RU2762389C2 - Method for recognizing a subscriber making unwanted calls and a method for handling an unwanted call - Google Patents

Abstract

FIELD: connection control.

SUBSTANCE: invention relates to the field of connection control in the event a subscriber receives an unwanted or malicious call, namely, to the recognition of the subscriber making unwanted calls and the processing of such calls. To achieve the effect, in cellular networks of GSM, IN, IMS standards, the formation of the maximum possible array of data is provided for the application of analysis rules, a necessary and sufficient list of signs of recognizing a subscriber making unwanted calls, as well as the selection of subscribers making unwanted calls based on their behavior - in advertising or for fraudulent purposes. This provides a cost-effective way for a cellular operator to handle an unwanted call by keeping the unwanted call on the connection for as long as possible without the participation of the called subscriber.

EFFECT: ensuring the recognition of the subscriber making unwanted calls in automatic mode without the participation of the called subscriber, as well as improving the accuracy of recognizing the subscriber making unwanted calls due to the synergy of analysis of network events generated in the signaling CS network when processing voice calls and external public data of subscribers' feedback on arbitrary incoming calls.

5 cl, 5 dwg

Description

The invention relates to the field of telephone communications, in particular to methods for identifying and filtering unwanted voice calls in cellular networks (clause 12, GOST R 53801-2010, 3GPP TS 23.002), the method without limiting the scope of legal protection can be used in networks of GSM standards , IN, IMS.

It is known that unwanted calls cause great inconvenience to cellular subscribers. They are usually associated with unnecessary advertising offers (spam) or fraudulent activities (fraud). To counteract unwanted calls, subscribers use blacklists implemented at the operating system (OS) level of MS mobile phones (Mobil Station). Mobile operators use Who's Calling services with caller information on the incoming call screen of MS (Mobil Station). There are mobile applications that have the "Who's Calling" functionality. These services use external databases, in which the caller's records are formed based on the results of the analysis of web resources containing information about subscribers (external analytics). The functionality of these services is not sufficient, in any case, the subscriber is forced to independently make a decision to block unwanted calls and add the incoming number to the black list. A generalized solution is needed that provides automatic reliable blocking of unwanted calls without the participation of the subscriber at the level of functional (network) objects of the cellular operator's network. Automatic blocking of unwanted calls involves solving a number of technical problems.

The first technical problem is the formation of the necessary data array about the set of voice calls in the operator's network for the application of the unwanted call recognition algorithm. The main requirement for a data array, for obvious reasons, is its completeness. In the best case, the rules for analyzing unwanted calls should be applied to the entire set of voice calls in a certain territory over the period T. Moreover, it is advisable to accumulate such a nature of data for analysis that will provide the operator with the selection of unwanted calls by the purpose of their commission - spam calls made by spammers ( spammer) for advertising purposes or fraud calls made by frauders (frauder) for fraudulent purposes.

The second technical problem of introducing automatic blocking of unwanted calls in a cellular network is a reliable software algorithm for recognizing unwanted calls in the general set of calls. To form the rules for recognizing an unwanted call in the general set of calls, the recognition algorithm is required to determine the necessary and sufficient list of signs of an unwanted call. The list of features should ensure reliable selection of an unwanted call in a limited space of network events generated by functional (network) objects of the operator's signaling network when processing voice calls.

The third technical challenge is the efficient handling of a recognized unwanted call. The main mandatory requirement for processing a recognized unwanted call is blocking it without the participation of the called subscriber. An additional and desirable requirement for the processing of a recognized unwanted call is an increase in the economic performance of the cellular operator for serving an incoming call. The contradictory requirements are caused by the operator's economic interest to receive income for connecting an incoming voice call and the commercial necessity of blocking unwanted calls under the terms of the subscriber's subscription to block unwanted calls.

Taking into account the above objective technical difficulties and economic conditions, the authors propose a method for recognizing a subscriber making unwanted calls and a method for handling an unwanted call, which ensures the cellular operator recognizes subscribers making unwanted calls and their selection according to the purpose of their commission - advertising (spammer) or fraudulent (fraudulent) ) as well as cost-effective handling of unwanted calls by:

generating the maximum possible data array of the signaling network for the application of the rules for analyzing the recognition of subscribers making unwanted calls, generated, including in real time when processing signal connections;

determining the necessary and sufficient list of features for recognizing a subscriber making unwanted calls to form the rules for analyzing the signaling network data.

performing syntactic and semantic analysis of data from external network resources to select subscribers making unwanted calls;

connecting and holding an unwanted call on the connection without the participation of the subscriber to generate the operator's revenue for servicing the incoming call.

