CN115278687A - Telephone number fraud detection method based on space-time network and graph algorithm - Google Patents

Telephone number fraud detection method based on space-time network and graph algorithm Download PDF

Info

Publication number
CN115278687A
CN115278687A CN202210889267.5A CN202210889267A CN115278687A CN 115278687 A CN115278687 A CN 115278687A CN 202210889267 A CN202210889267 A CN 202210889267A CN 115278687 A CN115278687 A CN 115278687A
Authority
CN
China
Prior art keywords
numbers
extracted
tac
group
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210889267.5A
Other languages
Chinese (zh)
Other versions
CN115278687B (en
Inventor
柯阳
侯洁琼
刘杰
常福慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liantong Shandong Industry Internet Co ltd
Original Assignee
Liantong Shandong Industry Internet Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liantong Shandong Industry Internet Co ltd filed Critical Liantong Shandong Industry Internet Co ltd
Priority to CN202210889267.5A priority Critical patent/CN115278687B/en
Publication of CN115278687A publication Critical patent/CN115278687A/en
Application granted granted Critical
Publication of CN115278687B publication Critical patent/CN115278687B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Technology Law (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention belongs to the technical field of telecommunication fraud detection application, and particularly relates to a telephone number fraud detection method based on a space-time network and a graph algorithm. The invention provides a telephone number fraud detection method based on a space-time network and a graph algorithm, which considers that the vehicle-mounted goip fraud form relates to more data dimensions, and when a relational database is large in scale, multi-layer incidence relation analysis is difficult to perform, and the incidence data are naturally connected together by utilizing the form of graph data. And processing the related numbers, tac, base stations and call data into points and edges (relations among the numbers, the tac, base station entities and entities) in the graph, exploring the numbers with special association relations in the form of the graph, and further processing the numbers by using a graph algorithm to finally obtain data of the vehicle-mounted goip fraud. And safety guarantee is provided for preventing telecommunication fraud of users.

Description

Telephone number fraud detection method based on space-time network and graph algorithm
Technical Field
The invention belongs to the technical field of telecommunication fraud detection application, and particularly relates to a telephone number fraud detection method based on a space-time network and a graph algorithm.
Background
Telecommunication fraud refers to compiling false information in a telephone, network and short message mode, setting a fraud bureau, carrying out remote and non-contact fraud on victims, inducing criminal behavior of money making or transfer of the victims, and achieving the purpose of fraud usually in a mode of faking others, imitating and forging various legal coats and forms, such as faking public inspection law, manufacturers of merchants, workers of state organs, workers of banks and the like, and carrying out fraud in forms of forging and faking recruitment, marriage and love, loan, prize winning, mobile phone positioning, bidding and the like.
In recent years, the development of telecommunication fraud detection models has raised the difficulty in the implementation of telecommunication fraud. However, also varying in synchronization with the updating are telecom fraud methods and means. The vehicle-mounted telecommunication fraud form is derived, and is high in liquidity and concealment. With the help of "GOIP", a GOIP device is a hardware device for network communication, supports access of a mobile phone card, and can convert traditional telephone signals into network signals. One device can be used for simultaneously operating hundreds of mobile phone SIM cards, and can also remotely control the SIM cards in different places and the GOIP device to make and receive and send short messages, thereby realizing the separation of people and the SIM cards and achieving the purposes of hiding identities and avoiding attacks. Meanwhile, the system can virtually dial, can randomly switch the mobile phone number to dial the phone number of the victim, and has great difficulty in anti-blocking and tracing signals by public security organs, thereby becoming a new means for fraudsters gradually. The fraud form of the vehicle-mounted mobile GOIP further improves the difficulty of anti-interception and signal tracing, so that the method can evade the action range of the existing telecommunication fraud detection model. Therefore, how to detect this form of telecommunication fraud is a technical problem that needs to be solved by those skilled in the art at present.
Disclosure of Invention
Aiming at the technical problems of anti-interception and high signal tracing difficulty in the vehicle-mounted mobile GOIP fraud form, the invention provides the telephone number fraud detection method based on the space-time network and the graph algorithm, which is simple in method and convenient to operate and can effectively realize vehicle-mounted mobile GOIP telephone number identification.
In order to achieve the above object, the present invention adopts a technical solution that the present invention provides a telephone number fraud detection method based on a spatio-temporal network and a graph algorithm, comprising the steps of:
a. firstly, extracting the call records of the full number on the same day, obtaining the data of the extracted number under the condition of the opposite end of the full number, the terminal used by the full number and the communication package of the full number, writing the extracted number and the basic information of the opposite end number of the current call of the extracted number into a number screening table, and then generating the entity and the relation data required by a graph database according to the numbers in the number screening table;
b. then counting the track space-time positions of the extracted number and the opposite terminal number by taking the hour as a dimension, and processing and writing the extracted number, the opposite terminal number, tac, a base station entity and a relation into a graph database, wherein tac refers to the first eight bits of an international mobile equipment identification code;
c. constructing a user group by taking the extraction number and the opposite terminal number which are the same as the tac as a group, inquiring a graph, and recording detailed data which pass through the same base station in the same hour in the same tac group;
d. grouping the accompanying numbers in the user group by using a graph network community discovery algorithm, dividing the accompanying numbers of the extracted numbers or the opposite terminal numbers and the extracted numbers or the opposite terminal numbers into the same accompanying number group, and combining the accompanying numbers if different accompanying numbers are overlapped, wherein the accompanying numbers are numbers which use the same tac within the same hour range under the same base station;
e. writing the grouped data into a data table and associating with a number screening table output by a database, recording lac information passed by each number in the group, and recording the condition of moving lac with overlapped tracks according to the number of lac passed by all numbers in the group summarized by the number group;
f. extracting all numbers in the number group with the mobile lac number larger than 1, inquiring certificate numbers of all numbers in the number group and detailed data of IMEI (international mobile equipment identity) of a terminal, and calculating the coincidence degree of the certificates in the group and the coincidence degree of the IMEI of the terminal, wherein the coincidence degree of the certificates in the group = the number of the coincided numbers of the certificates in the group/the total number of the numbers in the group, and the coincidence degree of the IMEI of the terminal = the number of the coincided numbers of the numbers in the group which are 10 before the IMEI is used by the numbers in the group/the total number of the numbers in the group;
g. and f, extracting the number group with lower certificate contact ratio and higher terminal contact ratio to obtain fraud harassment grouping.
Preferably, in the step a, the basic information includes an extracted number, a user code of an opposite terminal number, a customer code, a network access time, terminal information of the extracted number or the opposite terminal number, an attribution province, an attribution city, an affiliated operator, and black and grey conditions of the extracted number and the opposite terminal number, wherein in the last half year, the extracted number and the opposite terminal number are numbers reported by industry and trust ministry of industry and trust, fraud of industry and trust ministry, and public security regulation and certification, and the numbers are black numbers; in the last half of the year, the number detected by the internal model of the communication operator is a grey number; in the last half of the year, no numbers are involved in the work and letter department, cheat in the work and letter department, and reported by public security certificates and detected by an internal model of a communication operator, and the numbers are white numbers.
Preferably, in the step a, the specific operation method of generating the entity and the relationship data required by the map database according to the numbers in the number screening table is as follows:
a1, extracting basic information of a number and an opposite terminal number, and generating an entity point of the number in a graph database;
a2, extracting terminal information of numbers or opposite-end numbers according to the number screening table, and reporting whether mark numbers of the black tac table are black tac or not by associating the terminal information with related cases of the work and letter department, fraud of the work and letter department and public security regulation certificate, recording the mark numbers in the tac entity table of the numbers, and generating tac entity points of the numbers in the graph database;
a3, extracting numbers or opposite terminal numbers from the number screening table, acquiring base stations used by the extracted numbers or the opposite terminal numbers, writing field information of base station codes, base station attribution, lac, ci, longitude, latitude and black and grey number into a voice base station entity of the extracted numbers or the opposite terminal numbers, and generating base station entity points of the extracted numbers or the opposite terminal numbers in a database.
Preferably, in the step b, the specific operation method of writing the extraction number, the opposite terminal number, tac, the base station entity and the relation processing into the graph database is as follows:
b1, firstly, with hours as dimensionality, processing call record data of a full number into hour-level data, extracting user codes and tac of the full number, writing time of using tac into a full number hour-level tac table, then associating data in the full number hour-level tac table with the extracted numbers, acquiring user codes and tac of the extracted numbers or opposite-end numbers, writing time of using tac into the extracted numbers or the relation between the opposite-end numbers and the tac, and generating an associated edge between an entity point of the numbers and an entity point of tac in graph data;
b2, taking the hour as a dimension, associating the extracted number with data in an hour-level base station table of the full number, acquiring a base station used by the extracted number or an opposite-end number, writing a user code of the extracted number or the opposite-end number, a base station code and time for using the base station into a base station relation table of the extracted number or the opposite-end number and the extracted number or the opposite-end number, and generating a previously associated edge between an entity point of the number in the graph database and an entity point of the base station;
b3, finally, aggregating the information of the call duration, the call times and the like of the full number and the opposite terminal number by taking the hour and the call type as dimensions and writing the information into a full number hour-level call list; and writing the call relation information of the extracted number into the relation between the extracted number and the opposite terminal number, and generating an associated edge between the entity point of the extracted number and the entity point of the opposite terminal number.
Preferably, in the step b3, the call relationship information includes a use terminal of the extracted number, a use terminal of the opposite terminal number, a call duration between the extracted number and the opposite terminal number, a calling duration, a number of calls, a call type, and a call hour.
Preferably, in the step c, the logic of graph query is as follows: starting from the tac group number in the user group, according to the base station and the relationship between the numbers and the base station, the overlapping condition of the numbers in the tac group passing through the same base station at the same hour is searched, then the overlapping records are sorted and adjusted, and the detailed association relationship between the numbers and the numbers on the same day is output.
Compared with the prior art, the invention has the advantages and positive effects that,
the invention provides a telephone number fraud detection method based on a space-time network and a graph algorithm, which considers that the vehicle-mounted goip fraud form relates to more data dimensions, and when a relational database is large in scale, multi-layer incidence relation analysis is difficult to perform, and the incidence data are naturally connected together by utilizing the form of graph data. And processing the related numbers, tac, base stations and call data into points and edges (relations among the numbers, the tac, base station entities and entities) in the graph, exploring the numbers with special association relations in the form of the graph, and further processing the numbers by using a graph algorithm to finally obtain data of the vehicle-mounted goip fraud. And safety guarantee is provided for preventing telecommunication fraud of users.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a diagram illustrating the effect of a graph database provided in embodiment 1.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, the present invention will be further described with reference to the accompanying drawings and examples. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and thus the present invention is not limited to the specific embodiments of the present disclosure.
In embodiment 1, this embodiment aims to solve the technical problems of fraud form reverse interception and high signal tracing difficulty of the existing vehicle-mounted mobile GOIP, and for this reason, the specific operation method of the telephone number fraud detection method based on the space-time network and the graph algorithm provided in this embodiment is as follows:
first, the call records of the full number on the day are extracted, and in order to ensure the comprehensiveness of the detection, in this embodiment, the extraction of the full number is adopted, and the full number refers to all telephone numbers under the operator, for example, all telephone numbers of the operator of the telephone number belonging to the unicom company.
Then, taking the opposite end of the total number, the terminal used by the total number and the communication package of the total number as conditions, obtaining data of the extracted number, and writing the extracted number and basic information of the opposite end number of the current call of the extracted number into a number screening table, wherein in the embodiment, the basic information includes the characteristics that one device of the GOIP can be used for simultaneously operating hundreds of mobile phone SIM cards, and in consideration of the characteristics that one device of the GOIP can be used for simultaneously operating hundreds of mobile phone SIM cards, in the embodiment, the basic information includes user codes of the extracted number and the opposite end number, numbers, client codes, network access time, terminal information of the extracted number or the opposite end number, provinces of affiliation, local cities, affiliated operators, black and grey conditions of the extracted number and the opposite end number, in the sixth embodiment, the user numbers refer to user names, domestic telephone numbers are real-name systems, the user numbers retained in the operators are the names of the users, the numbers are specific mobile phone numbers, the 11-digit numbers beginning with 13, 17 and 18, and the client codes are codes of the users given by the operators; the network access time is the time when the mobile phone number belongs to the user for the first time, and the terminal information is the related information of the mobile phone, such as the brand of the mobile phone and the IMEI number of the mobile phone. The three points of the province of the home, the city of the home and the operator of the home are not explained. The judgment of the black and grey conditions of the extracted number and the opposite terminal number is mainly based on the numbers which are reported by the work and letter department, the work and letter department fraud and the public security regulation certificate in the last half year, and the numbers are black numbers; in the last half of the year, the numbers detected by the internal model of the communication operator are grey numbers; in the last half of the year, no numbers are involved in the work and letter department, cheat in the work and letter department, and reported by public security certificates and detected by an internal model of a communication operator, and the numbers are white numbers. The purpose of setting like this, conveniently acquire the relevant information of every number.
And then generating entity and relation data required by the graph database according to the numbers in the number screening table. In this embodiment, an entity point of a number, a tac entity point of a terminal used by the number, and an entity point of a base station used by the number are mainly generated according to a correlation relationship of communication.
The specific operation is as follows: first, the basic information of the number and the opposite terminal number is extracted (the basic information is as described above), and the entity point of the number in the graph database is generated.
Then, extracting terminal information of the number or the opposite terminal number according to the number screening table, and reporting whether the mark number of the black tac table is a black tac or not by associating the terminal information with the relation of the work and letter department, the fraud of the work and letter department and the public security regulation certificate, recording the mark number of the black tac table into the tac entity table of the number, and generating a tac entity point of the number in the graph database;
and finally, acquiring a base station used by the extracted number or the opposite terminal number according to the extracted number or the opposite terminal number in the number screening table, writing field information of the number of the base station codes, the base station attribution, lac, ci, longitude, latitude and black and grey numbers into a voice base station entity of the extracted number or the opposite terminal number, and generating a base station entity point of the extracted number or the opposite terminal number in a database.
Thus, three entity points in the graph database are formed.
And then counting the track space-time positions of the extracted number and the opposite terminal number by taking the hour as a dimension, processing and writing the extracted number, the opposite terminal number, tac, a base station entity and a relation into a graph database, wherein tac refers to the first eight bits of the international mobile equipment identification code, and has different meanings in communication, for example, tac can be a tracking area code or the first 8 bits of IMEI, and some basic information of the terminal can be accurately obtained by using the tac.
The specific method of the operation of the relation of the number, tac and base station entity is as follows:
processing the call record data of the full number into hour-level data by taking the hour as a dimension, extracting the user code and tac of the full number, writing the time of using tac into a full number hour-level tac table, associating the extracted number with the data in the full number hour-level tac table, acquiring the user code and tac of the extracted number or opposite terminal number, writing the time of using tac into the extracted number or the relation between the opposite terminal number and tac, and generating an associated edge between an entity point of the number and the tac entity point in the graph data;
then, with the hour as a dimension, associating data in an hour-level base station table of the full number with the extracted number, acquiring a base station used by the extracted number or an opposite-end number, writing a user code, a base station code and a time for using the base station of the extracted number or the opposite-end number into a base station relation table of the extracted number or the opposite-end number and the extracted number or the opposite-end number, and generating a previously associated edge between an entity point of the number in a database and an entity point of the base station;
finally, information such as call duration, call times and the like of the full number and the opposite terminal number is aggregated by taking the hour and the call type as dimensions and written into a full number hour-level call table; and writing the call relation information of the extracted number into the relation between the extracted number and the opposite terminal number, and generating an associated edge between the entity point of the extracted number and the entity point of the opposite terminal number. The call relation information comprises a use terminal for extracting the number, a use terminal for the opposite terminal number, call duration between the extracted number and the opposite terminal number, calling duration, call times, call types and call hours.
And injecting the data into a graph database to generate three entities and three edges. The resulting effect is shown in fig. 1.
After a graph database is prepared, a user group is constructed by taking an extracted number and an opposite terminal number which are the same as tac as one group, and graph query is carried out, because one device of the GOIP can be used for simultaneously operating hundreds of mobile phone SIM cards, so that the tac numbers of the vehicle-mounted mobile GOIP are necessarily consistent, in the embodiment, the tac which are the same as the tac are divided into one group, the attribution place is not a visit place, the opposite terminal city is not a visit place, the tac is grouped, the data of the same visit city (lac _ tac, ci _ eci) in the call records but the opposite terminal city is not a visit city are taken, and detailed data records with the number in the tac group being more than 2 are limited.
And then, sequentially writing the numbers at the beginning of the tac into the same row of the file so as to inquire detail data generated in a user group in a graph database about the numbers in the tac group in the following, and dividing the numbers under the tac into a group of overlapping related inquiry.
The graph query logic mainly relies on the advantages of graph database in relation query, and can efficiently output the association relation between numbers; starting from the tac group number in the inquiry number group, according to the voice base station and the relation between the numbers and the base station, the coincidence condition of the numbers in the tac group under the condition of simultaneous null (passing through the same voice base station at the same time) is searched, and the coincidence condition is recorded for subsequent analysis. Then, the overlapping records of the inquiry records through the graph are sorted and adjusted, and the association relation detail of the numbers and the numbers on the same day is output. And recording detailed data of the same tac group passing through the same base station in the same hour.
The accompanying numbers in the user group are grouped by using a graph network community discovery algorithm, the accompanying numbers of the extracted numbers or the opposite terminal numbers and the extracted numbers or the opposite terminal numbers are divided into the same accompanying number group, and if different accompanying numbers are overlapped, the accompanying numbers are also combined, wherein the accompanying numbers are numbers which are the same as the numbers of the extracted numbers or the opposite terminal numbers which use the same tac within the same hour range under the same base station. The specific operation is as follows: the number and number relation data outputted from the map database may be grouped into accompanying numbers using a community classification algorithm, wherein if the number 1 is accompanied by the number 2 and the number 2 is accompanied by the number 3, the number 1, the number 2 and the number 3 are divided into the same accompanying number group, and if there is a number coincidence between different number groups, two number groups are merged, for example, the number list of the number group 1 is [ number 1, number 2, number 3], the number list of the group 2 is [ number 2, number 3, number 4], and the two number groups are merged into the same number group [ number 1, number 2, number 3, number 4].
Writing the grouped data into a data table and associating with a number screening table output by a database, recording lac information passed by each number in the group, and recording the condition of moving lac with overlapped tracks according to the number of lac passed by all numbers in the group summarized by the number group;
and extracting all numbers in the number group with the mobile lac number larger than 1, inquiring the certificate numbers of all numbers in the number group and the detailed data of the IMEI (international mobile equipment identity) of the terminal, and calculating the overlapping degree of the certificates in the group and the overlapping degree of the IMEI of the terminal, wherein the overlapping degree of the certificates in the group = the number of the overlapped numbers of the certificates in the group/the total number of the numbers in the group, and the overlapping degree of the IMEI of the terminal = the number of the consistent numbers in the first 10 digits of the IMEI used by the numbers in the group/the total number of the numbers in the group.
And finally, extracting the number group with lower certificate contact ratio and higher terminal contact ratio to obtain fraud harassment groups.
Through tests, the method can be used for identifying the vehicle-mounted mobile GOIP by more than 85%.
The above description is only a preferred embodiment of the present invention, and not intended to limit the present invention in other forms, and any person skilled in the art may apply the above modifications or changes to the equivalent embodiments with equivalent changes, without departing from the technical spirit of the present invention, and any simple modification, equivalent change and change made to the above embodiments according to the technical spirit of the present invention still belong to the protection scope of the technical spirit of the present invention.

Claims (6)

1. A method for phone number fraud detection based on a spatio-temporal network and a graph algorithm, comprising the steps of:
a. firstly, extracting the call records of the full number on the same day, obtaining the data of the extracted number under the condition of the opposite end of the full number, the terminal used by the full number and the communication package of the full number, writing the extracted number and the basic information of the opposite end number of the current call of the extracted number into a number screening table, and then generating the entity and the relation data required by a graph database according to the numbers in the number screening table;
b. then counting the track space-time positions of the extracted number and the opposite terminal number by taking the hour as a dimension, and processing and writing the extracted number, the opposite terminal number, tac, a base station entity and a relation into a graph database, wherein tac refers to the first eight bits of an international mobile equipment identification code;
c. constructing a user group by taking the extraction number and the opposite terminal number which are the same as the tac as a group, inquiring a graph, and recording detailed data which pass through the same base station in the same hour in the same tac group;
d. grouping the accompanying numbers in the user group by using a graph network community discovery algorithm, dividing the accompanying numbers of the extracted numbers or the opposite terminal numbers and the extracted numbers or the opposite terminal numbers into the same accompanying number group, and combining the accompanying numbers if different accompanying numbers are overlapped, wherein the accompanying numbers are numbers which use the same tac within the same hour range under the same base station;
e. writing the grouped data into a data table and associating with a number screening table output by a database, recording lac information passed by each number in the group, and recording the condition of moving lac with overlapped tracks according to the number of lac passed by all numbers in the group summarized by the number group;
f. extracting all numbers in the number group with the mobile lac number larger than 1, inquiring certificate numbers of all numbers in the number group and detailed data of IMEI (international mobile equipment identity) of a terminal, and calculating the coincidence degree of the certificates in the group and the coincidence degree of the IMEI of the terminal, wherein the coincidence degree of the certificates in the group = the number of the coincided numbers of the certificates in the group/the total number of the numbers in the group, and the coincidence degree of the IMEI of the terminal = the number of the coincided numbers of the numbers in the group which are 10 before the IMEI is used by the numbers in the group/the total number of the numbers in the group;
g. and f, extracting the number group with lower certificate contact ratio and higher terminal contact ratio to obtain fraud harassment grouping.
2. The method for phone number fraud detection based on spatio-temporal network and graphic algorithm as claimed in claim 1, wherein in said a step, the basic information comprises the extracted number, the user code of the opposite terminal number, the customer code, the network access time, the terminal information of the extracted number or the opposite terminal number, the province of the home, the city of the home, the operator of the home, and the black and grey status of the extracted number and the opposite terminal number, wherein in the last half year, the number notified by the Ministry of industry and correspondence, the Ministry of industry and correspondence fraud, and the public Security certificate is a black number; in the last half of the year, the number detected by the internal model of the communication operator is a grey number; in the last half of the year, no numbers are involved in the work and letter department, cheat in the work and letter department, and reported by public security certificates and detected by an internal model of a communication operator, and the numbers are white numbers.
3. The method for phone number fraud detection based on spatio-temporal network and graph algorithm as claimed in claim 2, wherein in said a step, the concrete operation method of generating the entity and relationship data required by the graph database according to the numbers in the number filtering table is:
a1, firstly, extracting basic information of a number and an opposite terminal number, and generating an entity point of the number in a graph database;
a2, extracting terminal information of numbers or opposite-end numbers according to the number screening table, and reporting whether mark numbers of the black tac table are black tac or not by associating the terminal information with related cases of the work and letter department, fraud of the work and letter department and public security regulation certificate, recording the mark numbers in the tac entity table of the numbers, and generating tac entity points of the numbers in the graph database;
a3, extracting numbers or opposite terminal numbers from the number screening table, acquiring base stations used by the extracted numbers or the opposite terminal numbers, writing field information of base station codes, base station attribution, lac, ci, longitude, latitude and black and grey number into a voice base station entity of the extracted numbers or the opposite terminal numbers, and generating base station entity points of the extracted numbers or the opposite terminal numbers in a database.
4. The method for phone number fraud detection based on spatio-temporal network and graph algorithm as claimed in claim 3, wherein in said b step, the specific operation method of writing the extracted number, the opposite terminal number, the tac, the base station entity and the relation process into the graph database is:
b1, firstly, with hours as dimensionality, processing call record data of a full number into hour-level data, extracting user codes and tac of the full number, writing time of using the tac into a full number hour-level tac table, secondly, associating the extracted numbers with data in the full number hour-level tac table, acquiring user codes and tac of the extracted numbers or opposite-end numbers, writing time of using the tac into the extracted numbers or the relation between the opposite-end numbers and the tac, and generating an associated edge between an entity point of the numbers and a tac entity point in graph data;
b2, taking hours as dimensions, associating data in an hour-level base station table of the extracted number with the full number, acquiring a base station used by the extracted number or the opposite-end number, writing user codes of the extracted number or the opposite-end number, base station codes and time for using the base station into a base station relation table of the extracted number or the opposite-end number and the extracted number or the opposite-end number, and generating a related edge between an entity point of the number in the graph database and an entity point of the base station;
b3, finally, aggregating the information such as the call duration, the call times and the like of the full number and the opposite terminal number by taking the hour and the call type as dimensions, and writing the information into a full number hour-level call list; and writing the call relation information of the extracted number into the relation between the extracted number and the opposite terminal number, and generating an associated edge between the entity point of the extracted number and the entity point of the opposite terminal number.
5. The method for phone number fraud detection based on spatio-temporal network and graph algorithm as claimed in claim 4, wherein in said b3 step, the call relation information includes a usage terminal of an extracted number, a usage terminal of an opposite terminal number, a call duration between the extracted number and the opposite terminal number, a calling duration, a number of calls, a call type, a call hour.
6. The method for phone number fraud detection based on spatio-temporal network and graph algorithm as recited in claim 5, wherein in said c-step, the logic of graph query is: starting from the tac group number in the user group, according to the base station and the relationship between the numbers and the base station, the overlapping condition of the numbers in the tac group passing through the same base station at the same hour is searched, then the overlapping records are sorted and adjusted, and the detailed association relationship between the numbers and the numbers on the same day is output.
CN202210889267.5A 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm Active CN115278687B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210889267.5A CN115278687B (en) 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210889267.5A CN115278687B (en) 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm

Publications (2)

Publication Number Publication Date
CN115278687A true CN115278687A (en) 2022-11-01
CN115278687B CN115278687B (en) 2023-08-15

Family

ID=83770553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210889267.5A Active CN115278687B (en) 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm

Country Status (1)

Country Link
CN (1) CN115278687B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020042024A1 (en) * 2018-08-29 2020-03-05 区链通网络有限公司 Node abnormality detection method and device based on graph algorithm and storage device
CN111726460A (en) * 2020-06-15 2020-09-29 国家计算机网络与信息安全管理中心 Fraud number identification method based on space-time diagram
CN113660721A (en) * 2021-08-11 2021-11-16 恒安嘉新(北京)科技股份公司 GOIP device positioning method and device, computer device and storage medium
CN113794805A (en) * 2021-09-16 2021-12-14 上海欣方智能系统有限公司 Detection method and detection system for GOIP fraud telephone
WO2022112706A1 (en) * 2020-11-24 2022-06-02 Araxxe Method and system for controlling scam phone calls
CN114722090A (en) * 2021-12-17 2022-07-08 武汉烽火众智智慧之星科技有限公司 Telecommunication fraud identification method and device based on ticket data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020042024A1 (en) * 2018-08-29 2020-03-05 区链通网络有限公司 Node abnormality detection method and device based on graph algorithm and storage device
CN111726460A (en) * 2020-06-15 2020-09-29 国家计算机网络与信息安全管理中心 Fraud number identification method based on space-time diagram
WO2022112706A1 (en) * 2020-11-24 2022-06-02 Araxxe Method and system for controlling scam phone calls
CN113660721A (en) * 2021-08-11 2021-11-16 恒安嘉新(北京)科技股份公司 GOIP device positioning method and device, computer device and storage medium
CN113794805A (en) * 2021-09-16 2021-12-14 上海欣方智能系统有限公司 Detection method and detection system for GOIP fraud telephone
CN114722090A (en) * 2021-12-17 2022-07-08 武汉烽火众智智慧之星科技有限公司 Telecommunication fraud identification method and device based on ticket data

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
吴卓凡: "浅谈基于信令交互主动追踪车载伪基站的新方法", 中国新通信, vol. 2016, no. 4, pages 32 - 33 *
高渊 等: "浅谈多指标关联识别电信网络诈骗团伙的方法", 中国新通信, vol. 23, no. 6, pages 70 - 71 *

Also Published As

Publication number Publication date
CN115278687B (en) 2023-08-15

Similar Documents

Publication Publication Date Title
CN107798541B (en) Monitoring method and system for online service
CA2223521C (en) Detecting mobile telephone misuse
Barson et al. The detection of fraud in mobile phone networks
CN109640312B (en) 'Black card' identification method, electronic equipment and computer readable storage medium
CN110248322B (en) Fraud group partner identification system and identification method based on fraud short messages
CN103415004B (en) A kind of method and device detecting junk short message
CN111950937A (en) Key personnel risk assessment method based on fusion space-time trajectory
CN111930868A (en) Big data behavior trajectory analysis method based on multi-dimensional data acquisition
CN111726460B (en) Fraud number identification method based on space-time diagram
CN114741612B (en) Consumption habit classification method, system and storage medium based on big data
CN107092651B (en) Key character mining method and system based on communication network data analysis
CN106102082B (en) A kind of suspicion number determines method, apparatus, system
CN112445870A (en) Knowledge graph string parallel case analysis method based on mobile phone evidence obtaining electronic data
CN110675263B (en) Risk identification method and device for transaction data
CN110536302A (en) Telecommunication fraud based reminding method and device
CN102256255A (en) Detection method for parallel-used-card proof based on time and geographic location collisions
CN115278687A (en) Telephone number fraud detection method based on space-time network and graph algorithm
CN109587357B (en) Crank call identification method
CN116361327A (en) Track accompanying relation mining method and system based on two-level space-time index
CN115134809A (en) Information identification method, device and equipment and readable storage medium
CN112004230A (en) Method and system for detecting number abuse behavior of Internet of things
CN113806555A (en) Operation abnormity identification method, system, device and storage medium for APP
JP2000165512A (en) Device and method for detecting illegal use and storage medium recording illegal use detection program and read by computer
CN115103063A (en) Internet fraud identification method and device for counterfeit customer service class
CN109121137A (en) The Subscriber Number usage type recognition methods of double-terminal and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant