KR101092755B1 - System for processing spam - Google Patents

Abstract

The present invention can minimize spam damage of users through spam information sharing between spam victims according to various types of spam such as spam calls, spam letters, one-ring spam and voice-phising. It relates to a spam processing system.

To this end, the present invention comprises a user agent provided on the user side for interacting with the user interface provided in the spam information service means; A user interface, the information being sent to the user agent for the spam information service means to interact with the user; A user agent provided on the user side for interacting with a user interface provided in the spam information service means including a spam information service means having a spam information server for providing various spam information to the user; A user interface, the information being sent to the user agent for the spam information service means to interact with the user; A spam processing system comprising spam information service means having a spam information server for providing various spam information to a user, said spam information service means comprising: a communication interface for transmitting and receiving information from a user interface, and a main control unit; A memory for storing data for processing, a noise attenuation and exception processing unit for filtering user input data, and determining whether data passing through the noise attenuation filter is entered into the database while processing exceptions of the filter rule; Spam search cumulative and spam identification unit for reflecting the data passing through the noise reduction filter in the database, and calculate the spam index based on the histogram of the hit number of a specific number of the database, and generates the user interface and is input through the user interface day A user interface control unit for controlling to interpret the data, a database for storing data input from the user interface and various calculation results, and a main control unit for collectively controlling the operation of each circuit unit in the spam information server. It is done.

User agent, user interface, spam information service means, spam information server

Description

System for processing spam

The present invention relates to a spam processing system and a spam processing method, and more particularly, spam victims according to various types of spam, such as spam calls, spam letters, one-ring spam, and voice-phising. The present invention relates to a spam processing system that enables users to minimize spam damage by sharing spam information between users.

Spam means delivering information that the recipient does not want to an unspecified number of recipients.

As the penetration rate of communication terminals increases and information transmission methods are diversified, types of spam are also diversified.

Spam using modern wired and wireless networks can deliver unwanted information in the form of voice, short message (SMS), multimedia message (MMS), or leave the phone number to the recipient using the recipient's caller ID. One-ring calls, voice-phishing, or faxing (FAX) messages can be used to monetize recipients.

Since malicious spammers send spam information to a large number of people in a short period of time, it shows a pattern of changing existing phone numbers to resume using spam with new phone numbers. Therefore, spammers collect and share spam information to cope with such spam patterns. The period should also be fast enough to respond to spammers' activity patterns.

Conventional spam processing methods known to date have a problem that the time required to respond to spam and share information is insufficient to cope with malicious spammers.

The conventional spam processing method is a method in which a spam recipient registers a spam number received by the blacklist of his or her communication terminal to block further reception from the blacklisted number. Because it is necessary to recognize that a particular number is a spam number, there is a problem to be damaged first. Since each blacklist created by spam recipients is not easily shared with others, it is not effective to prevent the damage of many spams. .

Another conventional spam processing method is a method in which a service provider receives a spam report from a plurality of users and blocks a corresponding number. However, this method also has a problem that the spam reporter needs to be damaged first because the spam reporter recognizes that a particular number is a spam number and then reports it. In addition, in order for a telecommunications operator to take an action to suspend a spam number, it is not suitable for responding to spammers in real time since it must go through an administrative procedure that is approved by a related agency.

Another conventional spam processing method is a method in which a service provider detects a representative spam word pattern included in a short message (SMS) or a multimedia message (MMS) and blocks message transmission. However, this method is not applicable to voice call spam, and if a spammer uses a word other than the typical spam word, the service provider fails to detect the pattern.

Another conventional spam processing method is a method of operating a '1336 spam number reporting ARS system' operated by the Korea Information Security Agency (KISA). This system is a method for receiving spam damage reports through ARS. Since this method is not a free call, spammers have to report their own costs, and the 9 steps must be taken when reporting, and the reporting process takes at least 1 minute and 30 seconds. Utilization is not high.

Another conventional spam processing method is a method of operating a spam trap system of the Korea Information Security Agency (KISA). The system tracks spammers who attempt to voice and text message communications using a number of virtual telephones with randomly assigned telephone numbers. If spammers send spam completely randomly, spam numbers may be collected by this system, but if spammers have a pool of spam targets and target only phone numbers with real users, they will be collected by the spam trap system. There is a problem that can not be.

Another conventional spam processing method is Spam Cop of the Korea Information Security Agency (KISA). It is a method of reporting spam by using a web page or using a 'spam cup' program installed on a user's PC. However, this method also suffers from the problem that the spam reporter suffers the damage of spam and needs to report it after recognizing that a specific number is a spam number.

In addition, the Korea Information Security Agency does not have an immediate problem because it usually takes about a week to impose a penalty on operators using the number reported as spam through administrative procedures. Moreover, the vast majority of spammers are not effective at blocking spam because they ignore and pay no penalties.

Another conventional spam processing method is the 'illegal spam text reporting' function built into the mobile phone. The person who receives the spam text sends the spam text to the Korea Information Security Agency and reports it. This method is free and easy to use. However, because it is limited to text messages, it is not applicable to voice spam, and is available on some 2G phones and all 3G phones released after 2008, so spam text from existing mobile phone users, landlines, and Internet phone users without this feature is available. There is a problem that cannot collect information.

Another conventional spam processing method (see Patent Publication No. 10-2009-0096111) includes a system for collecting spam telephone numbers reported directly by a user using a communication terminal, and the user receives a telephone number determined by the system as spam. When receiving a 'spam index is displayed on the user's communication terminal. However, this method also requires a process of reporting after a spam reporter recognizes that a particular number is a spam number due to the damage of spam, and thus, there is a problem that the spam reporter must report the damage first.

Accordingly, the present invention has been proposed to solve the above problems of the prior art, and to provide a spam processing system that can minimize the number of spam damage so that spam information is shared between users in an easy and convenient way. .

Another object of the present invention is to provide a spam processing system that enables a spam information system to collect and provide spam information from a user even if the spam information is incompletely contained in a database.

It is still another object of the present invention to provide a spam processing system that helps potential spam victims recognize spam before suffering from spam.

It is still another object of the present invention to provide a spam processing system that sorts malicious spam from collected spam information using an algorithm that accurately sorts malicious spam.

It is still another object of the present invention to provide a spam processing system in which the collected and purified spam information is provided to a user in a convenient manner.

In order to achieve the above object, a spam processing system according to the present invention includes a user agent provided on a user side to interact with a user interface provided in a spam information service means; A user interface, the information being sent to the user agent for the spam information service means to interact with the user; To users (advertisement calls, phone fraud (voice-phising), one-ring spam (spam that leaves a caller's number), text spam, fax spam, unidentified spam (spam is suspected, but not verified), Not spam (confirm directly not spam), characterized in that it comprises a spam information service means having a spam information server for providing spam information.

In addition, the spam information service means includes a communication interface for transmitting and receiving information from a user interface, a memory for storing data for processing by the main controller, filtering user input data, and handling exceptions to the filter rules; At the same time, the noise attenuation and exception processing unit determines whether data passed through the noise attenuation filter is input to the database, and the data passed through the noise attenuation filter is reflected in the database, and the spam index based on the hit number histogram of a specific number in the database. A cumulative spam inquiry accumulating and spam identification unit for calculating a user interface, a user interface controller for generating the user interface and controlling data to be interpreted through the user interface, and storing data inputted from the user interface and various calculation results. It is characterized in that it is configured by a main control unit which collectively controls the operation of each circuit portion of the internal database and the spam information server.

In addition, the spam index calculation is characterized in that calculated by the following equation.

delete

delete

delete

delete

       Calculation of the spam index =

T Maximum number of searches in ¹ hour interval P ¹ x Interval Activity Index I ¹ +

T ² Maximum number of searches during time interval P ² x Interval activity index I ² +

… +

T ^N Maximum number of searches during time interval P ^N x Interval activity index I ^N

delete

delete

The present invention has the effect of preventing spam by making it possible to inquire whether the spam for the number before receiving the spam damage, if the spam recipient is called from a phone number that the spam recipient does not know in advance or the caller number remains suspicious. .

In addition, users who have been affected by spam can leave a note about the phone number, so that they or others can check the memo when they look up the phone number later to make it easier to recognize spam. have.

In addition, since an unspecified number of users simply create a spam database by simply looking up a suspicious number, reciprocity that benefits each other may occur, thereby increasing the user's sense of belonging.

In addition, the widespread use of such a system increases spammers 'detection rate and spammers' successful call rate, effectively blocking spam.

 [Example]

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of a spam processing system according to the present invention. As shown in FIG. 1, a user agent 10 and a spam information service means 40 are provided.

The user agent 10 is a hardware configuration and software provided on the user side for interacting with the user interface 20 provided in the spam information service means 40 (for example, a PC and a web in a typical PC environment). Browser, and mobile phone / PDA and SMS / WAP browser / Mobile browser in a typical mobile communication environment).

Spam information service means 40 is composed of the user interface 20 and the spam information server 30.

The user interface 20 is information transmitted to the user agent 10 in order for the spam information service means 40 to interact with the user (for example, referring to a website in a typical Internet environment).

The spam information server 30 is a communication interface 301 for transmitting and receiving information from the user interface 20 (for example, in the case of a general Internet environment refers to the network itself, in the case of a wired communication environment, such as a normal landline telephone, IP phone), a memory 302 for storing data for processing by the main controller 307, and data passed through the noise attenuation filter while filtering user input data and handling exceptions of the filter rules. Noise attenuation and exception processing unit 303 for determining whether or not to enter the database, and the data passed through the noise attenuation filter is reflected in the database 306, spam index based on the hit number histogram of a specific number of the database 306 Spam query accumulation and spam identification unit 304 for calculating the, and the user interface 20 is generated through the user interface 20 A user interface control unit 305 for controlling to interpret the outputted data, a database 306 for storing data inputted from the user interface 20 and various calculation results, and each circuit unit within the spam information server 30. It is configured to include a main control unit 307 for controlling the operation as a whole.

In addition, the spam inquiry accumulation and spam identification unit 304 calculates a spam index, a type, a memo, and a memo summary keyword for the called telephone number.

In addition, the database 306 stores the inquiry or reported telephone number and the calculated spam index, type, memo and memo summary keyword of the telephone number.

The spam processing system and the spam processing method according to the present invention made as described above will be described with reference to FIGS. 1 to 9 as follows.

First, one of the characteristics of the present invention is that it is possible for a spam victim to determine whether or not a specific phone number is spam only by inquiring a phone number suspected of spam.

As is well known, malicious spammers work by delivering large amounts of 'spam information' to an unspecified number of people over a relatively short period of time, ranging from days to weeks.

If spammers are able to extract redundancy by collecting spam information delivered to an unspecified number of people in a relatively short time, the spammer intended to deliver it and the outgoing call used in the delivery process. The number can be identified.

In everyday situations, the probability that an unspecified majority of people will suspect that a particular phone number is 'spam' in a relatively short period of time is very low.

Therefore, if an unspecified number of people suspect that a particular phone number is 'spam' for a relatively short time, it is very likely that the phone number is spam.

If an unspecified number of people configure the service to search 'suspect phone numbers suspected of spam', it is very likely to identify frequently suspected phone numbers, that is, spam numbers.

On the other hand, malicious spammers change outgoing phone numbers in a short period of time, making it impossible to build a complete spam information database.

Accordingly, the main point of the present invention is to provide a high level of service despite the incomplete status of the spam information database, and at the same time create reciprocity among the spam victims and continuously receive information and supplement the spam database on a regular basis. Is to implement a service.

FIG. 2 is a diagram illustrating a process of registering spam information, requesting inquiry and replying to spam information identification result, and FIG. 3 is a diagram illustrating an example of a method of constructing a sustainable service using an incomplete database.

Referring to Figure 3 describes a method for configuring a sustainable service with an incomplete database in the present invention as follows.

1) When a particular spam is first registered in the spam information database 306, the spam information database 306 starts without any information about the spam.

Therefore, it is a 'useless state' (A).

2) Then, while information about a particular spam accumulates in the spam information database 306, it gradually goes through an 'incomplete state (B)' and reaches a level that satisfies certain criteria. Complete state (C) '.