In the context of the application, the following definitions are accepted: HomeNet subscriber - a subscriber registered in the network of the NP (Network Provider) cellular operator. OffNet subscriber - a subscriber not registered in the NP network. Subscriber A (Calling) - the calling subscriber, Subscriber B (Called) - the called subscriber. In the general case, it is assumed that subscriber A is an offNet subscriber, in a particular case, subscriber A can be both a homeNet and an offNet subscriber. Incoming call - incoming voice call made by subscriber A to subscriber B. Unwanted call - incoming call recognized by NP operator without participation of subscriber B as unwanted for subscriber B. Spammer - Calling subscriber A making an unwanted call for advertising purposes. Frauder - Calling subscriber A, making an unwanted call for fraudulent purposes. Subscriber ID - unique standardized data used to process connections on network nodes of the NP operator (SSP, SCP, HLR, VLR, BSS, etc.) and related to the provision of services and charging (MSISDN, IMEI, IMSI, etc.), in including subscriber numbers of the public telephone network PSTN (Public Switched Telephone Network). Call connection - establishment of a signaling SS7 connection for making a conversation between subscribers A and B. External network node or web resource - any network device (server) on the Internet at a specific URL address. Signaling network NP - CS (Circuit Switched Domain) is a set of objects (including ISUP, SIP, CAP protocols) that support SS7 signaling (SS7 - Common Signaling Channel No.7 or Signaling System No.7) and processed on functional (network ) objects of standardized 3GPP, ETSI - network nodes SSP, SCP, HLR, IP, etc. Packet network NP - PS (Packet Switched Domain) a set of objects (GPRS network packets) with independent routing processed on standardized 3GPP, ETSI network nodes PDN GW, S-GW, MME, SGSN, etc. Basic or core network NP - CN (Core Network) combining signaling and packet NP network (clause 3.2.3 GPP TS 23.002). IN (Intelligent Network) network - network architecture of the NP operator focused on the integration of additional communication services (ITU-T Q.1200 Rec.). IMS (IP Multimedia Subsystem) network - NP operator's network architecture based exclusively on IP networks (3GPP IMS). Separately, it is noted that the IMS standard excludes the CS network from the network architecture, uses the SIP protocol for session management and does not support the ISUP protocol. However, since in the IMS SIP network, traffic is processed at functional objects (network nodes), it is associated with

identifiers MSISDN, IMEI, IMSI and QoS requirements, in the context of the SIP request, the traffic of the IMS network is referred to the signaling network protocol.

Patent RU 2722685 is known from patent sources, according to which the cellular operator creates a list of advertising identifiers of subscribers A, approved by the NP operator, and a list of advertising identifiers of subscribers A, allowed by subscriber B. Such lists are generated by the NP operator on all switching channels (Call, SMS, Web) with subscriber B. The operator makes a decision to connect a voice call to subscribers A and B only if there is an identifier (MSISDN) of subscriber A in both lists. Thus, the operator achieves the connection of the subscriber only with useful voice calls and reliably blocks any spam calls. The solution appears to be reliable and useful. Nevertheless, within its homeNet framework, subscriber B must make a record in the control system about the categories of goods and services of interest to him in order to form a list of allowed advertising identifiers. That is, the subscriber indirectly participates in activities to block unwanted calls. For the NP operator, the inconvenience of such a solution lies in the need to manually enter entries into the table of advertising identifiers A.

The closest in technical essence is known patent US 10708416 which was chosen by the authors for the prototype. In accordance with the description of the patent, the method includes receiving a first volume of data on spam calls from external analytics databases and a second volume of data on voice calls from a subscriber's MS call log. Thereafter, the machine learning algorithm determines the signs of unwanted call recognition (parameters in terms of US patent 10708416) based on the first amount of data. From the entire list, the authors disclose two parameters:

the ratio of unique (single or at least rare) incoming calls to subscriber B to the total number of incoming calls to subscriber B;

the ratio of outgoing calls of subscriber A, the duration of which is longer than the specified one to the total number of outgoing calls of subscriber A (success rate in terms of the application US 10708416).

Once these parameters are generated by the machine learning algorithm, they are applied to a second piece of data to recognize an unwanted call (identification in terms of US 10708416). To clarify the identification of a spam call, the authors of US 10708416 propose to form a request to the subscriber's MS device to obtain information about the telephone number. Additionally, the authors of US 10708416 use the MS geodata of the caller to refine the classification.

