CN115278687B - Telephone number fraud detection method based on space-time network and graph algorithm - Google Patents

Telephone number fraud detection method based on space-time network and graph algorithm Download PDF

Info

Publication number
CN115278687B
CN115278687B CN202210889267.5A CN202210889267A CN115278687B CN 115278687 B CN115278687 B CN 115278687B CN 202210889267 A CN202210889267 A CN 202210889267A CN 115278687 B CN115278687 B CN 115278687B
Authority
CN
China
Prior art keywords
numbers
extracted
tac
group
opposite terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210889267.5A
Other languages
Chinese (zh)
Other versions
CN115278687A (en
Inventor
柯阳
侯洁琼
刘杰
常福慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liantong Shandong Industry Internet Co ltd
Original Assignee
Liantong Shandong Industry Internet Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liantong Shandong Industry Internet Co ltd filed Critical Liantong Shandong Industry Internet Co ltd
Priority to CN202210889267.5A priority Critical patent/CN115278687B/en
Publication of CN115278687A publication Critical patent/CN115278687A/en
Application granted granted Critical
Publication of CN115278687B publication Critical patent/CN115278687B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Technology Law (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application belongs to the technical field of telecommunication fraud detection application, and particularly relates to a telephone number fraud detection method based on a space-time network and a graph algorithm. The application provides a telephone number fraud detection method based on a space-time network and a graph algorithm, which considers that the vehicle-mounted goip fraud form relates to more data dimensions, and when the scale of a relational database is huge, multi-layer association relation analysis is difficult to carry out, and the association data are naturally connected together by utilizing the graph data form. The related numbers, tac, base stations and call data are processed into points and edges (the numbers, tac, base station entities and the relationships among the entities) in the graph, the numbers with special association relationships are searched in the form of the graph, and then the numbers are further processed by a graph algorithm, so that the vehicle-mounted goip fraud data are finally obtained. The method provides safety guarantee for preventing telecommunication fraud for users.