3) When a spam victim looks up a suspicious number, it cannot be predicted whether the information returned from the spam information database is (A) useless, (B) incomplete or (C) complete.

4) Therefore, spam victims should look up suspicious numbers without trying to obtain only (C) complete information, and the spam information database will generate information (A) ~ (B). .

5) Conversely, the spam information database can generate information (A) through (B) from all spam victims looking for suspicious numbers.

6) Spam victims may obtain information in the (C) state, which is made up of information provided by other users in the (A) to (B) state, and thus benefit from mutual sacrifice (one-sided information). `` Reciprocity '' is worn.

As such, based on the spam processing system according to the present invention, spam can be identified at a very accurate level based on the number of hits.

4 is a diagram illustrating an incomplete information communication process and a complete information communication process. When a spam victim inquires about spam, the party becomes an information provider and an information beneficiary. However, since it is unpredictable, it will be reciprocity among spam victims.

Next, the spam identification (spam index calculation) process will be described.

Spam activity patterns vary, but they can be abstracted into two contrasting forms by simply abstracting malicious spam activity patterns.

First, spam activity (such as malicious spam) that sends a large number of messages in a short time.

Second, activities that send a small number of messages over long periods of time (e.g., persistent spam, such as telemarketing). It is divided into patterns.

If the logic to identify spam detects both of these patterns, it can detect most spam in terms of the amount of time that spam is active and how active it is.

Therefore, in order to detect the spam activity pattern as a whole, the weight of the activity pattern for each section is determined differently by dividing each time section into several steps.

(For reference, it is similar to the differential concept of mathematics, but differs in the following ways.

Instead of dividing the interval into infinity, select the data interval where the maximum value is obtained using the 'range window' of the entire time series data held, such as 1 day, 7 days, and 28 days. It's like using a small window of different size to look into the graph to find the section that contains the most data.)

l) An exponentially large weight is given to the number of times accumulated in a short time interval.

2) An exponentially small weight is given to the number of accumulations over a long time period.

5 is a graph illustrating an example of the number of views for each time period.

For example, as shown in FIG. 5, the above two patterns may be determined as spam at the same level.

① 10 times a day (malicious spam, average 10 times a day)

② 20 times a week (general spam, average 2.9 times a day)

③ 30 times of inquiry per month (persistent spam, average once a day)

If a particular phone number has been inactive for some time, it should no longer be considered spam.

In general, a number that has no inquiry history for a period of 30 days is no longer judged to be a spam number, but this period criterion may change according to the overall spam activity pattern.

Based on the record for a specific time period, obtain the maximum number of views (P) for each time interval (T), multiply it by the exponential activity index (I) in the form of exponential function, and then, based on the sum of these values, Find the index (SI).

Calculation of the spam index =

T Maximum number of searches in ¹ hour interval P ¹ x Interval Activity Index I ¹ +

T ² Maximum number of searches during time interval P ² x Interval activity index I ² +

… +

T ^N Maximum number of searches during time interval P ^N x Interval activity index I ^N

The time interval (T), the maximum number of views (P), and the activity index (I) for each section for obtaining a Spam Index are flexibly changed according to the number of users using the spam service.

The user determines whether the spam is spam by looking at the content returned by the spam information service with respect to the telephone number inquired by the user.

The spam index corresponds to quantitative information generated by the operation.

In order to help the overall judgment of the user, it is necessary to provide not only this quantitative information but also qualitative information.

Next, the collection and display of qualitative information will be described.

The spam information service allows a user to write a spam type and leave a comment on a result screen that is displayed after a user looks up a suspicious phone number. These records are displayed in the results the next time the number is retrieved.

Outputs descriptive statistics of spam types left by users. The types of spam that a user can select when reporting spam are "voice phishing / advertising phone / one ring / text / other spam (FAX, etc.) / Unconfirmed / not spam".

Users can easily see the results of these statistics and see what kinds of spam they have judged.

By providing 'unconfirmed' and 'not spam' types of spam, it opens up the possibility for users to correct errors voluntarily.

By extracting duplicate words from the comments left by the user and outputting them in the most frequently duplicated order, the user can view the word list and obtain summary information about spam and judge them qualitatively.

Keep track of the type of spam and the IP you used when leaving comments to help prevent potential abuse.

When the user visually confirms the pattern of the telephone number he inquired about, the user can more easily determine whether it is spam.

As illustrated in FIG. 6, the spam information service provides a time-series graph type of activity history (view history) for each phone number to help qualitative judgment of the user.

Next, the noise attenuation (when using an Internet web browser) process will be described.

In the spam information database, wrong information may be input by a user mistake or by a malicious.

The user may use an Internet web browser to use the spam information service. In this case, the user interface (UI) of the spam information service is displayed in accordance with the Internet web browser.

User Agent (AGENT): Web browser

User Interface (UI) ↔ Server Communication Unit: Using TCP / IP Protocol

In this case, the spam information server 30 may attenuate data noise input from the user by using the user's IP address.

Logic1) logic to block a large number of inquiry requests for a short time from a specific user

Whenever there is a request from the user, it records the IP used by the user, and then searches whether the corresponding IP has reached the maximum number of hits (L) within a specific time interval (T) from then. Block large amounts of data from entering the database.

Limited to hits L ¹ during T ¹ time interval

Limited to hits L ² over T ² time intervals

…

T ^N Limited to hits L ^M during the time interval

The characteristic is that the inquiry time section is divided into several stages, so that the number of inquiry per same time section decreases to an exponential function as the section becomes longer.

For example, if you configure 15 times in a 24 hour period, 30 times in 3 days, and 60 times in 7 days, the number of queries allowed per hour is reduced to the exponential function.

15 views per 24 hour (1 day) period (0.625 searches per hour allowed)

Limited to 30 views in 72 hours (3 days) (0.417 searches per hour allowed)

Limited to 60 views in 168 hours (7 days) (0.357 searches per hour allowed)

Logic 2) logic to block large number of inquiry requests for a short time from a specific group of users

Due to the nature of the IP address, the more similar the endings of an IP address given to a computer are, the higher the probability that the computers are physically adjacent to each other.

To prevent intentional manipulation of the database by a malicious group of users who are physically located in close proximity, blocking logic should be applied based on the first 3 bytes of the 4 bytes of the IP address (IPv4) (of the IP address aaaa.bbb.ccc.ddd). based on aa.bbb.ccc parts match).

The first 3 bytes of the IP address are called 'subnet' for convenience.

After calculating the subnet from the user's IP where the request is made, it searches whether the subnet has reached the maximum number of searches (L) within a specific time interval (T) from that time, and for a short period of time, a specific subnet sends a large amount of data to the database. Block it from entering.

Limited to hits L ¹ during T ¹ time interval

Limited to hits L ² over T ² time intervals

…

T ^N Limited to hits L ^M during the time interval

The characteristic of this logic is to divide the inquiry time section into several stages so that the number of inquiry per same time section decreases to exponential function as the interval gets longer.

For example, if you configure 15 times in a 24 hour period, 30 times in 3 days, and 60 times in 7 days, the number of search allowances per hour is reduced to the exponential function.

Logic 3) Logic that exempts specific number of users or user groups from the limit

Depending on your environment, multiple users may use the same IP (for example, if you use an in-house proxy server or router).

Even in this case, if the above logic 1) and logic 2) are applied in the same way, the number of inquiries allowed for the user group is significantly reduced compared with the other cases.

Accordingly, the spam information server 30 provides logic for applying exceptions to logic 1) and logic 2) for a specific IP address or a specific IP address pattern.

Logic 4) Logic that protects the database from a particular user looking up the same phone number multiple times.

There may be an abusing method in which a particular user searches the same phone number several times to increase the record of the corresponding number.

To prevent this, each phone number entry in the database 306 of the spam information server 30 records the IP address that requested the inquiry every time an inquiry is requested.

If the user's inquiry request does not satisfy the following conditions, the inquiry request from the IP is not reflected in the database's inquiry count.

In other words, there should be no record that the IP requesting inquiry searched the telephone number for the last N hours.

5) Logic to exclude certain users or groups of users from accumulating phone number hits

Depending on the task, a query may occur that does not suspect that a particular number is spam (for example, a server administrator or another service linked to a spam service).

Since the database may be distorted if the inquiry generated by this case is also stored in the database, the spam information server 30 provides logic for excluding a specific user or a group of users in the following three ways.

① Exception by user's IP pattern

② Exception by user log-in

③ Exception by Request Method (API)

6) Correction of User Input Error

The user may inquiring a number he knows by curiosity, or may enter a wrong telephone number by mistake.

If the following two conditions are satisfied, the user can directly delete the corresponding item from the database 306.

① The IP address registered first matches the IP address currently used by the user.

② The cumulative number of inquiry of the number is one time (no doubt from others).

Next, another process of noise attenuation (when using mobile phone SMS / API) will be described.

In order to use the spam information service, the user may use an Internet cellular short message (SMS) and an application programming interface (API).

When a user writes a suspicious phone number in a short message (SMS) and sends it to a specific phone number provided by a spam information service, the spam information server 30 transmits a response message to the user in a short message (SMS) format. In this case, the spam information server 30 applies the same noise attenuation logic and exception logic by using the user's telephone number instead of the IP.

The Spam Information Service provides an API to the user in order to utilize any agent connected to the Internet that the user desires, as well as the inquiry using the user agent 10 or short message (SMS) directly supported by the Spam Information Service. Can be.

In order to use this API, the user must be issued an API key in advance.

When a user sends a suspicious phone number to an API provided by the spam information service, the spam information service sends a response message to the user agent in a predetermined format provided by the API.

In this case, the spam information server 30 applies the same noise attenuation logic and exception logic by using an API key issued to the user.

7 is a flowchart illustrating a spam inquiry process according to the present invention.

First, when the user agent 10 inputs an inquiry number into the user interface 20 (S101), the user interface 20 queries the inquiry number through the communication interface 301 in the spam information service means 40 (S102). ).

Subsequently, the main controller 307 in the spam information server 30 determines that the reference number is received (S103) and controls the operation of the noise attenuation and exception processing unit 303.

The noise attenuation and exception processing unit 303 determines whether or not an exception is performed (S104) and performs exception processing (S105) or non-exception processing (S106), and at the same time, determines whether or not noise (S107) to determine noise through the user interface 20. In step S108, the message is transmitted to the user agent 10 and an error message indication S109 is delivered.

If it is determined whether the noise (S107) and the test passes (S110), the main controller 307 controls the cumulative spam inquiry and the operation of the spam identification unit 304.

The cumulative spam inquiry and spam identification unit 304 determines whether or not the accumulation (S111) and if the accumulation state cumulative status request (S112).

Thereafter, the spam inquiry accumulation and spam identification unit 304 transmits the spam identification result through the user interface 20 (S113), and delivers the spam identification result display (S109) to the user agent 10.

FIG. 8A shows an operation flowchart of the case where the user interface 20 of the spam information service means 40 is not embedded in the user agent 10 (web, mobile web).

As shown in FIG. 8A, first, a user connects to the spam information service means 40 using the user agent 10 (S201), and the user agent 10 connects the user interface 20 from the spam information server 30. FIG. After receiving (S202), the user requests a spam report or inquiry using the user agent 10 (S203).

After the exception (S204), noise or not (noise test) (S205), cumulative or not (S205) is sequentially performed, the number reported or inquired to the database 306

Accumulation (S207) and the spam index is calculated (S208).

When the spam index calculation is completed, a user interface 20 indicating a spam index or an error is created (S209), and then transmitted to the user agent 10 (S210).

FIG. 8B illustrates the case where the user interface 20 of the spam information service means 40 is embedded in the user agent 10 (built-in terminal) in the present invention, and there is no visible user interface (for example, SMS or API). The operation flow diagram when the web browser is designated as a 'search provider' can be omitted.

As shown in FIG. 8B, a user first requests a spam report or inquiry using a designated interface or a designated method (S301).

Thereafter, an exception determination (S302), noise determination (noise test) (S303), cumulative determination (S304) is sequentially performed, and then the reported or inquired number is sent to the database 306.

Accumulation (S305) and the spam index is calculated (S306).

When the spam index calculation is completed, a message indicating a spam index or an error is created (S307), and then the message is transmitted in a specified method (S308).

9 shows an exemplary table of a database according to the present invention.

Referring to each column in Figure 9 as follows.

Unique number: Unique number of a database row (tuple or row)

Phone number: Phone number reported / viewed as spam

Cumulative total of searches: The cumulative number of searches since the initial registration to the most recent view.

Maximum number of search data by period: Saves the maximum value by time interval based on the search histogram. This value is updated on every report / inquiry. This value is used to calculate the spam index.

Initial registration date: Date / time the phone number was first registered

Registrant IP Address: IP address of the user agent that originally registered the phone number (or terminal phone number / unique number for a communication terminal).

Lookup IP Address List: IP address (or terminal phone number / unique number for communication terminal) and date / time that the telephone number was queried. To prevent the database from being distorted by a particular person's repeated lookups.

Number of Inquiry IP: The number of unique IP (or terminal unique number) that inquired the number. Actually matches the 'Total Cumulative Count' field for that number, but is a redundant field that exists for internal calculations.

Last Viewed: The date the number was recently reported / viewed. Based on the date of the last inquiry, the number of 'spam inactive' of the number is identified and deleted from the database.

Comment: Comment left by user on that number

Search histogram data: The number of times the number was viewed, stored by date.

Data Spam Flag: Represents a field for storing what kind of spam the number is (or not spam).

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention.

Therefore, the technical scope of the present invention should not be limited to the contents described in the embodiments, but should be defined by the claims and their equivalents.

1 is a block diagram of a spam processing system according to the present invention.

2 is a diagram illustrating a spam information registration, inquiry request, and spam information identification result reply process;

 3 is an example diagram illustrating a method of configuring a sustainable service with an incomplete database.

4 shows an incomplete information communication and a complete information communication process.

Figure 5 is a graph of an example showing the number of views by time interval band.

Figure 6 is a time series graph showing the activity history for each phone number.

7 is a flowchart illustrating a spam inquiry process according to the present invention.

8A is a flowchart illustrating a case where a user interface of the spam information service means is not embedded in the user agent in the present invention.

8B is a flowchart illustrating a case where the user interface of the spam information service means is embedded in the user agent in the present invention.

9 is an exemplary view of a table of a database according to the present invention.
* Description of the symbols for the main parts of the drawings *

delete

10: User Agent

20: user interface

30: Spam Information Server

40: Spam information service means:

       301: communication interface

       302: memory

       303: Noise attenuation and exception handler

       304: Spam Lookup and Spam Identification Unit

       305: user interface control unit

       306: database

       307: main control unit

Claims (9)

A user agent provided on the user side for interacting with the user interface provided in the spam information service means; A user interface, the information being sent to the user agent for the spam information service means to interact with the user; To users (advertisement calls, phone fraud (voice-phising), one-ring spam (spam that leaves a caller's number), text spam, fax spam, unconfirmed spam (spam is suspected but not verified), In the spam processing system comprising a spam information service means having a spam information server for providing spam information (not directly spam),       The spam information service means includes a communication interface for transmitting and receiving information from a user interface, a memory for storing data for processing by the main control unit, filtering user input data, and handling an exception of a filter rule, while simultaneously attenuating noise. Noise attenuation and exception processing unit for determining whether data passed through the filter is input to the database, reflecting the data passed through the noise attenuation filter to the database, and calculates the spam index based on the hit number histogram of a specific number of the database A spam inquiry accumulation and spam identification unit, a user interface control unit for generating the user interface and controlling data to be interpreted through the user interface, and data for storing the data inputted from the user interface and various calculation results. Spam processing system comprising a database and a main control unit for controlling the operation of each circuit unit inside the spam information server. delete delete delete delete delete The method of claim 1, The spam index calculation is a spam processing system, characterized in that calculated by the following equation.       Calculation of the spam index = T Maximum number of searches in ¹ hour interval P ¹ x Interval Activity Index I ¹ + T ² Maximum number of searches during time interval P ² x Interval activity index I ² + … + T ^N Maximum number of searches during time interval P ^N x Interval activity index I ^N delete delete

Images