The disadvantages of this solution follow from the above-mentioned objective technical difficulties in recognizing a spam call:

Insufficiently reliable analytics, for example, when analyzing unique calls, it is rather difficult to formalize a scenario in which a set of subscribers B receive single calls from subscriber A about the readiness of an order for issue. When analyzing the success rate, it is difficult to formalize the scenario of automatic useful calls, for example, notifying subscriber B of the need to pay a traffic ticket. With the commonly used "Who Calling" services, subscriber B often rejects an incoming call on the screen of which, for example, a notification about a road service (subscriber A) is displayed. Nevertheless, it seems erroneous to recognize such a call as spam.

Inability to select subscribers for the purpose of making an unwanted call. The data potentially possible for the antivirus component to receive does not contain semantics allowing such selection. And the data from external analytics (the first amount of data) is used only to train the neural network to generate signs of recognizing an unwanted call.

Insufficient both the first and the second volume of data for analysis, caused by the need for software improvement of MS - installation of an antivirus component, which provides the authors of US 10708416 with a second data set on voice calls for analysis. For obvious reasons, it is difficult to guarantee a sufficient number of MSs with an installed anti-virus component to the total number of MSs for analysis, and even to accurately calculate its share.

The operation of the method is limited to the packet PS network of the cellular operator to which he does not have direct access, this implies the unreliability of obtaining geodata - in the packet PS network, this data can be encrypted or disabled by the subscriber, the method, by definition, is deprived of the possibility of receiving and analyzing messages from the signaling CS network of the operator.

The need to poll the subscriber's MS to clarify the identification parameters, the authors of US 10708416 do not disclose the essence of polling the subscriber's MS response;

The impossibility of managing the processing of spam calls in the signaling network, in fact, the method does not have access to the CS signaling network of the operator.

Taking into account the objective technical difficulties of recognizing an unwanted call in the general set of voice calls and the disadvantages of technical solutions known from the current state of the art, the authors propose a method for recognizing a subscriber making unwanted calls and a method for handling an unwanted call, which provides:

the maximum possible and operational data array for the application of the algorithm for recognizing subscribers making unwanted calls and their selection;

optimal algorithm for recognizing subscribers making unwanted calls and selecting them according to the purpose of the call;

cost-effective handling of unwanted calls.

The claimed reliability characteristics are provided by the method by operating on technical means of functional (network) objects of the signaling CS network of the NP operator. The claimed accuracy characteristics are provided by the method due to the author's algorithm for recognizing and selecting subscribers making unwanted calls, which is the applicant's know-how and combines the analytics of the signaling network data and the analysis of external data.

The technical result of the method for recognizing the subscriber making unwanted calls and the method for processing unwanted calls is to increase the reliability and accuracy of recognizing the subscriber making unwanted calls in the network of a cellular operator and to increase the economic performance of the cellular operator when processing an unwanted call.

The technical result of the method for recognizing a subscriber making unwanted calls is achieved by a method for recognizing a subscriber making unwanted calls, in accordance with which the cellular operator generates records with data on voice calls made by subscribers in the cellular network for the period T, and applies to them an unwanted call recognition algorithm, where one part of the records is formed from the data of the signaling network, the other part of the records is formed from the data of external network resources, the algorithm for recognizing the subscriber making unwanted calls is applied to the records generated from the data of the signaling network, which includes the signs of recognizing the subscriber making unwanted calls, and applies a text analysis algorithm to records generated from data from external network resources to recognize a subscriber making unwanted calls for advertising or fraudulent purposes.

In this case, the records of voice calls generated from the signaling network data are CDR (Charging Data Records) records, records generated by the technical means of the signaling network in real time when processing messages from the SIP, ISUP call establishment protocols, and authentication, authorization and audit protocols. CAP, MAP, RADIUS, DIAMETER, and the signs of recognizing a subscriber making unwanted calls are:

sign of the frequency of outgoing calls - the average number of outgoing calls in the time period T;

sign of the interval of outgoing calls to different subscribers - the average period of time T between making two outgoing calls;

sign of success for outgoing calls - the ratio of the number of connected outgoing calls to the total number of outgoing calls;

sign of the average duration of an outgoing successful call - the average duration of outgoing successful calls;

call termination reason attribute - the proportion of outgoing successful calls completed at the initiative of subscriber A;

sign of redialing the number of outgoing calls - the proportion of outgoing calls made to the same subscriber;

sign of enumeration of numbers of outgoing calls - the proportion of outgoing calls made by an ordered enumeration of the digits of the called number according to some rule or pattern;

geolocation attribute - the proportion of outgoing calls served by the same SSP switching node.

And the records of voice calls generated from the data of external network resources are data of web resources containing records of subscribers' complaints about calls made by them from arbitrary numbers, and the text analysis algorithm for recognizing a subscriber making unwanted calls for advertising or fraudulent purposes includes performing manipulations with substrings in the text according to the rules of semantic analysis and the rules of the formal language of regular expressions.

The technical result of the unwanted call processing method is achieved by the unwanted call processing method, according to which the cellular operator at the switching node receives a SIP message, ISUP of the signaling network protocol to establish an incoming voice call connection, by the caller ID determines the caller's membership in unwanted calls, and when determining whether a subscriber belongs to making unwanted calls, the cellular operator determines the incoming voice call as unwanted and routes the unwanted call to the network node of intelligent peripherals, which implements the program logic of computer analysis and synthesis of texts in natural languages with a voice audio interface and connects the unwanted call with the program logic of computer analysis and synthesis of texts in natural languages having a voice audio interface of the network node of intelligent peripherals in order to keep waiting for an unwanted call on the connection as long as possible.

The invention is illustrated by drawings:

FIG. 1a shows a simplified architecture of the signaling CS operator NP with an integrated intelligent antispam platform.

FIG. 1b shows a simplified architecture of the signaling CS operator NP without an intelligent antispam platform.

Figure 2 presents a generalized block diagram of an algorithm for recognizing a subscriber making unwanted calls in data arrays, MQ, CDR of the signaling CS network and external data EFR.

FIG. 3а shows a generalized dialogue of functional (network) nodes of the IN network during the operation of the intelligent antispam platform.

FIG. 3b shows a generalized dialogue of functional (network) nodes of an IN network without an intelligent antispam platform.

In the figures, the connections of the CS signaling network are indicated by broken lines. Continuous lines indicate the interaction of network nodes over the agreed API SFTP, HTTP protocols in a standard TCP / IP network.

Figure 1 a, b shows the options for implementing the proposed method in the generalized architecture IN of the operator's network NP. The architecture of FIG. 1a provides for the integration of the intelligent anti-spam platform SCP ANTI SPAM that handles unwanted calls in the NP operator's network. The architecture of FIG. 1b provides a simpler implementation that does not require the integration of the intelligent SCP ANTI SPAM platform into the NP operator's network and assumes a simpler management of unwanted calls at the SSP switching node.

MS B - the called (Called) homeNet subscriber served by the current SSP (Service Switching Point) CSCF / VMSC.

SSP CSCF / VMSC is a switching node, in the NP network it performs the functions of switching signaling connections using the signaling protocols SIP, ISUP. In IMS network architecture

SSP functions are performed by a standard SIP server that manages SIP sessions CSCF (Call / Session Control Function) and routes SIP connections between user equipment UE (User Equipment) and network nodes of the IMS network. In the IN network, the SSP functions are performed by the VMSC (Visitor Mobile Switching Center) in the service area of which the homeNet subscriber MS B is registered.

SCP PPS (Service Control Point Prepaid Pay System) billing node is a standard platform for charging subscribers with advance billing; in the IN and IMS networks it performs the functions of Online Charging System (OCS) billing.

IP VMS (Intelligent Peripheral Voicemail System) is an intelligent peripheral platform, a standard network voice mail node - a system for registering, storing and redirecting telephone voice messages, which implements the logic of VAS (Value Added Services) in the IN network. In IMS networks, the functions of the IP VMS network node are performed by the classic SIP AS (Application Server) network node. Within the framework of the claimed method, IP VMS is a technical tool that performs the program logic of computer analysis and synthesis of texts in natural languages having an audio (voice) interface. To reproduce statements, the program logic of text synthesis contains a list of pre-recorded statements that stimulate the interlocutor to respond. The natural language analysis software logic includes templates and keywords for reproducing pre-recorded statements stimulating to keep the interlocutor in the dialogue for the maximum possible time to generate the operator's income for servicing the call.

SCP ANTI SPAM is an intelligent anti-spam platform, in the IN network is an intelligent platform that implements the logic of additional VAS services in the NP network. In IMS networks, the functions of the SCP ANTI SPAM node are performed by the standard SIP AS (Application Server). SCP ANTI SPAM performs Service Control Function (SCF), Service Switching Function (SSF) and Service Data Function (SDF). The integration of SCP ANTI SPAM in the NP network is focused on the signaling section: SSP CSCF / VMSC switching node - SCP PPS billing node. The SCP ANTI SPAM hardware part is implemented on X86 servers running Unix-like operating system. The SCP ANTI SPAM software architecture is implemented with the ability to receive, passively analyze and process messages of the SIP, ISUP protocols, authentication, authorization and audit protocols AAA (Authentication, Authorization, Accounting) MAP, CAP, RADIUS, DIAMETER and save the history of DP (Detection Point) states BCSM (Basic Call State Model) call service process. SCP ANTI SPAM in real time, continuously converts the signaling network event stream on the SSP CSCF / VMSC - SCP PPS section into an MQ message broker and transmits MQ messages to the WHC PROXY node using the SFTP protocol. MQ message broker (RabbitMQ, ActiveMQ, etc.) is an intersystem messaging protocol for coordinating the operation of different signaling points SP (signal point). Using the SFTP protocol and agreed programming interfaces, SCP ANTI SPAM receives from the WHC PROXY node subscriber profile data (DATA), processed and marked (proper, spammer, fraudster) according to the analytics result (block diagram of Fig. 2, floor 9). In a private implementation of the method, without limiting its essence and scope of legal protection, the functions of the intelligent platform SCP ANTI SPAM can be performed by the SSP VMSC switching node or the CSCF node for IMS networks. This implementation is less preferable since it violates the principle of separation of connection switching and service provisioning functions.

WHC PROXY network node is an intelligent platform for processing and analyzing data from a signaling CS network and data from external network resources (basic analytics platform). The hardware part of WHC PROXY is implemented on X86 servers running a Unix-like operating system. The WHC PROXY software algorithm performs analytics for the recognition of a subscriber making unwanted calls and its selection for the purpose of making an unwanted call for advertising (spam) or fraudulent (fraud) purposes on the data array of the signaling CS network CDR, MQ and external data EFR (block diagram of Fig. 2 ). The algorithm includes recognition features (attributes 3 of Fig. 2) for application to MQ data arrays, CDR signaling CS network and patterns (patterns 5 of Fig. 2) for application to textual EFR data obtained from external sources. According to the agreed programming interfaces, WHC PROXY interacts with the SSP CSCF / VMSC switching node and the CSP PPS platform to receive CDRs (Charging Data Records). In real time, WHC PROXY continuously receives MQ messages from the SCP ANTI SPAM platform. Via HTTP protocol WHC PROXY interacts with external Ex DB databases to receive EFR records. Based on the results of the analytics for recognizing subscribers making unwanted calls, WHC PROXY profiles subscribers and assigns them the following attributes: trust - a subscriber who does not make unwanted calls; or a spammer (spam) - a subscriber making unwanted calls for advertising purposes; or a fraudster (fraud) - a subscriber making unwanted calls for fraudulent purposes (block diagram of Fig. 2, floors 8, 9). At a given frequency, WHC PROXY transfers subscriber profile data (DATA) via SFTP and agreed program interfaces to the SCP ANTI SPAM intelligent antispam platform.

Ex DB - an external network node or web resource containing text data of records left by subscribers for calls made from arbitrary EFR numbers (External Feedback Records). Technically, Ex DB is represented by public web resources that accumulate subscribers' reviews. It can be represented by databases of well-known aggregators Yandex, Kaspersky, etc.

SCP / AS VAS is a set of intelligent platforms that implement heterogeneous additional VAS services in the IN network. For example, the platform "Who is calling" SCP / SSP WCS A application RU 2019138142). In the IMS network, such platforms are represented by standard AS servers. In real time, SCP / AS VAS continuously transmit the stream of events from the MQ signaling CS network to WHC PROXY. Interoperability with multiple intelligent SCP / AS VAS platforms allows WHC PROXY to monitor the maximum number of connections on the NP operator's network.

MS A - calling (Calling) subscriber, in Fig.1,3 is designated as offnet, without loss of generality of the method and scope of legal protection can be homeNet subscriber A or PSTN network subscriber.

Figure 2 presents a generalized block diagram of an algorithm for recognizing a subscriber making unwanted calls, which is performed by the basic analytics platform WHC PROXY. The algorithm provides for both versions of the network architecture (Fig. 1) and call diagrams of network nodes (Fig. 3). The basic analytics platform WHC PROXY performs two main branches of the data processing algorithm of the signaling CS network MQ, CDR 1–3 and external data EFR 4–6, which includes:

1 data for processing - CDR data set of voice calls served by SSP CSCF / VMSC switching node and / or SCP PPS billing unit for period T. And MQ real-time data set of voice calls served by SCP VAS nodes. Technically, data 1 is a space of network events generated by the operator's CS functional (network) objects when processing voice calls. The list of such events includes:

the identifier of the calling and called subscribers;

the reason for the failed call in the scenario the called subscriber is busy, unavailable, not answering or dropped the call;

the reason for the failed call in the script the calling subscriber dropped the call, or abnormal call disconnection due to network errors;

call duration;

the reason for the end of the call;

the addresses of the switching nodes of the calling and called subscriber and a number of other data.

2 signs of recognizing attributes of a subscriber making unwanted calls. The list of attributes attributes is determined by the authors experimentally based on the space of network events about CS voice calls and includes the following attributes:

outgoing call frequency - average number of outgoing calls in time period T;

the interval of outgoing calls to different subscribers - the average time period T between making two outgoing calls;

outgoing call success - the ratio of the number of connected outgoing calls to the total number of outgoing calls;

average duration of outgoing successful calls - average duration of outgoing successful calls;

reason for call termination - the proportion of outgoing successful calls completed at the initiative of subscriber A;

outgoing calls redial - the proportion of outgoing calls made to the same subscriber;

enumeration of numbers of outgoing calls - the proportion of outgoing calls made by an ordered enumeration of the digits of the called number according to some rule or pattern;

geolocation - the proportion of outgoing calls served by the same SSP switching node.

3 recognition algorithm analysis of the application of recognition features 2 to the data set CDR, MQ. The algorithm can be implemented in algorithmic (Java) and / or declarative (Prolog) programming languages, it can be based on machine learning methods and expert systems. In general, the algorithm can determine whether or not the value of each feature predetermined by the analysis 3 algorithm is exceeded for network events generated by the behavior of a proper (trust) subscriber, for example:

the subscriber makes a large number of outgoing calls during the period T;

moreover, the number of outgoing calls significantly exceeds the number of incoming calls;

a significant proportion of outgoing calls do not lead to a connection (successful call);

the average duration of a successful call is low;

an insignificant number of successful calls are terminated at the initiative of subscriber A;

rarely calls the same subscriber;

dials the numbers of the called subscribers according to some pattern or mask + 7926123хххх;

a significant part of outgoing calls are served by the same SSP switching node in the service area of which the high-risk locations are located.

High-risk locations include locations in which there is an increased activity of subscribers with a significantly increased value of the number of outgoing calls to the number of incoming calls and the constancy of the SSP switching node address. This symptom indicates that the SSP service area contains locations in which automatic dialing programs are running or manual calls are being made, and the caller is not moving. Physically, in the case of automatic dialing, such locations can be the POP (Point of Presence) point of presence of voice mailing equipment, in the case of manual dialing, the placement of Call centers.

To reliably recognize the subscriber making unwanted calls, steps 1-3 are necessary and sufficient. Nevertheless, in order to refine the recognition and selection of subscribers based on the reasons for making unwanted calls, the algorithm includes the right branch 4-6. It provides for the processing of EFR records received from external public web resources by technical means of the TCP / IP network.

The processing of this data includes:

4 EFR records - text data, which is a set of records - subscribers' responses to arbitrary incoming calls made by them. The set is represented by structured data for semantic analysis and the use of templates for identifying subscribers making unwanted calls for advertising or fraudulent purposes.

5 patterns - a set of keywords, patterns for searching for a substring in a string in order to find text belonging to the description of fraudulent behavior of the calling subscriber (fraud) and / or the description of behavior aimed at distributing advertising (spam).

6, the regex algorithm for searching for a substring in a string and the semantic algorithm of semantic analysis performs processing of EFR text data by keywords and emotional color. Like the signal processing algorithm 3, it can be implemented in an algorithmic programming language (Java) and / or a declarative programming language (Prolog), it can be based on machine learning methods and expert systems.

7 is the main analytics algorithm, which summarizes the processing results of stages 1-3, 4-6 and generates the subscriber attribute 8:

proper (trust) - a subscriber who does not make unwanted calls;

spammer (spam) - a subscriber making unwanted calls for advertising purposes;

fraud - a subscriber making unwanted calls for fraudulent purposes.

9 an algorithm for forming a subscriber profile and marking it with one of the features generated in steps 7.8.

The generated subscriber profiles WHC PROXY transmits via the SFTP protocol and agreed program interfaces to the intelligent antispam platform SCP ANTI SPAM (SFTP DATA Fig. 1a). All subsequent incoming calls with the caller ID (Calling) of the subscriber A that matches the spammer or fraudulent profile are recognized by the intelligent platform SCP ANTI SPAM (Fig.3a) or the SSP VMSC switching node (Fig.3b) as unwanted calls and routed to the IP VMS network node for the call is held on hold to generate NP revenue for the call, or is disconnected.

FIG. 3a, b illustrate a generalized dialogue of functional (network) nodes of the IN network within the framework of the method for recognizing a subscriber making unwanted calls and a method for processing it. In a first embodiment of FIG. 1a, a call diagram is shown involving an intelligent SCP ANTI SPAM equipped with a connection switching function SSF. The second embodiment of Fig. 3b does not provide for the integration of the intelligent SCP ANTI SPAM platform. In this embodiment, the routing of connections within the framework of the proposed method is performed by the SSP switching node.

In both embodiments, FIG. 3a, b WHC PROXY receives 1 HTTP EFR records from external web resources Ex DB and standard 2,3 CDR records of processed calls from network nodes SSP CSCF / VMSC and SCP PPS at a specified frequency. In real time, WHC PROXY receives the stream of events of the signaling network 4 MQ from the antispam platform SCP ANTI SPAM (Fig.3a), or a certain set of intelligent platforms SCP / AS VAS (Fig.3b).

WHC PROXY performs the algorithm of Fig. 2 on data arrays CDR, MQ, EFR processing (Fig. 3a, b), according to the results of which it profiles subscribers (Fig. 2, steps 8.9). At a given frequency, WHC PROXY exchanges 5 SFTP DATA subscriber profiles with the intelligent platform SCP ANTI SPAM (Fig. 3a).

3a, when SSP VMSC receives an INVITE request 6 (Calling A, Called A) to establish an incoming voice call on the VMSC SSP, T-CSI (Terminating CAMEL Subscription Information) is triggered for processing incoming calls trigger init. The trigger initiates the routing of an incoming call to the SCP ANTI SPAM address. In the IMS network, 7 INVITE (Calling A, Called A) call routing from the CSCF (SSP) to SCP ANTI SPAM is performed according to the IFC (Initial Filter Criteria) subscriber rule subscribed to the IMS spam call blocking service: IFC SCP ANTI SPAM.

SCP ANTI SPAM checks 8 CAP INITIAL DP on subscriber B's subscription to the unwanted call blocking service. In case of confirmation 9 APPLY CHARGING of the SCP ANTI SPAM subscription by the identifier of the caller Calling A, the subscriber checks the profile A verification for its belonging to the spam, fraud or trust profile. When a Calling A identifier matches a profile, a spam or fraud SCP ANTI SPAM routes the call to the IP VMS 10 INVITE (Calling A, Called A) network node to execute the SPAM FRAUD CHARGE script, which generates operator revenue for servicing an unwanted call by keeping an unwanted call on the connection for the maximum possible time tmax. IP VMS connects 11,200 OK, 12 ACK voice calls with calling subscriber A and launches computer analysis and natural language text synthesis logic with charging max startup voice audio interface to keep the call 13 VOICE PHASE on the connection as much as possible time tmax. The program logic executes call retention on the connection due to pre-recorded utterances that stimulate the interlocutor to answer until the 14 BYE message is received from him.

In a simple scenario, SPAM FRAUD BLOCK IP VMS performs simple blocking of a spam call by sending a 15 REL connection cancellation message to Calling A. When it detects that Calling A matches a profile with a trustworthy (trust) or does not match the SCP profiles, ANTI SPAM performs a standard 16 INVITE (Calling A, Called A) call connection in the TRUST CONNECT script.

3b, when SSP VMSC receives a 5 INVITE (Calling A, Called A) request to establish an incoming voice call, the VMSC SSP over the CAP protocol initiates a CAP INITIAL DP request 6 to the address of the billing platform SCP PPS with a description of the incoming connection-Calling A, Called В and others. The SSP PPS platform uses the HTTP protocol to address the intelligent platform WHC PROXY with a request for further processing 7 HTTP REQ ROUT INFO and a description of the incoming connection - Calling A, Called B, etc. WHC PROXY checks the profile of the caller Calling A subscriber profile A verification and responds with an 8 HTTP RESP ROUT INFO message, which instructs the switching node to execute one of the unwanted call handling scenarios:

SPAM FRAUD CHARGE - route the unwanted call to the address (SPC signal point code) of the IP VMS signaling point - message 9 SPC VMS, to keep the unwanted call on the connection in order to generate additional income for the NP operator for servicing the call (10-14) by analogy with Fig. 3а (10-14);

SPAM FRAUD BLOCK - block unwanted call 15.16 REL when Calling A identifier matches the spam or fraud profile;

TRUST CONNECT - continue the connection without changing the parameters 17 CONTINUE to connect with the called Called B subscriber 18 INVITE (Calling A, Called B), if WHC PROXY has determined Calling A as a proper subscriber (trust).

An implementation option without the participation of the intelligent SCP ANTI SPAM platform in those. In the form of Figs. 1b, 3b, it is more preferable since it does not imply routing of all calls to an intelligent platform or an application server AS. This implementation is limited to handling individual calls on the SSP that WHC ROXY has identified as unwanted. Unlike the implementation option in those. look with the integrated SCP ANTI SPAM platform, which provides for routing by the SSP switching node of all calls to SCP ANTI SPAM.

The proposed method for handling an unwanted call may include notifying subscriber A's homeNet about processed unwanted calls made without his participation via any switching channels: voice mail messages, SMS, PUSH notification. For a detailed report, the method can provide for the transfer of the decryption of the recognition dialogue on the IP VMS node to the messenger and / or the homeNet social network of subscriber A.

The technical effect of the above-disclosed method for recognizing a subscriber making unwanted calls and a method for handling unwanted calls, in contrast to the known prior art solutions, provides:

recognition of the subscriber making unwanted calls in automatic mode without the participation of the called (Called) subscriber;

improving the accuracy of recognizing a subscriber making unwanted calls due to the synergy of analysis of network events generated in the signaling CS network during processing of voice call connections and external public data of subscribers' responses to arbitrary incoming calls;

formation of the maximum possible data array for the application of the algorithm for recognizing a subscriber making unwanted calls by receiving in real time a stream of events about all calls made in the operator's signaling CS network - MQ and CDR records;

determining the necessary and sufficient list of features for recognizing a subscriber making unwanted calls applied to the data of the signaling CS network about processed voice calls;

selection of subscribers making unwanted calls based on behavior by processing external public data of subscribers' responses to arbitrary incoming calls;

generating additional revenue for the operator by connecting and keeping an unwanted call on the connection for the maximum possible time without the participation of the called (Called) subscriber.

The claimed method fits well into the network architecture of an IN network based on an intelligent VAS platform and into the network architecture of an IMS network based on a standard AS SIP server. The method has been tested by the applicant, provides the claimed technical result with a given reliability and meets the requirements of the quality of service QoS in cellular networks of GSM, IN, IMS standards.

Claims (13)

1. A method for recognizing a subscriber making unwanted calls, according to which the cellular operator generates records with data on voice calls made by subscribers in the cellular network for the period T, and applies to them an unwanted call recognition algorithm, characterized in that one part forms from the data of the signaling network, the other part of the records is formed from the data of external network resources, to the records formed from the data of the signaling network, it applies the algorithm for recognizing the subscriber making unwanted calls, which includes the signs of recognizing the subscriber making unwanted calls, and to the records generated from data from external network resources, uses a text analysis algorithm to recognize a subscriber making unwanted calls for advertising or fraudulent purposes. 2. A method for recognizing a subscriber making unwanted calls according to claim 1, characterized in that the voice call records generated from the signaling network data are CDR (Charging Data Records) records, records generated by the signaling network technical means in real time when processing messages from the SIP, ISUP call establishment protocols, and the CAP, MAP, RADIUS, DIAMETER authentication, authorization and audit protocols, and the signs of recognizing a subscriber making unwanted calls are: sign of the frequency of outgoing calls - the average number of outgoing calls in the time period T; sign of the interval of outgoing calls to different subscribers - the average period of time T between making two outgoing calls; sign of success for outgoing calls - the ratio of the number of connected outgoing calls to the total number of outgoing calls; sign of the average duration of an outgoing successful call - the average duration of outgoing successful calls; call termination reason attribute - the proportion of outgoing successful calls completed at the initiative of subscriber A; sign of redialing the number of outgoing calls - the proportion of outgoing calls made to the same subscriber; sign of enumeration of numbers of outgoing calls - the proportion of outgoing calls made by an ordered enumeration of the digits of the called number according to some rule or pattern; geolocation attribute - the proportion of outgoing calls served by the same SSP switching node. 3. A method for recognizing a subscriber making unwanted calls according to claim 1, characterized in that the voice call records generated from the data of external network resources are web resource data containing records of subscribers' complaints about calls made by them from arbitrary numbers, and the text analysis algorithm for recognizing a subscriber making unwanted calls for advertising or fraudulent purposes includes performing manipulations with substrings in the text according to the rules of semantic analysis and the rules of the formal language of regular expressions. 4. A method for handling an unwanted call, according to which a cellular operator at a switching node receives a signaling network message to establish an incoming voice call connection, by the caller ID determines whether the caller is making unwanted calls, the cellular operator defines an incoming voice call as unwanted and routes the unwanted call to the network node of intelligent peripherals, which implements the program logic of computer analysis and natural language text synthesis, which has a voice audio interface, and connects the unwanted call with the program logic of computer analysis and synthesis natural language texts having a voice audio interface of the intelligent peripheral network node. 5. A method for recognizing a spam call according to claim 4, characterized in that the connection of the incoming voice call is a message of the SIP, ISUP protocols, and the connection of an unwanted call with the program logic of computer analysis and synthesis of texts in natural languages having an audio interface of the network node of intelligent peripherals , is performed in order to keep the unwanted call on the connection for the maximum possible time.

Images