Description

Telephone number fraud detection method based on space-time network and graph algorithm
Technical Field
The application belongs to the technical field of telecommunication fraud detection application, and particularly relates to a telephone number fraud detection method based on a space-time network and a graph algorithm.
Background
Telecommunication fraud refers to the fact that false information is compiled through telephone, network and short message modes, a fraud bureau is set, remote and non-contact fraud is implemented on victims, criminals of money or transfer are induced to the victims, the purpose of fraud is achieved in a mode of impersonating others and impersonating and forging various legal garments and forms, such as impersonation public inspection methods, merchant company manufacturers, national office staff, banking staff and other various institution staff, and fraud is carried out in modes of impersonation and impersonation of recruiters, marriage, loans, winning, mobile phone positioning, bid recruitment and the like.
In recent years, the development of telecommunication fraud detection models has raised difficulties in implementing telecommunication fraud. However, there are also telecommunication fraud methods and means to update changes in synchronization therewith. The vehicle-mounted telecom fraud mode is derived, and has high mobility and high concealment. By means of 'GOIP', GOIP equipment is a hardware equipment for network communication, supports mobile phone card access, and can convert traditional telephone signals into network signals. One device can operate hundreds of mobile phone SIM cards at the same time, and can also remotely control the remote SIM cards and GOIP devices to dial and send and receive short messages, so that the separation of people and the SIM cards is realized, and the purposes of hiding identities and avoiding hit are achieved. Meanwhile, the system can virtually dial, can randomly switch the mobile phone number to dial the telephone of the victim, and has great difficulty in countering interception and signal tracing by public security authorities, so that the system becomes a new means of fraud molecules gradually. The fraud form of the vehicle-mounted mobile GOIP improves the difficulty of countering interception and signal tracing, so that the vehicle-mounted mobile GOIP can evade the action range of the existing telecommunication fraud detection model. Therefore, how to detect this form of telecommunication fraud is a technical problem that the person skilled in the art is currently required to solve.
Disclosure of Invention
Aiming at the technical problems of the vehicle-mounted mobile GOIP fraud form that the anti-interception and signal tracing difficulties are high, the application provides the telephone number fraud detection method based on the space-time network and the graph algorithm, which is simple in method, convenient to operate and capable of effectively realizing the identification of the vehicle-mounted mobile GOIP telephone number.
In order to achieve the above purpose, the technical scheme adopted by the application is that the application provides a telephone number fraud detection method based on a space-time network and a graph algorithm, which comprises the following steps:
a. firstly, extracting call records of the full-quantity number on the same day, obtaining data of the extracted number under the conditions of opposite ends of the full-quantity number, a terminal used by the full-quantity number and a communication package of the full-quantity number, writing basic information of the extracted number and the opposite end number of the call of the extracted number on the same day into a number screening table, and generating entity and relation data required by a graph database according to the numbers in the number screening table;
b. then counting the track space-time positions of the extracted number and the opposite terminal number by taking the hour as the dimension, and processing and writing the extracted number, the opposite terminal number, tac, the base station entity and the relation into a graph database, wherein tac refers to the first eight bits of the international mobile equipment identification code;
c. constructing a user group by taking the extraction number and the opposite terminal number which are the same as the tac as a group, inquiring the graph, and recording detail data which pass through the same base station in the same hour in the same tac group;
d. grouping the concomitant numbers in the user group by using a graph network community discovery algorithm, and grouping the concomitant numbers of the extracted numbers or the opposite terminal numbers and the extracted numbers or the opposite terminal numbers into the same concomitant number group, and merging the different concomitant numbers if the different concomitant numbers are overlapped, wherein the concomitant numbers are numbers of the same tac used by the concomitant numbers or the opposite terminal numbers in the same hour range under the same base station;
e. writing the grouped data into a data table and correlating the data with a number screening table output by a graph database, recording lac information passed by each number in the group, and recording the situation of number movement lac with track superposition according to the number of lacs passed by all numbers in the number group summarizing group;
f. extracting all numbers in a number group with the mobile lac number greater than 1, inquiring certificate numbers of all the numbers in the number group and detail data of an IMEI of a terminal, and calculating the certificate overlap ratio in the group and the IMEI overlap ratio of the terminal, wherein the certificate overlap ratio in the group is the number of the certificate number overlap in the group/the total number in the group, and the IMEI overlap ratio in the terminal is the number of the number 10 digits identical before the IMEI is used for the number in the group/the total number in the group;
g. and f, extracting the number group with lower certificate overlap ratio and higher terminal overlap ratio in the step, and obtaining the fraud harassment group.
Preferably, in the step a, the basic information includes an extracted number, a user code of an opposite terminal number, a client code, a network access time, terminal information of the extracted number or the opposite terminal number, a attribution province, a attribution city, an affiliated operator, and black ash status of the extracted number and the opposite terminal number, wherein in recent half a year, the number reported by a worker information, a worker information fraud and a public security certificate is a black number; in the last half year, the number detected by the internal model of the communication carrier is a gray number; in recent half a year, numbers which are not notified by the letter department, fraud by the letter department, public security, and detected by the internal model of the communication carrier are white numbers.
Preferably, in the step a, the specific operation method of generating the entity and the relationship data required by the graph database according to the numbers in the number screening table is as follows:
a1, firstly extracting basic information of numbers and opposite terminal numbers, and generating entity points of the numbers in a graph database;
a2, extracting terminal information of the number or the opposite terminal number according to the number screening table, notifying the related information about the fact that the worker information is involved in a case, the worker information is fraudulent, and the public security certificate notifies whether the black tac table mark number is black tac, recording the black tac table mark number into a tac entity table of the number, and generating a tac entity point of the number in the graph database;
a3, according to the extracted numbers or the opposite terminal numbers in the number screening table, acquiring the base stations used by the extracted numbers or the opposite terminal numbers, writing field information of base station codes, base station attributions, lac, ci, longitudes, latitudes and black ash number numbers into voice base station entities of the extracted numbers or the opposite terminal numbers, and generating base station entity points of the extracted numbers or the opposite terminal numbers in the graph database.
Preferably, in the step b, the specific operation method of writing the extracted number, the opposite terminal number, the tac, the base station entity and the relation processing into the map database is as follows:
b1, firstly processing call record data of the full-quantity number by taking hours as dimensions into hour-level data, extracting user codes of the full-quantity number, tac, writing time of using tac into a hour-level tac table of the full-quantity number, secondly using the extracted numbers to correlate data in the hour-level tac table of the full-quantity number, obtaining the user codes of the extracted numbers or opposite terminal numbers, tac, writing the extracted numbers or the relation between the opposite terminal numbers and tac by using the time of tac, and generating an associated side between entity points of the numbers in the graph data and tac entity points;
b2, using the hour as dimension, associating the extracted number with the data in the hour-level base station table of the full number, obtaining the base station used by the extracted number or the opposite terminal number, writing the user code, the base station code of the extracted number or the opposite terminal number and the time of using the base station into the base station relation table of the extracted number or the opposite terminal number and the extracted number or the opposite terminal number, and generating the side associated with the entity point of the number in the graph database and the front of the entity point of the base station;
and b3, finally, the information such as the call duration, the call times and the like of the full number and the opposite terminal number is written into a full number hour-level call list by taking the hour and the call type as dimensions; and writing the call relation information of the extracted number into the relation between the extracted number and the opposite terminal number, and generating an associated side between the entity point of the extracted number and the entity point of the opposite terminal number.
Preferably, in the step b3, the call relation information includes a user terminal for extracting a number, a user terminal for extracting a peer number, a call duration between the extracted number and the peer number, a calling duration, a call number, a call type, and a call hour.
Preferably, in the step c, the logic of the graph query is: starting from the tac group number in the user group, searching the superposition condition of numbers in the tac group under the same base station in the same hour according to the base station and the relation between the numbers and the base station, then arranging and adjusting superposition records, and outputting the association relation detail of the numbers and the numbers on the same day.
Compared with the prior art, the application has the advantages and positive effects that,
the application provides a telephone number fraud detection method based on a space-time network and a graph algorithm, which considers that the vehicle-mounted goip fraud form relates to more data dimensions, and when the scale of a relational database is huge, multi-layer association relation analysis is difficult to carry out, and the association data are naturally connected together by utilizing the graph data form. The related numbers, tac, base stations and call data are processed into points and edges (the numbers, tac, base station entities and the relationships among the entities) in the graph, the numbers with special association relationships are searched in the form of the graph, and then the numbers are further processed by a graph algorithm, so that the vehicle-mounted goip fraud data are finally obtained. The method provides safety guarantee for preventing telecommunication fraud for users.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.
Fig. 1 is a schematic diagram of the effect of the graph database provided in embodiment 1.
Detailed Description
In order that the above objects, features and advantages of the application will be more clearly understood, a further description of the application will be rendered by reference to the appended drawings and examples. It should be noted that, without conflict, the embodiments of the present application and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, however, the present application may be practiced otherwise than as described herein, and therefore the present application is not limited to the specific embodiments of the disclosure that follow.
Embodiment 1, the technical problem that the fraud form of the existing vehicle-mounted mobile GOIP counteracts interception and has great difficulty in tracing signals is solved, and therefore, the specific operation method of the phone number fraud detection method based on the space-time network and the graph algorithm provided by the embodiment is as follows:
firstly, the call records of the full-quantity number on the same day are extracted, and in order to ensure the comprehensiveness of detection, in this embodiment, the full-quantity number is extracted, where the full-quantity number refers to all telephone numbers under the carrier, for example, all telephone numbers of the carrier of the telephone numbers belong to the company.
Then, the data of the extracted number is obtained under the conditions of the opposite end of the full number, the terminal used by the full number and the communication package of the full number, the extracted number and the basic information of the opposite end number of the call on the same day of the extracted number are written into a number screening table, and considering the characteristic that one GOIP device can operate with hundreds of mobile phone SIM cards at the same time, in the embodiment, the basic information comprises the extracted number, the user code of the opposite end number, the client code, the network access time, the terminal information of the extracted number or the opposite end number, the home province, the home city, the affiliated operator and the black ash condition of the extracted number and the opposite end number, in the sixth implementation, the user number refers to the user name, the domestic telephone number is in real name system at present, the user number reserved in the operator is the name of the user number, the specific mobile phone number is generally the 11 mobile phone number at the beginning of 13, 17 and 18, and the client code is the code of the user given to the operator; the network access time is the first time the mobile phone number belongs to the user, and the terminal information is related information of the mobile phone, such as the brand of the mobile phone and the IMEI number of the mobile phone. The three points of the attribution province, the attribution city and the affiliated operator are not explained. The judgment of the black ash condition of the extracted number and the opposite end number is mainly based on the number reported by the letter department of the work, the fraud of the letter department of the work and the public security, and the number is a black number; in the last half year, the number detected by the internal model of the communication carrier is a gray number; in recent half a year, numbers which are not notified by the letter department, fraud by the letter department, public security, and detected by the internal model of the communication carrier are white numbers. The purpose of this arrangement is to facilitate the acquisition of information about each number.
And then generating entity and relation data required by the graph database according to the numbers in the number screening table. In this embodiment, a method for setting an entity required by the correlation diagram database is also specifically provided, and in this embodiment, according to the correlation of communication, an entity point of a number, a tac entity point of a terminal used by the number, and an entity point of a base station used by the number are mainly generated.
The specific operation is as follows: first, basic information (basic information is described above) of the number and the opposite terminal number is extracted, and entity points of the number in the graph database are generated.
Then, extracting the terminal information of the number or the opposite terminal number according to the number screening table, notifying the related information about the fact that the worker is involved in a case, the worker is fraudulent, and the public security certificate notifies whether the black tac table mark number is black tac, recording the number in the tac entity table, and generating a tac entity point of the number in the graph database;
finally, according to the extracted number or the opposite terminal number in the number screening table, the base station used by the extracted number or the opposite terminal number is obtained, the field information of the base station code, the base station attribution, lac, ci, longitude, latitude and the number of black ash numbers is written into the voice base station entity of the extracted number or the opposite terminal number, and the base station entity point of the extracted number or the opposite terminal number in the graph database is generated.
Thus, three physical points in the graph database are constructed.
And counting the track space-time positions of the extracted number and the opposite terminal number by taking an hour as a dimension, and processing and writing the extracted number, the opposite terminal number, the tac, the base station entity and the relation into a graph database, wherein tac refers to the first eight bits of the international mobile equipment identification code, tac has different speaking in communication, for example, tac can be a tracking area code or the first 8 bits of the IMEI, and the tac code can be utilized to accurately acquire some basic information of the terminal.
The specific method for the operation of the relation among the number, the tac and the base station entity is as follows:
firstly, processing call record data of a full number into hour-level data by taking hours as dimensions, extracting user codes of the full number, tac, writing time of using tac into a full number hour-level tac table, secondly, using the data in the extracted number-associated full number hour-level tac table to obtain the user codes of the extracted number or an opposite terminal number, tac, writing the extracted number or the relationship between the opposite terminal number and tac in the time of using tac, and generating an associated side between an entity point of the number in the graph data and a tac entity point;
then, with the hour as the dimension, associating the extraction number with the data in the hour-level base station table of the full number, obtaining the base station used by the extraction number or the opposite terminal number, writing the user code of the extraction number or the opposite terminal number, the base station code and the time of using the base station into the base station relation table of the extraction number or the opposite terminal number and the extraction number or the opposite terminal number, and generating the side associated with the entity point of the number in the graph database and the front of the entity point of the base station;
finally, the information such as the call duration, the call times and the like of the full number and the opposite terminal number are written into a full number hour-level call list by taking the hours and the call types as dimensions; and writing the call relation information of the extracted number into the relation between the extracted number and the opposite terminal number, and generating an associated side between the entity point of the extracted number and the entity point of the opposite terminal number. The call relation information comprises a using terminal for extracting the number, a using terminal for the opposite terminal number, call duration between the extracting number and the opposite terminal number, calling duration, call times, call types and call hours.
And injecting the data into a graph database to generate three entities and three edges. The resulting effect is shown in fig. 1.
After the graph database is prepared, the user group is constructed by taking the extraction number and the opposite terminal number which are the same as each other as a group, and the graph query is performed, because the characteristics that one piece of GOIP equipment can operate hundreds of mobile phone SIM cards at the same time are that the tac numbers of the vehicle-mounted mobile GOIP are necessarily consistent, in the embodiment, the tac numbers are divided into a group which are the same as each other, the home location is not a visiting location, the opposite terminal city is not a visiting location, the tac groups are used for taking the same (lac_tac, ci_ eci) of the visiting location in the call record, but the opposite terminal home location is not the data of the visiting location, and the detail data record with the number more than 2 in the tac group is limited.
And then, the numbers beginning with the tac are sequentially written into the same row of the file according to the numbers beginning with the tac, so that the subsequent query of detail data generated in the user group on the numbers in the tac group in a graph database is carried out, and the numbers under the same tac are divided into a group of overlapping association queries.
The graph query logic is mainly based on the advantage of the graph database in relation query, and can output the association relation between numbers with high efficiency; starting from the tac group number in the query number group, according to the relation between the voice base station and the number and the base station, searching the coincidence condition of the numbers in the tac group under the condition of simultaneously empty (the same voice base station passes through in the same hour), and recording for subsequent analysis. And then, the overlapping records of the inquiry records through the graph are arranged and adjusted, and the association relation details of the numbers on the same day are output. And recording the detail data passing through the same base station in the same hour in the same tac group.
The method comprises the steps of grouping the accompanying numbers in a user group by using a graph network community discovery algorithm, grouping the accompanying numbers of the extracted numbers or the opposite terminal numbers and the extracted numbers or the opposite terminal numbers into the same accompanying number group, and merging the different accompanying numbers if the different accompanying numbers are overlapped, wherein the accompanying numbers are numbers of the same tac used in the same hour range under the same base station by the extracted numbers or the opposite terminal numbers. The specific operation is as follows: the number and number relation data output from the graph database may be grouped together using a community classification algorithm, and if number 1 is accompanied by number 2 and number 2 is accompanied by number 3, then number 1 and number 2 are divided into the same accompanied number group, if there is a number overlap between different number groups, then the two number groups are combined, for example, the number list of number group 1 is [ number 1, number 2, number 3], the number list of group 2 is [ number 2, number 3, number 4], then the two number groups are combined into the same number group [ number 1, number 2, number 3, number 4].
Writing the grouped data into a data table and correlating the data with a number screening table output by a graph database, recording lac information passed by each number in the group, and recording the situation of number movement lac with track superposition according to the number of lacs passed by all numbers in the number group summarizing group;
and extracting all numbers in a number group with the mobile lac number greater than 1, inquiring the certificate number of each number in the number group and the detail data of the terminal IMEI, and calculating the certificate coincidence degree in the group and the terminal IMEI coincidence degree, wherein the certificate coincidence degree in the group is the number of the certificate number coincidence in the group/the total number in the group, and the terminal IMEI coincidence degree is the number of the number which is consistent with the 10 digits before the IMEI is used for the number in the group/the total number in the group.
And finally, extracting the number group with lower certificate overlap ratio and higher terminal overlap ratio to obtain the fraud harassment group.
Through experiments, the identification of the vehicle-mounted mobile GOIP by adopting the method can reach more than 85 percent.
The present application is not limited to the above-mentioned embodiments, and any equivalent embodiments which can be changed or modified by the technical content disclosed above can be applied to other fields, but any simple modification, equivalent changes and modification made to the above-mentioned embodiments according to the technical substance of the present application without departing from the technical content of the present application still belong to the protection scope of the technical solution of the present application.

Claims (4)

1. A method for telephone number fraud detection based on a spatiotemporal network and a graph algorithm, comprising the steps of:
a. firstly, extracting call records of the full-quantity number on the same day, obtaining data of the extracted number under the conditions of opposite ends of the full-quantity number, a terminal used by the full-quantity number and a communication package of the full-quantity number, writing basic information of the extracted number and the opposite end number of the call of the extracted number on the same day into a number screening table, and generating entity and relation data required by a graph database according to the numbers in the number screening table;
b. then counting the track space-time positions of the extracted number and the opposite terminal number by taking the hour as the dimension, and processing and writing the extracted number, the opposite terminal number, tac, the base station entity and the relation into a graph database, wherein tac refers to the first eight bits of the international mobile equipment identification code;
c. constructing a user group by taking the extraction number and the opposite terminal number which are the same as the tac as a group, inquiring the graph, and recording detail data which pass through the same base station in the same hour in the same tac group;
d. grouping the concomitant numbers in the user group by using a graph network community discovery algorithm, and grouping the concomitant numbers of the extracted numbers or the opposite terminal numbers and the extracted numbers or the opposite terminal numbers into the same concomitant number group, and merging the different concomitant numbers if the different concomitant numbers are overlapped, wherein the concomitant numbers are numbers of which the extracted numbers or the opposite terminal numbers use the same tac in the same hour range under the same base station;
e. writing the grouped data into a data table and correlating the data with a number screening table output by a graph database, recording lac information passed by each number in the group, summarizing the number of lacs passed by all numbers in the group according to the number group, and recording the situation of number movement lac with coincident tracks;
f. extracting all numbers in a number group with the mobile lac number greater than 1, inquiring the certificate number of each number in the number group and the detail data of the terminal IMEI, and calculating the certificate overlap ratio in the group and the terminal IMEI overlap ratio, wherein the certificate overlap ratio in the group=the number of the certificate number overlap in the group/the total number in the group, and the terminal IMEI overlap ratio=the number of the number 10 digits identical before the IMEI is used for the number in the group/the total number in the group;
g. extracting the number group with lower certificate overlap ratio and higher terminal IMEI overlap ratio in the step f to obtain a fraud harassment group;
in the step a, the basic information comprises an extracted number, a user code of an opposite terminal number, a client code, a network access time, terminal information of the extracted number or the opposite terminal number, a attribution province, a attribution city, an affiliated operator, a black ash condition of the extracted number and the opposite terminal number, wherein the number reported by a worker information part in the recent half year is a black number; in the last half year, the number detected by the internal model of the communication carrier is a gray number; in recent half a year, numbers which are not reported by the letter department, fraud by the letter department, public security and evidence and are not detected by the internal model of the communication carrier are white numbers; in the step a, the specific operation method of the entity and the relation data required by generating the graph database according to the numbers in the number screening table is as follows:
a1, firstly, generating entity points of numbers in a graph database according to basic information of the extracted numbers and opposite terminal numbers;
a2, extracting terminal information of the number or the opposite terminal number according to the number screening table, associating the terminal information with a black tac table marking number reported by the worker information part, the worker information part fraud and the public security certificate, judging whether the terminal information is the black tac table marking number, recording the terminal information into a tac entity table of the number, and generating a tac entity point of the number in the graph database;
a3, according to the extracted numbers or the opposite terminal numbers in the number screening table, acquiring the base stations used by the extracted numbers or the opposite terminal numbers, writing field information of base station codes, base station attributions, lac, ci, longitudes, latitudes and black ash number numbers into voice base station entities of the extracted numbers or the opposite terminal numbers, and generating base station entity points of the extracted numbers or the opposite terminal numbers in the graph database.
2. The method for detecting telephone number fraud based on space-time network and graph algorithm according to claim 1, wherein in the step b, the specific operation method of writing the extracted number, the opposite terminal number, tac, the base station entity and the relation processing into the graph database is as follows:
b1, firstly processing call record data of the full-quantity number by taking hours as dimensions into hour-level data, extracting user codes of the full-quantity number, tac, writing time of using tac into a hour-level tac table of the full-quantity number, secondly using the extracted numbers to correlate data in the hour-level tac table of the full-quantity number, obtaining the user codes of the extracted numbers or opposite terminal numbers, tac, writing time of using tac into the extracted numbers or the relationship between the opposite terminal numbers and tac, and generating an edge correlated between entity points of numbers in a graph database and tac entity points;
b2, using hours as dimension, associating the extracted number with the data in the hour-level base station table of the full number, obtaining the base station used by the extracted number or the opposite terminal number, writing the user code, the base station code of the extracted number or the opposite terminal number and the time of using the base station into the base station relation table of the extracted number or the opposite terminal number and the extracted number or the opposite terminal number, and generating the associated side between the entity point of the number in the graph database and the entity point of the base station;
and b3, finally, aggregating the call duration of the full number and the opposite terminal number by taking the hour and the call type as dimensions, and writing the call times into a full number hour-level call table; and writing the call relation information of the extracted number into the relation between the extracted number and the opposite terminal number, and generating an associated side between the entity point of the extracted number and the entity point of the opposite terminal number.
3. The method for detecting telephone number fraud based on spatiotemporal networking and graph algorithm according to claim 2, wherein in the step b3, the call relation information includes a terminal for extracting a number, a terminal for using a counterpart number, a call duration between the extracted number and the counterpart number, a calling duration, a number of times of calls, a call type, and a call hour.
4. The method for phone number fraud detection based on spatiotemporal networking and graph algorithms of claim 3, wherein in said step c, the logic of the graph query is: starting from the tac group number in the user group, searching the superposition condition of numbers in the tac group under the same base station in the same hour according to the base station and the relation between the numbers and the base station, then sorting and adjusting superposition records, and outputting the association relation detail of the numbers and the numbers in the same day.
CN202210889267.5A 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm Active CN115278687B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210889267.5A CN115278687B (en) 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210889267.5A CN115278687B (en) 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm

Publications (2)

Publication Number Publication Date
CN115278687A CN115278687A (en) 2022-11-01
CN115278687B true CN115278687B (en) 2023-08-15

Family

ID=83770553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210889267.5A Active CN115278687B (en) 2022-07-27 2022-07-27 Telephone number fraud detection method based on space-time network and graph algorithm

Country Status (1)

Country Link
CN (1) CN115278687B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020042024A1 (en) * 2018-08-29 2020-03-05 区链通网络有限公司 Node abnormality detection method and device based on graph algorithm and storage device
CN111726460A (en) * 2020-06-15 2020-09-29 国家计算机网络与信息安全管理中心 Fraud number identification method based on space-time diagram
CN113660721A (en) * 2021-08-11 2021-11-16 恒安嘉新(北京)科技股份公司 GOIP device positioning method and device, computer device and storage medium
CN113794805A (en) * 2021-09-16 2021-12-14 上海欣方智能系统有限公司 Detection method and detection system for GOIP fraud telephone
WO2022112706A1 (en) * 2020-11-24 2022-06-02 Araxxe Method and system for controlling scam phone calls
CN114722090A (en) * 2021-12-17 2022-07-08 武汉烽火众智智慧之星科技有限公司 Telecommunication fraud identification method and device based on ticket data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020042024A1 (en) * 2018-08-29 2020-03-05 区链通网络有限公司 Node abnormality detection method and device based on graph algorithm and storage device
CN111726460A (en) * 2020-06-15 2020-09-29 国家计算机网络与信息安全管理中心 Fraud number identification method based on space-time diagram
WO2022112706A1 (en) * 2020-11-24 2022-06-02 Araxxe Method and system for controlling scam phone calls
CN113660721A (en) * 2021-08-11 2021-11-16 恒安嘉新(北京)科技股份公司 GOIP device positioning method and device, computer device and storage medium
CN113794805A (en) * 2021-09-16 2021-12-14 上海欣方智能系统有限公司 Detection method and detection system for GOIP fraud telephone
CN114722090A (en) * 2021-12-17 2022-07-08 武汉烽火众智智慧之星科技有限公司 Telecommunication fraud identification method and device based on ticket data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
浅谈基于信令交互主动追踪车载伪基站的新方法;吴卓凡;中国新通信;2016年(第4期);第32-33页 *

Also Published As

Publication number Publication date
CN115278687A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN108924333B (en) Fraud telephone identification method, device and system
CN107798541B (en) Monitoring method and system for online service
Barson et al. The detection of fraud in mobile phone networks
CN103415004B (en) A kind of method and device detecting junk short message
CN107819747B (en) Telecommunication fraud association analysis system and method based on communication event sequence
CN107506776A (en) A kind of analysis method of fraudulent call number
WO2017186090A1 (en) Communication number processing method and apparatus
CN101686444B (en) System and method for detecting spam SMS sender number in real time
CN111741472B (en) GoIP fraud telephone identification method, system, medium and equipment
CN107194666A (en) Report Server Management method and terminal device based on block chain technology
CN106102001A (en) The screening technique of suspected crime mobile terminal and system
CN106102082B (en) A kind of suspicion number determines method, apparatus, system
CN106899948A (en) Pseudo-base station finds method, system, terminal and server
CN112445870A (en) Knowledge graph string parallel case analysis method based on mobile phone evidence obtaining electronic data
CN106713246B (en) A kind of detection method, device and mobile terminal that the application program page is kidnapped
CN111246375A (en) Man-car accompanying technology based on electronic fence and bayonet information
CN115278687B (en) Telephone number fraud detection method based on space-time network and graph algorithm
CN110536302A (en) Telecommunication fraud based reminding method and device
CN102256255A (en) Detection method for parallel-used-card proof based on time and geographic location collisions
CN110557722B (en) Target group partner identification method and related device
CN1186886C (en) Anti-fake recognition communication system and using method
CN202210325U (en) System for identifying bank self-service device
CN109151827A (en) WiFi Location fraud detection method and device based on radio-frequency fingerprint
CN109104429A (en) A kind of detection method for network fraud information
CN112925971A (en) Multi-source analysis-based fraud topic detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant