each record, namely U = [ W, C =]U is a matrix composed of eigenvectors of the normalized graph laplacian matrix.
Specifically, the graph laplacian matrix L satisfies the following formula:
in the formula I N Is a unit matrix, D is a degree matrix of the graph (Laplace matrix is defined as L = D-A, the degree matrix represents the degree of each point in the original graph, namely the number of the sides sent by the point), N is the number of the nodes in the graph, A is an adjacent matrix of the graph, and A is a diagonal matrix composed of the characteristics of L, U is a diagonal matrix composed of the adjacent matrix of the graph and the characteristics of L T Is a matrix transpose composed of the feature vectors of the normalized graph laplacian matrix.
In particular, the eigenvalue function g of L θ (^) satisfies the following formula:
wherein the content of the first and second substances,
T k (∧)=2∧T k-1 (∧)-T k-2 (∧),T 0 (∧)=1,T 1 (∧)=∧
in the formula, theta k Denotes the kth attribute of the associated information, wherein θ 1 、θ 2 、θ 3 、θ 4 、θ 5 、θ 6 、θ 7 、θ 8 、θ 9 、θ 10 Mapping the unique user identifier, the black birth behavior starting time, the black birth behavior ending time, the call type, the IMSI number of the charging party, the target mobile phone number, the home terminal attribution area number and the normalizedNumber of opposite party, area number of home zone of opposite party and call duration theta k ∈R k Is a Chebyshev coefficient vector, and the maximum eigenvalue matrix variation of Chebyshev with the lambda being lambda, T k (lambda) is Chebyshev polynomial, lambda max Is the maximum eigenvalue of L, T k-1 (∧)、T k-2 (Λ) is a recursive chebyshev polynomial;
the change L of the Chebyshev maximum eigenvalue matrix of the L meets the following formula:
L=2L/λ max -I N =UΛU T 。
optionally, the formula for normalizing the matrix composed of the eigenvectors of the graph laplacian matrix is as follows:
in this embodiment, in order to reduce redundant parameters, a pooling part performs an average pooling process on a matrix composed of feature vectors of the normalized graph laplacian matrix output by the convolution part to obtain a pooled result, and then connects the pooled result after the average pooling process into a one-dimensional vector, i.e., the community fraud relationship graph, through a full connection part.
Step S105: and sending the group fraud relationship map to the terminal.
In this embodiment, the community fraud relationship map is specifically generated according to the call type (caller 1, callee 2), the mobile phone number and the organized opposite party number in the association information, and the community fraud relationship map may be a relationship map including the mobile phone number and other black mobile phone numbers having an association relationship with the mobile phone number, or may be a relationship map including the user unique identifier corresponding to the mobile phone number and the user unique identifiers corresponding to the other black mobile phone numbers having an association relationship with the mobile phone number. The community fraud relationship graph may be stored using a sparse matrix.
The group fraud relationship identification method provided by the embodiment of the invention comprises the steps of firstly obtaining a group fraud relationship identification request sent by a terminal, wherein the group fraud relationship identification request carries a target mobile phone number, then judging whether the target mobile phone number is a black product, if so, obtaining a plurality of pieces of associated information corresponding to the target mobile phone number, inputting the plurality of pieces of associated information into a preset group fraud relationship identification model for group fraud relationship atlas analysis, obtaining a group fraud relationship atlas corresponding to the target mobile phone number, and finally sending the group fraud relationship atlas to the terminal. The method and the device can realize pre-processing, have the advantages of high fraud relation judgment accuracy, high fraud relation judgment coverage rate and the like, and solve the problems that the existing group fraud relation identification method is easy to perform post-processing, low in fraud relation judgment accuracy, low in fraud relation judgment coverage rate and the like.
Example 2:
as shown in FIG. 3, the present embodiment provides a community fraud relationship identification system, for executing the above community fraud relationship identification method, comprising:
an identification request obtaining module 11, configured to obtain a group fraud relationship identification request sent by a terminal, where the group fraud relationship identification request carries a target mobile phone number;
a black product judging module 12, connected to the identification request obtaining module 11, for judging whether the target mobile phone number is a black product;
the associated information obtaining module 13 is connected to the black product judging module 12, and is configured to obtain multiple pieces of associated information corresponding to the target mobile phone number if the associated information is positive;
a spectrum analysis module 14, connected to the associated information obtaining module 13, configured to input the multiple pieces of associated information into a preset group fraud relationship identification model for performing group fraud relationship spectrum analysis, so as to obtain a group fraud relationship spectrum corresponding to the target phone number;
a recognition result sending module 15, connected to the spectrum analysis module 14, for sending the community fraud relationship spectrum to the terminal.
Optionally, the black product determining module 12 specifically includes:
a first obtaining unit, configured to obtain a target IP address and a target international mobile subscriber identity IMSI number corresponding to the target mobile phone number;
and the black product identification unit is used for carrying out black product identification on the target mobile phone number according to a preset black product account library, the target IP address and the target IMSI number and obtaining a black product identification result.
Optionally, the black product identification unit specifically includes:
a calculating unit, configured to calculate an accurate matching distance between the target mobile phone number and each first blacklist mobile phone number in the blacklist account library according to the following formula:
x=1,2,3,…,C
wherein C is the number of the first Heiyuan mobile phone number in the Heiyuan account bank,
is composed of
The transpose of (a) is performed,
the converted value of the target IP address corresponding to the target mobile phone number and the target IMSI number,
the first IP address corresponding to the xth first Heishao mobile phone number in the Heishao account library and the converted value of the first IMSI number, eta is an adjustment coefficient, M is an automatic adjustment time range,
the start time of the black product behavior corresponding to the xth first black product mobile phone number,
for the xth first Hei Mobile phone number correspondenceBlack birth behavior end time of d x An accurate matching distance between the target mobile phone number and the x-th first Heishan mobile phone number is obtained;
the judging unit is used for acquiring the minimum value of all the accurate matching distances and judging whether the minimum value of the accurate matching distances is smaller than or equal to a preset distance threshold value or not;
and the determining unit is used for determining that the target mobile phone number is a black product if the target mobile phone number is the black product, and otherwise, the target mobile phone number is not the black product.
Optionally, the corporate fraud relationship identification model includes a convolution portion, a pooling portion and a full-link portion, and the spectrum analysis module 14 specifically includes:
the convolution processing unit is used for acquiring a matrix U formed by eigenvectors of the normalized graph Laplacian matrix corresponding to the plurality of pieces of associated information through the convolution part;
the pooling processing unit is used for carrying out average pooling processing on the U through the pooling part to obtain a pooling result;
a full-connection processing unit, configured to connect the averaged pooling results into a one-dimensional vector through the full-connection portion, so as to obtain the community fraud relationship map.
Optionally, the convolution processing unit is specifically configured to:
and acquiring an abnormal relation judgment accuracy W and an abnormal relation judgment coverage rate C corresponding to each piece of associated information through the convolution part, and forming a vector according to W and C to obtain U, wherein U = [ W, C ].
Optionally, the graph laplacian matrix L satisfies the following formula:
in the formula I N Is a unit matrix, D is a degree matrix of the graph, A is a diagonal matrix composed of the adjacent matrix of the graph and A is a characteristic of L, U is T Is a matrix transpose composed of the feature vectors of the normalized graph laplacian matrix.
Optionally, each piece of association information includes the following attributes: the method comprises the following steps that a user unique identifier, black birth behavior starting time, black birth behavior ending time, a calling type, a charging party IMSI number, a target mobile phone number, a home terminal attribution area number, an ordered opposite party number, an opposite terminal attribution area number and call duration are set;
eigenvalue function g of said L θ (Λ) satisfies the following equation:
wherein the content of the first and second substances,
T k (∧)=2∧T k-1 (∧)-T k-2 (∧),T 0 (∧)=1,T 1 (∧)=∧
in the formula, theta 1 、θ 2 、θ 3 、θ 4 、θ 5 、θ 6 、θ 7 、θ 8 、θ 9 、θ 10 Mapping the unique user identifier, the black birth behavior starting time, the black birth behavior ending time, the call type, the IMSI number of the charging party, the target mobile phone number, the home terminal attribution area number, the normalized opposite party number, the opposite terminal attribution area number and the call duration to theta k ∈R k Is a Chebyshev coefficient vector, and the maximum eigenvalue matrix variation of Chebyshev with the lambda being lambda, T k (lambda) is Chebyshev polynomial, lambda max Is the maximum eigenvalue of L, T k-1 (∧)、T k-2 (^) is a recursive Chebyshev polynomial;
the change L of the Chebyshev maximum eigenvalue matrix of the L meets the following formula:
L=2L/λ max -I N =UΛU T 。
example 3:
referring to FIG. 4, the present embodiment provides a community fraud relationship identification system, comprising a memory 21 and a processor 22, wherein the memory 21 stores a computer program therein, and the processor 22 is configured to run the computer program to execute the community fraud relationship identification method in embodiment 1.
The memory 21 is connected to the processor 22, the memory 21 may be a flash memory, a read-only memory or other memories, and the processor 22 may be a central processing unit or a single chip microcomputer.
Example 4:
the present embodiment provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the community fraud relationship identification method of embodiment 1 described above.
The computer-readable storage media include volatile or nonvolatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, computer program modules or other data. Computer-readable storage media include, but are not limited to, RAM (Random Access Memory), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact disk Read-Only Memory), digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
The group fraud relationship identification system and the readable storage medium provided in embodiments 2 to 4, first obtain a group fraud relationship identification request sent by a terminal, where the group fraud relationship identification request carries a target mobile phone number, then determine whether the target mobile phone number is a black product, if so, obtain a plurality of pieces of association information corresponding to the target mobile phone number, then input the plurality of pieces of association information into a preset group fraud relationship identification model for group fraud relationship analysis, so as to obtain a group fraud relationship map corresponding to the target mobile phone number, and finally send the group fraud relationship map to the terminal. The method and the device can realize pre-processing, have the advantages of high fraud relation judgment accuracy, high fraud relation judgment coverage rate and the like, and solve the problems that the existing group fraud relation identification method is easy to perform post-processing, low in fraud relation judgment accuracy, low in fraud relation judgment coverage rate and the like.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and scope of the invention, and such modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. A community fraud relationship identification method, comprising:
obtaining a group fraud relationship identification request sent by a terminal, wherein the group fraud relationship identification request carries a target mobile phone number;
judging whether the target mobile phone number is a black product or not;
if yes, acquiring a plurality of pieces of associated information corresponding to the target mobile phone number;
inputting the multiple pieces of associated information into a preset group fraud relationship recognition model for group fraud relationship atlas analysis to obtain a group fraud relationship atlas corresponding to the target mobile phone number;
and sending the group fraud relationship map to the terminal.
2. The group fraud relationship identification method of claim 1, wherein the determining whether the target mobile phone number is a dark product comprises:
acquiring a target IP address and a target international mobile subscriber identity IMSI number corresponding to the target mobile phone number;
and performing black product identification on the target mobile phone number according to a preset black product account library, the target IP address and the target IMSI number, and obtaining a black product identification result.
3. The group fraud relationship identification method of claim 2, wherein the performing the blackout identification on the target mobile phone number according to the preset blackout account library, the target IP address and the target IMSI number and obtaining the blackout identification result specifically comprises:
calculating an accurate matching distance between the target mobile phone number and each first Heisha mobile phone number in the Heisha account library according to the following formula:
x=1,2,3,…,C
wherein C is the number of the first Heiyuan mobile phone number in the Heiyuan account bank,
is composed of
The transpose of (a) is performed,
the converted value of the target IP address corresponding to the target mobile phone number and the target IMSI number,
the first IP address corresponding to the xth first Heishao mobile phone number in the Heishao account library and the converted value of the first IMSI number, eta is an adjustment coefficient, M is an automatic adjustment time range,
the start time of the black product behavior corresponding to the xth first black product mobile phone number,
end time of black birth action corresponding to the x-th first black birth mobile phone number, d x An accurate matching distance between the target mobile phone number and the x-th first Heishan mobile phone number is obtained;
acquiring the minimum value of all the accurate matching distances, and judging whether the minimum value of the accurate matching distances is smaller than or equal to a preset distance threshold value or not;
and if so, determining that the target mobile phone number is a black product, otherwise, not determining that the target mobile phone number is a black product.
4. The community fraud relationship identification method of claim 1, wherein the community fraud relationship identification model comprises a convolution part, a pooling part and a full-link part, said inputting said plurality of pieces of associated information into a preset community fraud relationship identification model for performing community fraud relationship mapping analysis, so as to obtain a community fraud relationship map corresponding to said target phone number, specifically comprising:
obtaining a matrix U formed by eigenvectors of the normalized graph Laplacian matrix corresponding to the plurality of pieces of associated information through the convolution part;
carrying out average pooling treatment on the U through the pooling part to obtain a pooling result;
and connecting the average pooling result into a one-dimensional vector through the full-connection part to obtain the community fraud relationship map.
5. The community fraud relationship identification method of claim 4, wherein said obtaining, by said convolution portion, a matrix U consisting of eigenvectors of a normalized graph Laplacian matrix corresponding to said plurality of pieces of associated information specifically comprises:
and acquiring an abnormal relation judgment accuracy W and an abnormal relation judgment coverage rate C corresponding to each piece of associated information through the convolution part, and forming a vector according to W and C to obtain U, wherein U = [ W, C ].
6. The community fraud relationship identification method of claim 5, wherein said graph Laplacian matrix L satisfies the following formula:
in the formula I N Is a unit matrix, D is a degree matrix of the graph, A is a diagonal matrix composed of the adjacent matrix of the graph and A is a characteristic of L, U is T Is a matrix transpose composed of the feature vectors of the normalized graph laplacian matrix.
7. The community fraud relationship identification method of claim 6, wherein each of said association information includes the following attributes: the method comprises the following steps that a user unique identifier, black birth behavior starting time, black birth behavior ending time, a call type, a charging party IMSI number, a target mobile phone number, a home terminal attribution area number, an organized opposite party number, an opposite terminal attribution area number and call duration are set;
eigenvalue function g of said L θ (Λ) satisfies the following equation:
wherein the content of the first and second substances,
T k (∧)=2∧T k-1 (∧)-T k-2 (∧),T 0 (∧)=1,T 1 (∧)=∧
in the formula, theta 1 、θ 2 、θ 3 、θ 4 、θ 5 、θ 6 、θ 7 、θ 8 、θ 9 、θ 10 Mapping the unique user identifier, the black birth behavior starting time, the black birth behavior ending time, the call type, the IMSI number of the charging party, the target mobile phone number, the home terminal attribution area number, the normalized opposite party number, the opposite terminal attribution area number and the call duration to theta k ∈R k Is a Chebyshev coefficient vector, and Lambda is LambdaOf the chebyshev maximum eigenvalue matrix change, T k (lambda) is Chebyshev polynomial, lambda max Is the maximum eigenvalue of L, T k-1 (∧)、T k-2 (Λ) is a recursive chebyshev polynomial;
the change L of the Chebyshev maximum eigenvalue matrix of the L meets the following formula:
L=2L/λ max -I N =UΛU T 。
8. a community fraud relationship identification system, comprising:
an identification request acquisition module, configured to acquire a group fraud relationship identification request sent by a terminal, where the group fraud relationship identification request carries a target mobile phone number;
the black product judging module is connected with the identification request acquiring module and is used for judging whether the target mobile phone number is a black product;
the associated information acquisition module is connected with the black product judgment module and used for acquiring a plurality of pieces of associated information corresponding to the target mobile phone number if the associated information is positive;
the spectrum analysis module is connected with the associated information acquisition module and is used for inputting the plurality of pieces of associated information into a preset group fraud relationship recognition model to perform group fraud relationship spectrum analysis so as to obtain a group fraud relationship spectrum corresponding to the target mobile phone number;
and the recognition result sending module is connected with the map analysis module and is used for sending the group fraud relationship map to the terminal.
9. A community fraud relationship identification system, comprising a memory and a processor, the memory having stored therein a computer program, the processor being arranged to run the computer program to implement the community fraud relationship identification method according to any one of claims 1-7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program, which when executed by a processor, implements the community fraud relationship identification method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210862406.5A CN115243268A (en) | 2022-07-20 | 2022-07-20 | Community fraud relationship identification method and system and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210862406.5A CN115243268A (en) | 2022-07-20 | 2022-07-20 | Community fraud relationship identification method and system and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115243268A true CN115243268A (en) | 2022-10-25 |
Family
ID=83675227
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210862406.5A Pending CN115243268A (en) | 2022-07-20 | 2022-07-20 | Community fraud relationship identification method and system and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115243268A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115858946A (en) * | 2023-02-22 | 2023-03-28 | 昆明理工大学 | Graph theory-based clue reasoning and intelligence prediction method |
-
2022
- 2022-07-20 CN CN202210862406.5A patent/CN115243268A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115858946A (en) * | 2023-02-22 | 2023-03-28 | 昆明理工大学 | Graph theory-based clue reasoning and intelligence prediction method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106993048B (en) | Determine method and device, information recommendation method and the device of recommendation information | |
| CN111062013B (en) | Account filtering method and device, electronic equipment and machine-readable storage medium | |
| CN111476596B (en) | Household population data processing method, system and storage medium based on homologous equipment | |
| CN112565095B (en) | Automatic discovery and analysis method and device for internet special line | |
| CN109743745B (en) | Mobile network access type identification method and device, electronic equipment and storage medium | |
| CN115243268A (en) | Community fraud relationship identification method and system and readable storage medium | |
| CN108154024B (en) | Data retrieval method and device and electronic equipment | |
| CN109684303B (en) | Communication code attribution inquiry method and device, computer equipment and storage medium | |
| CN111147468A (en) | User access method, device, electronic equipment and storage medium | |
| CN113515612A (en) | Heiyou mobile phone number identification method and device | |
| CN111404835B (en) | Flow control method, device, equipment and storage medium | |
| CN109462589B (en) | Method, device and equipment for controlling network access of application program | |
| CN111460212A (en) | Voice flow setting method and device, computer equipment and storage medium | |
| CN115834231A (en) | Honeypot system identification method and device, terminal equipment and storage medium | |
| CN109842627B (en) | Method and device for determining service request frequency | |
| CN113873495B (en) | Network access method and device of eSIM card | |
| CN109673038B (en) | Method for identifying brand and model of mobile terminal based on IFAT fingerprint | |
| CN111107552B (en) | Method and system for identifying pseudo base station | |
| CN109413761B (en) | Calling method applied to network calling platform and network calling platform | |
| CN115130605A (en) | Method and system for identifying fraud relationship and computer readable storage medium | |
| CN111209943A (en) | Data fusion method and device and server | |
| CN113556748B (en) | Signaling tracing identification method, device and system | |
| CN116346813B (en) | Display picture sharing method and system and display screen | |
| US11985372B2 (en) | Information pushing method and apparatus | |
| CN116861057A (en) | User behavior recognition method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |