CN115022464A - Number processing method, system, computing device and storage medium - Google Patents

Abstract

The present application provides a number processing method, system, computing device, and storage medium. The method includes: acquiring a target number to be identified. Acquire the basic data of the target number, and the traffic detail data and call detail data of the target number within the first historical period. According to the basic data, the traffic detailed bill data and the call detailed bill data, a number identification model is used to obtain the identification probability of whether the target number is a fraudulent number. According to the identification probability, it is determined whether the target number is a fraudulent number. The present application can improve the efficiency and accuracy of fraud number identification.

Description

Number processing method, system, computing device, storage medium

technical field

The present application relates to communication technologies, and in particular, to a number processing method, system, computing device, and storage medium.

Background technique

At present, for the identification of fraudulent numbers, crowdsourcing is mostly adopted by Internet companies, using the security software installed on the terminal, and the user of the called number marks whether the calling number is a fraudulent number. Although this method can distinguish fraudulent numbers from ordinary numbers to a certain extent, before the fraudulent numbers are marked, there are often a large number of outgoing calls, and there may even be successful frauds, resulting in a lag in the identification of fraudulent numbers.

SUMMARY OF THE INVENTION

The present application provides a number processing method, system, computing device, and storage medium, which are used to solve the problem of hysteresis in the identification of fraudulent numbers.

In a first aspect, the present application provides a number processing method, the method comprising:

Get the target number to be identified;

Acquire the basic data of the target number, and the traffic detailed data and call detailed data of the target number within the first historical period;

According to the basic data, the traffic detailed bill data and the call detailed bill data, use a number identification model to obtain the identification probability of whether the target number is a fraudulent number;

According to the identification probability, it is determined whether the target number is a fraudulent number.

Optionally, the obtaining the target number to be identified includes:

Obtain the number of calls made by N numbers of the target area within the second historical period; the N is an integer greater than or equal to 1;

If there is a number whose number of outgoing calls is greater than the outgoing threshold in the N said numbers, the number is regarded as a candidate number; the outgoing threshold is related to the outgoing volume of fraudulent numbers in the target area;

The target number is determined from the candidate numbers.

Optionally, the determining the target number from the candidate numbers includes:

The candidate numbers that are not in the white list and the gray list are used as the target numbers; wherein, the white list is a list of non-fraud numbers, and the gray list is a list of candidate fraud numbers.

Optionally, the method according to claim 3, after determining whether the target number is a fraudulent number according to the identification probability, the method further comprises:

If it is determined that the target number is not a fraudulent number according to the identification probability, adding the target number to the white list;

If, according to the identification probability, it is determined that the target number may be a fraudulent number, adding the target number to the grey list;

If it is determined according to the identification probability that the target number is a fraudulent number, the target number is added to a blacklist; the blacklist is a list of fraudulent numbers.

Optionally, if the target number is a number in the grey list, the method further includes:

Send a prompt message that the target number is abnormal to the called number;

If the feedback result of the called number for the target number is received, and the feedback result is used to indicate whether the target number is a fraudulent number, record the feedback result of the target number;

If the cumulative feedback result of the target number indicates that the target number is not a fraudulent number, the target number is migrated from the gray list to the white list;

If the accumulated feedback result of the target number indicates that the target number is a fraudulent number, the target number is migrated from the gray list to the black list.

Optionally, if the target number is a number in the blacklist, the method further includes:

A blocking operation is performed on the target number.

Optionally, according to the basic data, the traffic detailed bill data and the call detailed bill data, using a number identification model to obtain the identification probability of whether the target number is a fraudulent number, including:

Perform data processing on the detailed flow data to obtain the processed detailed data;

Data cleaning is performed on the basic data and the processed traffic detailed data, and a first feature vector is constructed by using the cleaned basic data and the cleaned traffic detailed data;

Data cleaning is performed on the call detail data, and a second feature vector is constructed by using the cleaned call detail data;

According to the first feature vector and the second feature vector, use the number recognition model to obtain the identification probability of whether the target number is a fraudulent number;

Wherein, the number recognition model includes: a first sub-model constructed with a multilayer perceptron, a second sub-model constructed with a convolutional neural network, and a classification layer;

The first sub-model is used to obtain the first feature information of the target number according to the first feature vector;

the second sub-model, for obtaining second feature information according to the second feature vector;

The classification layer is configured to obtain the identification probability of whether the target number is a fraudulent number according to the first feature information and the second feature information.

In a second aspect, the present application provides a number processing system, the system comprising:

Real-time monitoring module: used to obtain the target number to be identified.

Data acquisition module: used to acquire the basic data of the target number, as well as the traffic detailed data and call detailed data of the target number within the first historical period.

Fraud detection module: It is used to obtain the identification probability of whether the target number is a fraudulent number by using the number recognition model according to the basic data, traffic detailed data and call detailed data. According to the identification probability, it is determined whether the target number is a fraudulent number.

In a third aspect, the present application provides an electronic device, the electronic device comprising: a processor, and a memory communicatively connected to the processor;

the memory stores computer-executable instructions;

The processor executes the computer-executable instructions stored in the memory to implement the method of any one of the first aspects.

In a fourth aspect, the present application provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, are used to implement any one of the first aspects. number processing method.

In a fifth aspect, the present application provides a computer program product, comprising a computer program that, when executed by a processor, implements the method according to any one of the first aspects.

The number processing method, system, computing device and storage medium provided by the present application can acquire the basic data of the acquired target number, the traffic detail data and the call detail data within the first historical period. Since the call detail data in the first historical duration includes information that can reflect the temporal correlation of historical calling behaviors of the target number, based on the acquired basic data of the target number, the data in the first historical duration Traffic detail data and call detail data can accurately identify whether the target number is a fraudulent number.

The above method does not depend on the user's marking of fraudulent numbers, and solves the problems of hysteresis and cumbersome operations of relying on users to mark fraudulent numbers. In addition, in this embodiment, the information that can reflect the temporal correlation of the historical calling behavior of the number is used as the judgment basis, which further improves the accuracy of identifying fraudulent numbers.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description serve to explain the principles of the application.

1 is a schematic structural diagram of a fraud number identification system 100 in an embodiment of the application;

FIG. 2 is a schematic diagram of an application scenario of a fraud number identification system 100 provided by an embodiment of the present application;

3 is a schematic diagram of an application scenario of another fraud number identification system 100 provided by an embodiment of the present application;

FIG. 4 is a schematic diagram of the hardware structure of the computing device 200 deployed with the fraud number identification system 100;

5 is a schematic flowchart of identifying a fraudulent number by a fraudulent number identification system according to an embodiment of the present application;

6 is a schematic flowchart of obtaining a target number to be identified by the fraud number identification system provided by the embodiment of the present application;

7 is a schematic flowchart of the identification probability of whether a target number is a fraudulent number obtained by the fraudulent number identification system provided by the embodiment of the present application using a number identification model;

8 is a schematic diagram of the overall structure of a number identification model provided by an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a multilayer perceptron model provided by an embodiment of the present application;

FIG. 10 is a schematic structural diagram of a convolutional neural network model provided by an embodiment of the present application.

Specific embodiments of the present application have been shown by the above-mentioned drawings, and will be described in more detail hereinafter. These drawings and written descriptions are not intended to limit the scope of the concepts of the present application in any way, but to illustrate the concepts of the present application to those skilled in the art by referring to specific embodiments.

Detailed ways

Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as recited in the appended claims.

Multilayer Perceptron (MLP): is a feedforward artificial neural network model that maps multiple input datasets to a single output dataset.

Convolutional Neural Network (CNN): It is a kind of feedforward neural network with convolution calculation and deep structure, which is one of the representative algorithms of deep learning. The advantage is that the convolution kernel creates a local field of view and perceives the spatial correlation of two-dimensional data, and can change the perceived field of view by adjusting the size and shape of the convolution kernel, thereby learning diverse high-dimensional features.

The existing methods for identifying fraudulent numbers mainly include the following:

Prior art 1:

Operators crowdsource the services related to fraudulent number identification to Internet companies, and Internet companies use security software to provide users with fraudulent number marking and prompting services. After the user installs the security software on the terminal, when the user receives a call from a suspected fraudulent number, the user can use the security software to label the number as a fraudulent number. In this way, any terminal that has installed the security software will display the label of the fraudulent number to serve as a reminder when receiving an incoming call from the marked number.

However, the above method requires the user to manually mark, and before the fraudulent number is marked, there are often a large number of outbound calls, and there may even be successful fraud. On the other hand, the marking of fraudulent numbers requires the participation and maintenance of the majority of users, which completely depends on the consciousness of users. Therefore, using the above method to identify fraudulent numbers has the problem of hysteresis and complicated operation.

Prior art 2:

Communication operators have proposed anti-fraud and anti-fraud methods that use data mining or machine learning technology to build anti-fraud models. This method uses the anti-fraud model constructed by traditional machine learning models (such as decision tree, xgboost, support vector machine, etc.), and can automatically identify whether the number is a fraudulent number based on the basic information and historical behavior of the number.

The input feature construction process of the anti-fraud model is generally data mining combined with experience to select the basic information of the number, and add the call behavior data/Internet traffic data after statistical processing.

Through the method of automatically identifying whether a number is a fraud number by the above-mentioned anti-fraud model, although the problems of hysteresis and complicated operation mentioned in the aforementioned prior art 1 can be avoided, the input feature of the above-mentioned anti-fraud model is artificially based on the history of the number. Behavioral screening analysis. That is, the input features of the above-mentioned anti-fraud model are all statistically significant information within a certain time interval. Information that can reflect the temporal correlation of the historical calling behavior of the number in the call behavior data is discarded from the information obtained by statistics. Therefore, the above method has the problem that the accuracy of judging the fraudulent number is low.

In view of this, the present application provides a method for identifying a fraudulent number, which can automatically and accurately identify whether the number is a fraudulent number in combination with information that can reflect the temporal correlation of historical calling behaviors of the number. It should be understood that the execution body of the method in this embodiment of the present application may be a fraud number identification system. The following is an introduction and description of the fraud number identification system:

FIG. 1 is a schematic structural diagram of a fraudulent number identification system 100 according to an embodiment of the present application. It should be understood that FIG. 1 is only a schematic diagram showing a structure of the fraudulent number identification system 100 , and the present application does not limit the division of the modules in the fraudulent number identification system 100 . As shown in FIG. 1 , the fraud number identification system 100 may include a real-time monitoring module 11 , a data acquisition module 12 , and a fraud detection module 13 . Optionally, the system may further include at least one of the following: a list maintenance module 14 , an intelligent anti-fraud module 15 , and a notification and interaction module 16 .

The function of each module in the fraudulent number identification system 100 is briefly described below:

The real-time monitoring module 11 is used to obtain the target number to be identified. As a possible implementation manner, the real-time monitoring module 11 is specifically configured to acquire the number of outgoing calls of the N numbers of the target area within the second historical time period. N is an integer greater than or equal to 1. If there is a number whose number of outgoing calls is greater than the outgoing threshold among the N numbers, the number is taken as a candidate number. The outgoing call threshold is related to the volume of outgoing fraudulent calls in the target area. For example, the real-time monitoring module 11 is specifically configured to determine the target number from the candidate numbers. The candidate numbers that are not in the whitelist and greylist are used as target numbers. Among them, the white list is the list of non-fraud numbers, and the grey list is the list of candidate fraud numbers.

The data acquisition module 12 is configured to acquire the basic data of the target number, as well as the traffic detailed data and the call detailed data of the target number within the first historical period.

The fraud detection module 13 is configured to obtain the identification probability of whether the target number is a fraudulent number by using the number identification model according to the basic data, the traffic detailed bill data and the call detailed bill data. According to the identification probability, it is determined whether the target number is a fraudulent number.

As a possible implementation manner, the fraud detection module 13 is specifically used for data processing of the traffic detailed data to obtain the processed traffic detailed data; data cleaning is performed on the basic data and the processed traffic detailed data, and the Use the cleaned basic data and the cleaned traffic detail data to construct a first feature vector; perform data cleaning on the call detail data, and use the cleaned call detail data to construct a second feature vector; according to the first feature The vector, and the second feature vector, use the number identification model to obtain the identification probability of whether the target number is a fraudulent number.

Wherein, the number recognition model includes: a first sub-model constructed by using a multi-layer perceptron, a second sub-model constructed by using a convolutional neural network, and a classification layer; the first sub-model is used to obtain the target according to the first feature vector. The first feature information of the number; the second submodel is used to obtain the second feature information according to the second feature vector; the classification layer is used to obtain whether the target number is a fraudulent number according to the first feature information and the second feature information recognition probability.

As a possible implementation manner, the list maintenance module 14 is configured to add the target number to the white list if it is determined according to the identification probability that the target number is not a fraudulent call. If it is determined that the target number may be a fraudulent call according to the identification probability, the target number is added to the grey list. If the target number is determined to be a fraudulent call according to the identification probability, the target number is added to the blacklist. A blacklist is a list of fraudulent numbers.

As a possible implementation manner, the intelligent anti-fraud module 15 is configured to perform a blocking operation on the target number if the target number is a number in the blacklist.

As a possible implementation manner, the notification and interaction module 16 is configured to send a prompt message that the target number is abnormal to the calling number of the target number if the target number is a number in the grey list. If the feedback result of the calling number for the target number is received, and the feedback result is used to indicate whether the target number is a fraudulent number, the feedback result of the target number is recorded. If the cumulative feedback result of the target number indicates that the target number is not a fraudulent number. Then the target number is migrated from the greylist to the whitelist. If the cumulative feedback result of the target number indicates that the target number is a fraudulent number, the target number is migrated from the grey list to the black list.

It should be noted that the division of each module of the fraud number identification system 100 shown in FIG. 1 is only an illustration, and the present application does not limit the division of each module and the name of each module.

FIG. 2 is a schematic diagram of an application scenario of a fraudulent number identification system 100 provided by an embodiment of the present application. As shown in FIG. 2 , in an embodiment, the fraudulent number identification system 100 may be fully deployed in a cloud environment. Cloud environment is an entity that utilizes basic resources to provide cloud services to users under the cloud computing model. The cloud environment includes cloud data centers and cloud service platforms. Cloud data centers include a large number of basic resources (including computing resources, storage resources, and network resources) owned by cloud service providers. The computing resources included in cloud data centers can be a large number of computing devices ( e.g. server). For example, taking the computing resource included in the cloud data center as a server running a virtual machine, the fraudulent number identification system 100 can be independently deployed on the server or virtual machine in the cloud data center, and the fraudulent number identification system 100 can also be distributed It is deployed on multiple servers in the cloud data center, or distributed on multiple virtual machines in the cloud data center, or distributed on servers and virtual machines in the cloud data center.

As shown in FIG. 2 , the fraudulent number identification system 100 can be abstracted into a fraudulent number identification service by the cloud service provider on the cloud service platform, for example, and provided to the user. Settlement is performed according to the usage of the final resource), the cloud environment provides fraudulent number recognition services to users by using the fraudulent number identification system 100 deployed in the cloud data center. When using the fraudulent number identification service, the user can specify the number that needs to be recognized by the fraudulent number recognition system 100 through an application program interface (API) or a graphical interface (Graphics UserInterface, GUI). The fraudulent number recognition system in the cloud environment 100 can perform the operation of identifying the number, and the fraud number identification system 100 returns the identification result to the user through API or GUI, and can adopt different processing methods for the target number according to different identification results, or call other systems to the target number. Carry out corresponding processing.

FIG. 3 is a schematic diagram of an application scenario of another fraudulent number identification system 100 provided by an embodiment of the present application. The deployment of the fraudulent number identification system 100 provided by the embodiment of the present application is relatively flexible. As shown in FIG. 3 , in another embodiment , the fraudulent number identification system 100 provided by the embodiment of the present application may also be deployed in different environments in a distributed manner. The fraudulent number identification system 100 provided by the present application can be logically divided into multiple parts, and each part has different functions. Each part of the fraud number identification system 100 can be deployed in any two or three of the terminal computing device (located on the user side), the edge environment and the cloud environment, respectively. The terminal computing device on the user side may include, for example, at least one of the following: a terminal server, a smart phone, a notebook computer, a tablet computer, a personal desktop computer, and the like. The edge environment is an environment including a set of edge computing devices close to the terminal computing device, and the edge computing devices include: edge servers, edge small stations with computing power, and the like. Various parts of the fraudulent number recognition system 100 deployed in different environments or devices cooperate to realize the function of providing fraudulent number recognition for users. It should be understood that the embodiments of the present application do not restrictively divide which parts of the fraud number identification system 100 are deployed in what environment. Adaptive deployment to specific application requirements. FIG. 3 is a schematic diagram of an application scenario in which the fraudulent number identification system 100 is deployed in an edge environment and a cloud environment as an example.

The fraudulent number identification system 100 can also be deployed separately on a computing device in any environment (eg, deployed separately on an edge server in an edge environment). FIG. 4 is a schematic diagram of the hardware structure of the computing device 200 in which the fraudulent number identification system 100 is deployed. The computing device 200 shown in FIG. 4 includes a memory 201 , a processor 202 , and a communication interface 203 . The memory 201, the processor 202, and the communication interface 203 are communicatively connected to each other. For example, the memory 201, the processor 202, and the communication interface 203 can be connected by a network to realize the communication connection. Alternatively, the computing device 200 described above may also include a bus 204 . The memory 201 , the processor 202 , and the communication interface 203 are connected to each other through the bus 204 for communication. FIG. 4 shows a computing device 200 in which the memory 201 , the processor 202 , and the communication interface 203 are connected to each other through the bus 204 for communication.

The memory 201 may be a read only memory (Read Only Memory, ROM), a static storage device, a dynamic storage device, or a random access memory (Random Access Memory, RAM). The memory 201 may store a program, and when the program stored in the memory 201 is executed by the processor 202, the processor 202 and the communication interface 203 are used to execute the method of the fraudulent number identification system 100 for identifying fraudulent numbers. The memory may also store data required by the fraudulent number identification system 100 to identify fraudulent numbers, such as basic data of the target number, traffic detail data, and call detail data, and the like.

The processor 202 may adopt a general-purpose central processing unit (Central Processing Unit, CPU), a microprocessor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a graphics processing unit (graphics processing unit, GPU), or one or more integrated circuit.

The processor 202 can also be an integrated circuit chip with signal processing capability. In the implementation process, the functions of the fraud number identification system 100 of the present application may be implemented by hardware integrated logic circuits in the processor 202 or instructions in the form of software. The above-mentioned processor 202 may also be a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), an off-the-shelf programmable gate array (fieldprogrammable gate array, FPGA) or other programmable logic devices, discrete Gate or transistor logic devices and discrete hardware components can implement or execute the methods, steps and logic block diagrams disclosed in the following embodiments of the present application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the methods disclosed in conjunction with the following embodiments of the present application can be directly embodied as executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory 201, and the processor 202 reads the information in the memory 201, and completes the functions of the fraudulent number identification system 100 of the embodiment of the present application in combination with its hardware.

The communication interface 203 uses a transceiver module such as, but not limited to, a transceiver to enable communication between the computing device 200 and other devices or a communication network. For example, the data set can be obtained through the communication interface 203 .

When the computing device 200 described above includes a bus 204, the bus 204 may include a pathway for communicating information between the various components of the computing device 200 (eg, memory 201, processor 202, communication interface 203).

The following takes the fraudulent number identification system as an example to describe how to identify whether the target number is a fraudulent number. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments. The embodiments of the present application will be described below with reference to the accompanying drawings.

FIG. 5 is a schematic flowchart of identifying fraudulent numbers by a fraudulent number identification system provided by an embodiment of the present application. As shown in FIG. 5 , the method includes:

S101. Acquire a target number to be identified.

For example, the fraudulent number identification system may receive the target number, or a number determined from a plurality of numbers received. The above-mentioned receiving may be, for example, input by a user or sent by a communication operator system.

S102. Acquire basic data of the target number, as well as traffic detailed data and call detailed data of the target number within the first historical period.

For example, the fraudulent number identification system may obtain the basic data of the target number, as well as the traffic detail data and the call detail data of the target number within the first historical period, from the communication operator system.

The above basic data is used to represent the basic information of the target number, for example, it may include one or more of product code, product tariff, customer type, home city, network access channel, network access time, and call balance.

The traffic detailed list above is used to characterize the traffic usage of the target number in the first historical period, for example, it may include the number of traffic used by the target number every day in the first historical period, the time of using the traffic, and the application program (Application Program) that generates the traffic consumption. , APP) etc.

The above-mentioned call detail data is used to represent the call situation of the target number within the first historical time period. The call detail list data may include multiple call detail lists of the target number within the first historical period. A call detail list may include, for example, call time, call duration, call type, local call location, other party's home location, call type, cell number, base station number, cell number, terminal serial number, service type, call cost data, etc. one or more.

By analyzing the call details generated by the target number at different call times, the time-dependent characteristics of the call of the target number can be obtained. The time correlation feature is used to characterize the time characteristic of the call of the target number, for example, the time characteristic may be the call time characteristic of the target number, or the call duration characteristic of the target number, or the call interval characteristic of the target number. Scam numbers have their own characteristics in terms of call time and call duration. Therefore, whether the number is a fraudulent number can be accurately identified by means of the time correlation.

The above-mentioned first historical duration may be one month or one day. This application does not limit this. The first historical time period may be a historical time period with the current moment as the deadline, or may be a preset historical time period that satisfies the first historical time period, or the like.

S103 , according to the basic data, the traffic detailed bill data, and the call detailed bill data, using a number identification model to obtain the identification probability of whether the target number is a fraudulent number.

After obtaining the basic data, traffic detail data and call detail data of the target number, the fraud number recognition system can directly input the three data into the number recognition model to obtain the recognition probability of whether the target number is a fraud number.

Alternatively, after obtaining the basic data, traffic detail data and call detail data of the target number, the fraud number identification system can also identify the basic data, traffic detail data and call data according to the format of the input data required by the number identification model. At least one of the detailed bill data is preprocessed to obtain data satisfying the input data format. Then, the data satisfying the input data format is input into the number identification model to obtain the identification probability of whether the target number is a fraudulent number. The above-mentioned preprocessing may include, for example, data processing and/or data cleaning.

It should be understood that whether to process the basic data, traffic detailed data and call detailed data, and what kind of processing is performed is related to the format of the input data required by the number recognition model, or, in other words, it is related to the training process of the number recognition model. It is related to the data format used in , and will not be repeated here.

This application does not limit the above-mentioned number recognition model, for example, it may be any model with a binary classification function.

The above identification probability is used to determine whether the target number is a fraudulent number. The output result may include: the probability that the target number is a fraudulent number, or the probability that the target number is not a fraudulent number, or both the probability that the target number is a fraudulent number and the probability that the target number is not a fraudulent number. When two probabilities are included, the sum of the two probabilities may be equal to a preset value, and the preset value may be 1, for example.

Exemplarily, if the above identification probability is used to represent the probability that the target number is a fraudulent number, the value of the identification probability and the possibility that the target number is a fraudulent number may be positively correlated or negatively correlated. Taking positive correlation as an example, that is, the larger the value of the recognition probability, the higher the possibility that the target number is a fraudulent number.

S104. Determine whether the target number is a fraudulent number according to the identification probability.

Taking the probability that the target number is a fraudulent number to determine whether the target number is a fraudulent number as an example, the fraudulent number recognition system can set one or more recognition probability thresholds, and compare the recognition probability obtained from the number recognition model with the above recognition probability thresholds, To determine whether the target number is a fraudulent number. Exemplarily, the fraudulent number identification system is provided with a first identification probability threshold and a second identification probability threshold. Wherein, the first recognition probability threshold is greater than the second recognition probability threshold. Exemplarily, the first recognition probability threshold may be 80%, and the second recognition probability threshold may be 40%.

In this implementation, when the recognition probability of the target number is greater than the first recognition probability threshold, the target number is determined to be a fraudulent number; when the recognition probability of the target number is greater than the second recognition probability threshold and less than or equal to the first recognition probability threshold, Then it is determined that the target number may be a fraudulent number; when the recognition probability of the target number is less than or equal to the second recognition probability threshold, it is determined that the target number is not a fraudulent number.

In the number processing method provided in this embodiment, the fraudulent number identification system can acquire the acquired basic data of the target number, the traffic detail data and the call detail data within the first historical period. Since the call detail data in the first historical duration includes information that can reflect the temporal correlation of historical calling behaviors of the target number, based on the acquired basic data of the target number, the data in the first historical duration Traffic detail data and call detail data can accurately identify whether the target number is a fraudulent number.

The above method does not depend on the user's marking of fraudulent numbers, and solves the problems of hysteresis and cumbersome operations of relying on users to mark fraudulent numbers. In addition, in this embodiment, the information that can reflect the temporal correlation of the historical calling behavior of the number is used as the judgment basis, which further improves the accuracy of identifying fraudulent numbers.

The following is an example to illustrate the acquisition of the target number to be identified by the fraudulent number identification system in the above step S101. FIG. 6 is a schematic flowchart of a fraudulent number identification system acquiring a target number to be identified. As shown in FIG. 6, as a possible implementation manner, the above step S101 may include the following steps:

S201. Acquire the number of outgoing calls of the N numbers of the target area within the second historical time period.

For example, the fraudulent number identification system may acquire the number of outgoing calls of the N numbers within the second historical time period from the communication operator system. The above N is an integer greater than or equal to 1, and the N numbers may be all numbers under the coverage of the target area, or may be part of the numbers.

The above-mentioned target area may be any area to be identified, and the size of the area is specifically related to the division method of the area. The area may be an administratively divided area, or an area customized according to the actual needs of the user. For example, the target area may be any of a country, a province, a city, a county, a certain cell, a service area of a certain base station, and the like.

The above-mentioned second historical duration may be one month or one day. This application does not limit this. The second historical time period may be a historical time period with the current moment as the deadline, or may be a preset historical time period that satisfies the second historical time period, or the like. The first history duration and the second history duration may be the same or different.

S202. If there is a number whose number of outgoing calls is greater than the outgoing threshold among the N numbers, use the number as a candidate number.

The above-mentioned outgoing threshold may be a preset fixed value. Alternatively, the above-mentioned outgoing threshold is related to the outgoing volume of fraudulent numbers in the target area. That is, the outgoing call threshold of the target area will change with the change of the call volume of fraudulent numbers in the target area. For example, the larger the outgoing volume of fraudulent numbers, the smaller the outgoing threshold. The above-mentioned outgoing volume of fraudulent numbers in the target area may be the outgoing volume in the second historical period, the outgoing volume in other historical durations, or the accumulated outgoing volume up to the present.

Taking the above-mentioned outgoing threshold value related to the outgoing volume of fraudulent numbers in the target area as an example, exemplarily, the preset outgoing reference threshold may be adjusted according to the outgoing volume of fraudulent numbers in the target area to obtain the outgoing threshold of the target area, for example, Use the following formula:

Target area outgoing threshold = outgoing threshold × e^(- percentage of outgoing calls from fraudulent numbers in the target area)

Among them, the proportion of outgoing fraudulent numbers in the target area is equal to the ratio of the outgoing fraudulent numbers in the target area to the outgoing fraudulent numbers in all areas.

It should be understood that the fraudulent number identification system can use the above method to adjust the call threshold of the target area, and can also use the above method to adjust the call threshold of the target area when the target area meets the preset conditions. The preset condition may be, for example, that the outgoing number of fraudulent numbers in the target area ranks before the preset sorting position in the outgoing number of fraudulent numbers in all areas.

Exemplarily, the fraudulent number identification system may first determine the order of the fraudulent number outgoing volume of the target area among the fraudulent number outgoing volume of all areas. The ranking position of the number belongs to the preset ranking position (for example, the top 5), then the preset calling threshold can be adjusted according to the call volume of fraudulent numbers in the target area to obtain the calling threshold of the target area. If the ranking position of the outgoing volume of fraudulent numbers in the target area is located after the preset position, the preset outgoing reference threshold may be used as the outgoing threshold of the target area.

Through this method of obtaining the outgoing call threshold, it is possible to flexibly adjust the outgoing threshold of the target area based on the outgoing volume of fraudulent numbers in the target area, so that the numbers in the target area can be screened with a more accurate outgoing threshold.

S203. Determine the target number from the candidate numbers.

For example, the candidate number can be used as the target number, so that the target number can be identified by using the method embodiment corresponding to FIG. 5 above. For another example, if the fraudulent number identification system is provided with a list database, the list database may include, for example, a white list, a black list, and a gray list. Then, the fraud number identification system can further combine the list database to determine the target number from the candidate numbers.

The numbers in the white list are all non-fraud numbers, the numbers in the black list are all fraud numbers, and the numbers in the grey list are all numbers that may be fraudulent numbers.

After the fraud number identification system determines the candidate number, it can be judged whether it is in the three lists. If the candidate number is not in any list, the candidate number is determined as the target number, and if the candidate number is in any list, the candidate number is determined as the identity of the number represented by the list. Optionally, if the number in the blacklist is blocked in history, in this implementation mode, it is not necessary to judge whether the candidate number is in the blacklist, and the candidate number is judged only based on the whitelist and the greylist. That is, the candidate numbers that are not in the white list and grey list are used as target numbers.

Exemplarily, the fraudulent number identification system may scan the whitelist first. If the candidate number belongs to the whitelist, it means that the candidate number is not a fraudulent number. Therefore, it is not necessary to use the method embodiment corresponding to FIG. 5 to identify it, and the process ends. If the candidate number does not belong to the white list, continue to scan the gray list. If the candidate number belongs to the grey list, it means that the candidate number may be a fraudulent number. Therefore, it does not need to be identified either. If the candidate number does not belong to the grey list, it means that the fraud number identification system has not clearly defined the candidate number, and it needs to be identified by the system. Therefore, the candidate number needs to be determined as the target number and put into the identification shown in Figure 5. in the process.

The numbers included in each list in the above-mentioned list database may be preset, or may be identified and determined in the history of the fraudulent number system using the method embodiment corresponding to FIG. 5 above, or may include both preset and The system history is identified and determined by using the method embodiment corresponding to FIG. 5 above. The numbers preset into the white list may be numbers used by some specific industry personnel whose calling behavior characteristics obtained from the communication operator system may be identified as fraudulent numbers. For example, express delivery industry, food delivery industry, etc.

Through the list library, the candidate numbers can be screened for a second time, and finally the candidate numbers that have not been recognized by the number recognition model can be selected as the target numbers. In this way, repeated judgment of the same number can be avoided, unnecessary waste of resources can be reduced, and the identification efficiency of the system can also be improved.

In the method for identifying a target number provided in this embodiment, since fraudulent numbers frequently call out numbers, the number of outgoing numbers can intuitively reflect the possibility of whether the corresponding number is a fraudulent number. Based on this feature, this embodiment makes a preliminary judgment on whether the acquired number is a fraudulent number based on the number of outgoing numbers, so as to eliminate the number that obviously does not have the characteristics of a fraudulent number. The waste of computing power resources caused by the identification, on the other hand, also improves the identification efficiency of the fraudulent number by the fraudulent number recognition system.

The following will describe how the fraud number recognition system obtains the recognition probability of whether the target number is a fraud number.

FIG. 7 is a schematic flow chart of obtaining the identification probability of whether a target number is a fraudulent number by the fraudulent number identification system provided by the embodiment of the present application. As shown in FIG. 7 , the foregoing step S103 may, for example, include the following steps:

S301. Perform data processing on the data of the detailed flow sheet to obtain the detailed data of the flow after processing.

The data processing performed by the fraudulent number identification system on the traffic detailed data may be, for example, one or more of operations such as data extraction, data conversion, and data calculation.

Exemplarily, the fraudulent number identification system may determine the number of traffic used by the target number in the original traffic detail data in the first historical period of time, the time of using the traffic, the application (Application, APP) that generates traffic consumption, etc. Perform data processing to obtain the average daily traffic usage in the first historical period (for example, it can be expressed as the average daily traffic usage in this month), and one or more time periods with the most traffic in the first historical period (for example, it can be represented as traffic usage time period), and one or more APPs with the most data consumption in the first historical time period (for example, it can be expressed as a data usage APP), etc. Then, a subsequent fraud number identification operation is performed based on the data obtained after data processing.

S302. Perform data cleaning on the basic data and the processed traffic detail data, and use the cleaned basic data and the cleaned traffic detail data to construct a first feature vector; perform data cleaning on the call detail data, and use The cleaned call detail data is used to construct a second feature vector.

The above data cleaning is used to convert the acquired basic data, traffic detailed data and call detailed data into the data representation required by the fraud number identification system.

For example, the fraudulent number identification system can convert the basic data, traffic detail data, and date data (eg, call time, network access time) in the basic data, traffic details, and call details into the form of a date array required by the fraudulent number identification system. Exemplarily, the fraudulent number identification system can convert the call time represented by date data into a date array by using regular matching. Then, get the week information of the current date, represented by numbers 0-6. Eliminate the information of the year and month in the date array that has no effect on the fraud number identification system to identify fraud numbers, and only retain the day, hour, minute, and second. Finally, combine the week, day, hour, minute, and second of the date to form a date array that meets the requirements of this application. For example, the date data whose call time is "2021-10-01 01:00:00" can finally be represented as a date array of (1, 1, 0, 0, 5).

In addition, for different date-type data, the data needs to be eliminated according to actual needs. For example, the network access time data can exclude information such as hours, minutes, and seconds that have no effect on the fraud number identification system to identify fraud numbers, and only retain valid information such as year, month, and day.

The fraud number identification system can convert strings into numbers by re-encoding the strings in the underlying data, traffic detail data and call detail bills. For example, the character string representing the area, such as the home city, the local call place, the other party's home place, etc., can be converted into the area code corresponding to the area. Exemplarily, "Beijing" can be represented by "010", "Shenzhen" can be represented by "0755", and "Guangzhou" can be represented by "020". "Calling", "Called", etc. in the call type can be represented by 0 and 1, respectively. For traffic usage APPs, they may be numbered sequentially from 0, for example, short video APP1 may be numbered as "0", online shopping APP2 may be numbered as "2", and so on. The data in the form of strings, such as customer type, network access channel, business type, etc., can be cleaned by sequentially numbering the data content from 0. In this application, the serial number value of the string after cleaning can be set according to actual needs, which is not limited here.

Due to the large differences in the usage of traffic data by different users, some may be only a few KB, and some may be hundreds of GB, and the numerical value range is very wide. The above-mentioned representation of traffic data is not very friendly to the number recognition model in the fraud number recognition system, and it is more likely to increase the possibility of errors in the model, and an excessively long number representation will occupy more computing resources of the model.

For example, the fraud number identification system can use the method of converting the traffic data in scientific notation to realize the cleaning of the traffic detailed data. Exemplarily, it is assumed that the original traffic data is 1000KB, which can be expressed as (1.0, 3) after data cleaning. The first number in the array represents the basic data of the traffic, and the reservation of the significant number can be set according to actual needs, for example, it can be 2, which is not limited in this application. The second number in the array is a power of 10. Among them, the power can only be a multiple of 3 to facilitate the representation and calculation of the flow, and can also be set according to actual needs. Exemplarily, the original traffic data is 50,101,000KB, which can be expressed as (50,6) after data cleaning.

Some data, such as product code, terminal serial number, etc., often have more data digits, such as 88888888. At the same time, the customer type only needs to enumerate 0 and 1, and the difference is huge. This difference may affect the training speed and fit of the number recognition model, or even cause the model to fail to converge. Moreover, the meaning of these data itself has no effect on the identification of fraudulent numbers. The fraudulent number identification system only needs to be able to identify products or terminals based on the corresponding data in fields such as product codes and terminal serial numbers. Therefore, the excessively long data form is harmful and unhelpful for the fraud number identification system to identify fraud numbers.

Exemplarily, the fraudulent number identification system may renumber data such as product codes and terminal serial numbers by establishing a mapping. For example, the fraudulent number identification system may number the terminal serial number of the first target number obtained as 1, the terminal serial number of the second target number as 2, and so on, and save the corresponding mapping relationship. When the system obtains the same terminal serial number, it can directly match the corresponding serial number according to the previously established mapping relationship to realize data cleaning of the terminal serial number.

The above-mentioned basic data, traffic detailed bill data, and call detailed bill data can all be cleaned according to the above method according to actual needs.

Exemplarily, this embodiment provides basic data before and after cleaning a number, traffic detail data, and a call detail data of the number, as shown in Table 1 and Table 2, respectively, to facilitate understanding of this embodiment.

Table 1

Table 2

Taking the cleaned basic data and traffic detailed data in Table 1 as an example, the constructed first feature vector can be, for example, (1, 18.0, 0, 020, 510, 2021, 10, 1, 10.0, 112, 3 , 15, 16, 10, 0, 11, 14), a total of 17 eigenvector values.

The second feature vector is composed of multiple pieces of call detail data after cleaning. Exemplarily, the fraudulent number identification system can obtain 1024 call details of the target number in the past 30 days, and then perform data cleaning on them. Taking Table 2 as an example, the feature vector constructed from each call detail list after cleaning can be, for example, (1, 10, 30, 6, 5, 20, 0, 020, 0755, 1, 119, 119, 9472, 50 , 1, 0), a total of 16 eigenvector values. The final 1024 call details form a 1024×16 eigenvector matrix, that is, the second eigenvector is a 1024×16 eigenvector matrix.

The above-mentioned first feature vector and second feature vector are used as input items of the number recognition model.

S303. According to the first feature vector and the second feature vector, use a number identification model to obtain the identification probability of whether the target number is a fraudulent number.

Wherein, the number recognition model may include: a first sub-model constructed by using a multi-layer perceptron, a second sub-model constructed by using a convolutional neural network, and a classification layer.

The first sub-model is used to obtain the first feature information of the target number according to the first feature vector; the second sub-model is used to obtain the second feature information according to the second feature vector; the classification layer is used to obtain the second feature information according to the first feature information, and the second feature information, to obtain the identification probability of whether the target number is a fraudulent number.

In addition to the multilayer perceptron and the convolutional neural network, the above-mentioned first sub-model and second sub-model may also be other devices that can obtain corresponding first and second feature information according to the first feature vector and the second feature vector. machine learning algorithms or voting mechanisms. The functions of the above classification layer can also be implemented using a classification sub-model, such as a softmax model or a sigmoid model. In this implementation manner, the above-mentioned number recognition model may include a first sub-model, a second sub-model, and a classification sub-model.

Taking the classification layer as the softmax layer as an example, FIG. 8 is a schematic diagram of the overall structure of a number recognition model provided by an embodiment of the present application. As shown in Figure 8, the fraud number identification system inputs the first feature vector and the second feature vector into the multilayer perceptron and the convolutional neural network respectively. a feature information and a second feature information. Here, the dimensions of the feature information output by the multilayer perceptron and the convolutional neural network can be the same or different, and can be set according to actual needs.

Then, a 1×8 feature vector constructed from the first feature information and the second feature information is input to the softmax layer. After processing by the softmax layer, the final output is the identification probability of whether the target number is a fraudulent number. Here, based on the characteristics of the softmax model, the final output of the recognition probability is represented by two values, which are the probability of "0" and the probability of "1", and the sum of the two probabilities is 1. Among them, "0" represents a normal number, and "1" represents a fraudulent number.

FIG. 9 is a schematic structural diagram of a multi-layer perceptron model provided by an embodiment of the present application. As shown in Figure 9, the multilayer perceptron model may include an input layer, a hidden layer and an output layer. Among them, there are 17 neurons in the input layer, 8 neurons in the hidden layer, and 4 neurons in the output layer. Setting 17 neurons in the input layer means that the first eigenvector input by the fraud number recognition system to the multilayer perceptron contains 17 eigenvector values. The output layer outputs the first feature information of the target number obtained according to the first feature vector. The activation function can use the ReLU function. The number of neurons in the above-mentioned layers can be set according to actual application requirements, which is not limited in this application.

FIG. 10 is a schematic structural diagram of a convolutional neural network model provided by an embodiment of the present application. As shown in Figure 10, the convolutional neural network model can be divided into 12 layers, and the convolution kernel step size can be 1. The first feature vector that the fraudulent number identification system will input to the convolutional neural network can contain 16 feature vector values, and the fraudulent number identification system only obtains the data of 1024 call details in the last 30 days. Correspondingly, the input feature dimension of the convolution structure provided in this embodiment may be 16×1024. Among them, the part with insufficient call details can be filled with zeros. Taking the second feature vector of 16×1024 as the input during model training as an example, if the specific use of the model, if the number of call details obtained by the fraud number identification system for the target number in the last 30 days is less than 1024, then the construction In the process of the above-mentioned second feature vector, the insufficient feature vector value is filled with zeros, and then the second feature vector after zero-filling processing is input into the convolutional neural network for processing.

For example, each layer can perform the following operations:

①Convolution kernels of 3×3×2, 5×5×2, and 7×7×2 are used to convolve the 16×1024 detailed speech lists, and the convolution results are all 16×1024×2.

② Superimpose the output results of each convolution kernel in the above ① in the third dimension, and the output dimension is 16×1024×6.

③ For the output of ②, a 3×3×32 convolution kernel is used, and the output dimension is 16×1024×32.

④ For the output of ③, a 2×2 max pooling layer is used, and the output dimension is 8×512×32.

⑤ For the output of ④, a 3×3×64 convolution kernel is used, and the output dimension is 8×512×64.

⑥ For the output of ⑤, a 2×2 max pooling layer is used, and the output dimension is 4×256×64.

⑦ For the output of ⑥, a 3×3×128 convolution kernel is used, and the output dimension is 4×256×128.

⑧ For the output of ⑦, a 2×2 max pooling layer is used, and the output dimension is 2×128×128.

⑨ For the output of ⑧, a fully connected layer is used after flattening, and the output dimension is 1×4096.

⑩ For the output of ⑨, a fully connected layer is used, and the output dimension is 1×1000.

对于⑩的输出，采用全连接层，输出维度为1×128。

For the output of ⑩, a fully connected layer is used, and the output dimension is 1×128.

对于

的输出，采用全连接层，输出维度为1×4。

for

The output of , using a fully connected layer, the output dimension is 1 × 4.

The output of the 12th layer is the second feature information of the target number obtained according to the second feature vector.

The parameters of the above-mentioned convolutional neural network model can be set according to actual requirements, which are not limited in this application.

In the number processing method provided by this embodiment, the fraudulent number identification system performs data cleaning on the above data in the process of obtaining the probability of whether the target number is a fraudulent number by using basic data, traffic detail data and call detail data. Through data cleaning, the above data is converted into a representation that meets the requirements of the number recognition model, and the useless data that is not helpful for identifying fraudulent numbers is eliminated. At the same time, the excessively long number string is converted into a shorter number string representation, which not only saves money The computing power resources of the number recognition model are improved, the recognition efficiency is also improved, and the possibility of errors in the working process of the model is reduced. In addition, in this embodiment, a multi-layer perceptron is used to learn the first feature vector composed of the basic data and the processed traffic detail data, and a convolutional neural network is used to learn the second feature vector composed of the call detail data that expresses the temporal correlation feature. The feature vector is learned, and finally the softmax layer is used to perform binary classification processing on the results obtained from the multi-layer perceptron and the convolutional neural network, and finally the recognition probability of whether the target number is a fraudulent number is obtained. In this embodiment, different models are used to learn data with different characteristics, which fully utilizes the roles of different deep learning models in different scenarios, and further improves the accuracy of identifying fraudulent numbers by the fraudulent number identification system.

In the following embodiment, based on the situation that the fraud number identification system is provided with a white list, a black list and a gray list, the detailed follow-up processing of the target number after obtaining the identification probability of whether the target number is a fraud number by the fraud number identification system Be explained:

Case 1: According to the identification probability, determine that the target number is not a fraudulent number.

After identifying the number as a non-scam number, the target number can be added to the whitelist. Subsequently, if the fraudulent number identification system captures the target number again, by scanning the whitelist, it can be directly confirmed that the target number is not a fraudulent number, which avoids repeated detection of non-fraudulent numbers and reduces the waste of computing resources.

Case 2: According to the identification probability, it is determined that the target number may be a fraudulent number.

If it is impossible to determine whether the target number is a fraudulent number or a non-fraudulent number according to the number recognition probability, it is determined that the target number may be a fraudulent number, and the target number can be added to the grey list.

The fraudulent number identification system can directly send the prompt information of the abnormal target number to the called number, and receive the feedback of the called number. Alternatively, the fraudulent number identification system may call another system to send a prompt message that the target number is abnormal, and then, after receiving the feedback from the called number, the other system sends the feedback to the fraudulent number identification system. The other systems mentioned above may be, for example, communication operator systems.

Take the fraudulent number identification system as an example to send a prompt message that the target number is abnormal to the called number in the grey list. The prompt information may be in the form of a short message, a voice call, or a form of sending prompt information through system software, for example, sending prompt information through system software provided by an operator.

Optionally, the above prompt information may further include information prompting the called number to send feedback to the system. Exemplarily, the above prompt information may prompt the called number to send 0 or 1 to the system. Among them, 0 is used to indicate that the above target number is a non-fraud number, and 1 is used to indicate that the above target number is a fraud number. The manner in which the above-mentioned called number sends feedback to the system, for example, may be through a short message, or through a voice, and may also reply based on the system software provided by the operator.

If the fraudulent number identification system receives the feedback result of the called number, and the feedback result is used to indicate whether the target number is a fraudulent number, indicating that the feedback of the called number is helpful for the fraudulent number identification system to identify whether the target number is a fraudulent number, record the target number. Number of feedback results.

If the accumulated feedback result of the target number indicates that the target number is not a fraudulent number, the target number is migrated from the grey list to the white list.

If the accumulated feedback result of the target number indicates that the target number is a fraudulent number, the target number is migrated from the grey list to the black list.

There may be various methods for determining whether the target number is a fraudulent number through the accumulated feedback results. For example, the fraudulent number identification system may be configured to determine whether the target number is a fraudulent number or not if the number of feedbacks indicating that the target number is or is not a fraudulent number exceeds a preset feedback threshold as a result of the feedback. The foregoing feedback threshold may be set according to actual requirements, for example, it may be 10, which is not limited in this application.

Alternatively, the fraudulent number identification system may be configured to determine whether the target number is a fraudulent number or not when the ratio of the number of target numbers that are fraudulent numbers to those that are not fraudulent numbers reaches a preset ratio threshold. The foregoing feedback threshold and ratio threshold may be set according to actual requirements, for example, the ratio threshold may be 4:1, which is not limited in this application.

The fraudulent number identification system may also combine the feedback thresholds and proportional thresholds described above to determine whether the target number is or is not a fraudulent number. For example, it can be set that when the feedback threshold is 10, the corresponding ratio threshold is 4:1.

In case 2, the fraudulent number identification system uses the greylist to store the target numbers that may be fraudulent numbers, and sends a prompt message that the target number is abnormal to the called number in the greylist, and receives feedback from the called number. to further determine whether the target number is a fraudulent number. Through the above operations, the fraudulent number identification system can reconfirm the target number of the suspected fraudulent number, instead of simply judging the identification probability given by the number recognition model. In this way, the accuracy of identifying fraudulent numbers can be improved, the possibility of mistakenly blocking normal numbers can be reduced, and the omission of fraudulent numbers can also be avoided.

Case 3: According to the identification probability, the target number is determined to be a fraudulent number.

After identifying the number as a non-scam number, the target number can be added to the blacklist. The blacklist is a list of fraudulent numbers.

Optionally, after the target number is added to the blacklist, a blocking operation can also be performed on the target number in the blacklist.

As a possible implementation, the fraudulent number identification system can directly block the target number in the blacklist. For example, the fraud number identification system has the function of blocking the target number in the blacklist. Alternatively, the fraudulent number identification system can call other systems to block the target numbers in the blacklist. The other systems mentioned above may be, for example, the systems of communication operators. Exemplarily, the fraudulent number identification system may mark the target number in the blacklist in the operator's database, for example, may mark the status of the target number in the operator's database as pending blocking. Then, the communication operator system is called to perform a blocking operation on the target number according to the mark.

As another possible implementation manner, before the fraudulent number identification system blocks the target number in the blacklist, a secondary audit of the target number may also be included. The secondary audit may be, for example, auditing whether the target number has typical characteristics of fraudulent numbers. The above-mentioned secondary audit operation may be performed manually or by the system. The above-mentioned system may be, for example, a fraudulent number identification system or another system (eg, a communication operator system).

Optionally, the fraudulent number identification system can also regularly scan the target numbers in the blacklist and block the missed numbers.

In case 3, the fraudulent number identification system uses the blacklist to store the fraudulent number and block the fraudulent number. At the same time, a second audit of the number was carried out before the suspension. Through the secondary audit, the possibility of misblocking can be reduced, and the user experience of the user experience can be avoided by misblocking the number. In addition, the fraud number identification system can regularly scan the target numbers in the blacklist and block the missing numbers. The above operations further ensure the accurate processing of fraudulent numbers by the fraudulent number identification system, and reduce the existence of missing numbers.

The number processing method provided by the embodiment of the present application is described in detail below through a specific example, including the following steps:

S401. Acquire the number of outgoing calls of the N numbers of the target area within the second historical time period.

S402. Determine whether there is a number whose number of outgoing calls is greater than a threshold for outgoing calls among the N numbers. If it exists, step S403 is executed, and if it does not exist, the process ends.

S403. The number whose number of outgoing calls is greater than the outgoing threshold is used as a candidate number.

S404. Determine whether the candidate number is in the white list. If it is in the white list, the process ends, and if it is not in the white list, step S405 is executed.

S405. Determine whether the candidate number is in the grey list. If it is in the grey list, go to step S416, if it is not in the grey list, go to step S406.

S406. Use the candidate number as the target number.

S407. Acquire basic data of the target number, as well as traffic detailed data and call detailed data of the target number within the first historical period.

S408 , performing data processing on the data of the detailed flow sheet to obtain the data of the detailed flow sheet after processing.

S409 , performing data cleaning on the basic data and the processed flow detailed bill data, and constructing a first feature vector by using the cleaned basic data and the cleaned flow detailed bill data.

S410. Perform data cleaning on the call detail data, and use the cleaned call detail data to construct a second feature vector.

S411. According to the first feature vector and the second feature vector, use a number identification model to obtain the identification probability of whether the target number is a fraudulent number.

S412. Determine whether the target number is a fraudulent number according to the identification probability. If it is determined to be a fraudulent number, step S413 is executed. If it is determined that the number is not fraudulent, step S415 is executed. If it cannot be determined whether it is a fraudulent number, step S416 is executed.

S413. Add the target number to the blacklist.

S414. Perform a blocking operation on the target number.

After step S415 is executed, the flow ends.

S415. Add the target number to the whitelist.

After step S415 is executed, the flow ends.

S416. Add the target number to the grey list.

S417. Send a prompt message that the target number is abnormal to the called number.

S418. Determine whether the feedback result of the called number is received.

S419, record the feedback result of the target number.

S420. Determine whether the accumulated feedback result of the target number indicates that the target number is not a fraudulent number. If the represented target number is not a fraudulent number, step S421 is performed; if the represented target number is a fraudulent number, step S422 is performed.

S421. Migrate the target number from the gray list to the white list.

S422. Migrate the target number from the gray list to the black list.

After step S422 is executed, it returns to execute step S414.

Three numbers with call times higher than 50 times/day are obtained from the operator database as an example, and the fraudulent number identification system of the present application is used to identify them.

Among them, the basic data and traffic details of Example 1 show that its product tariff is low, the customer type is public customers, the daily traffic usage is very small this month, and the APP with the most traffic is only the communication APP. There are a large number of caller records in its voice detailed list in one day, the outgoing numbers are all out of place or out of the province, there are no repeated outgoing numbers, the interval between each outgoing call is only a few minutes, and the base station number, cell number and cell number are basically unchanged. Has typical scam number characteristics.

The basic data and flow details of Example 2 show that the product tariff is moderate, the customer type is group customer, the average daily traffic is high this month, and the usage period is during working hours. The APP with the most traffic is the logistics APP, followed by the communication APP. There are also a large number of caller records in a single day, and the outgoing numbers are rarely repeated. The outgoing numbers belong to the city, other places or provinces. The base station number, cell number and cell number change from time to time, which is similar to the fraudulent number but has a degree of distinction. . Its characteristics are more in line with the characteristics of the logistics and distribution industry numbers.

The basic data and traffic details of Example 3 show that the product tariff is relatively high, the customer type is public, the average daily traffic usage this month is high, and the usage time is concentrated during off-duty hours. The APP with the most traffic is the video APP, followed by the communication APP . The number of outgoing calls in a single day is less, and there are calling and called records. They are basically local calls or virtual private network calls. There are many callback calls, and the base station number, cell number, and cell number change from time to time. Its characteristics are consistent with those of general security numbers.

The above three example numbers are all identified by the fraud number recognition system, and the results show that the probability of fraud number recognition in Example 1 means that the probability of being a fraud number is 97.26%, and the probability of being a fraud number in Example 2 is 41.85%. The probability of being a scam number is 6.18%. From this, it can be seen that the artificial logic inference of the three example numbers is roughly the same as the actual output of the system, and the system has achieved a good anti-fraud effect in these three example numbers.

In the follow-up process, example 1 needs to enter the blacklist and block it; example 2 needs to enter the graylist, and the fraudulent number identification system will reconfirm it by interacting with the called number; example 3 enters the whitelist database, If you are caught by the fraudulent number identification system when you make a subsequent call, you can avoid entering the subsequent process again.

The above examples 1-3 clearly illustrate the whole process of number fraud prevention in each scenario, and realize the efficient and automatic fraud prevention mode of the fraud prevention system. For fraudulent numbers, the system can effectively and timely intercept their continued outgoing calls and automatically block them; for normal user numbers, the system will add them to the whitelist to ensure normal use by users and avoid waste of system resources caused by secondary fraud prevention; for suspected frauds The number system adds it to the greylist, and interacts with the called number in real time to obtain more information, so as to avoid rashly blocking normal users, affecting user usage, and improving user perception. If the feedback of a large number of called users is indeed a fraudulent number, the system will move them to the blacklist and block them, and make up for the low recall rate of fraudulent numbers to ensure user perception through interaction.

The present application also provides a fraudulent number identification system 100 as shown in FIG. 1 . The modules and functions included in the fraudulent number identification system are as described above, and will not be repeated here. In one embodiment, the real-time monitoring module 11 in the fraudulent number identification system 100 is used to obtain the action of the target number to be identified, the data acquisition module 12 is used to obtain the basic data of the target number, and the target number in the first history The action of the traffic detailed bill data and the call detailed bill data within the duration, the fraud detection module 13 is used to obtain the identification of whether the target number is a fraudulent number by using the number recognition model according to the basic data, traffic detailed bill data and call detailed bill data Probability, according to the identification probability, it is determined whether the target number is a fraudulent number, and its realization principle is similar, which will not be repeated.

The present application also provides a computing device 200 as shown in FIG. 4 . The processor 202 in the computing device 200 reads the programs and data sets stored in the memory 201 to execute the number processing method performed by the aforementioned fraudulent number identification system.

The application also provides a computer-readable storage medium, the computer-readable storage medium may include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory) Various media that can store program codes, such as a magnetic disk, a magnetic disk, or an optical disk, specifically, the computer-readable storage medium stores program instructions, and the program instructions are used for the methods in the foregoing embodiments.

The present application also provides a program product including execution instructions stored in a readable storage medium. At least one processor of the computing device can read the execution instruction from the readable storage medium, and the execution of the execution instruction by the at least one processor causes the electronic device to implement the number processing method provided by the above-mentioned various embodiments.

Other embodiments of the present application will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses or adaptations of this application that follow the general principles of this application and include common knowledge or conventional techniques in the technical field not disclosed in this application . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the application being indicated by the following claims.

It is to be understood that the present application is not limited to the precise structures described above and illustrated in the accompanying drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A method for number processing, the method comprising:

acquiring a target number to be identified;

acquiring basic data of the target number, and flow detailed list data and call detailed list data of the target number in a first historical duration;

acquiring the recognition probability of whether the target number is a fraud number or not by utilizing a number recognition model according to the basic data, the traffic detailed data and the call detailed data;

and determining whether the target number is a fraud number according to the identification probability.

2. The method of claim 1, wherein the obtaining the target number to be identified comprises:

acquiring the calling times of the N numbers of the target area in a second historical duration; n is an integer greater than or equal to 1;

if the number with the calling times larger than the calling threshold exists in the N numbers, taking the number as a candidate number; the outgoing call threshold is related to an outgoing amount of fraud numbers of the target area;

the target number is determined from the candidate numbers.

3. The method of claim 2, wherein determining the destination number from the candidate numbers comprises:

taking candidate numbers which are not positioned in a white list and a gray list as the target numbers; wherein the white list is a list of non-fraud numbers, and the gray list is a list of candidate fraud numbers.

4. The method as recited in claim 3, wherein, after said determining whether said target number is a fraud number according to said recognition probability, said method further comprises:

if the target number is determined to be a non-fraud number according to the identification probability, adding the target number to the white list;

if the target number is determined to be a fraud number according to the identification probability, adding the target number to the grey list;

if the target number is determined to be a fraud number according to the identification probability, adding the target number to a blacklist; the black list is a list of fraud numbers.

5. The method of claim 4, wherein if the destination number is a number in a grey list, the method further comprises:

sending a prompt message of the abnormity of the target number to the called number;

if a feedback result of the called number aiming at the target number is received and the feedback result is used for representing whether the target number is a fraud number, recording the feedback result of the target number;

if the accumulated feedback result of the target number represents that the target number is a non-fraud number, the target number is moved from the grey list to the white list;

and if the accumulative feedback result of the target number represents that the target number is a fraud number, migrating the target number from the grey list to the blacklist.

6. The method of claim 4 or 5, wherein if the target number is a number in a blacklist, the method further comprises:

and executing blocking operation on the target number.

7. The method as claimed in any one of claims 1-5, wherein said obtaining the recognition probability of whether said target number is a fraud number by using a number recognition model according to said basic data, said traffic detail data and said call detail data comprises:

processing the flow detail list data to obtain processed flow detail list data;

carrying out data cleaning on the basic data and the processed detailed flow data, and constructing a first feature vector by using the cleaned basic data and the cleaned detailed flow data;

carrying out data cleaning on the call detail data, and constructing a second feature vector by using the cleaned call detail data;

acquiring the recognition probability of whether the target number is a fraud number or not by utilizing the number recognition model according to the first feature vector and the second feature vector;

wherein the number recognition model comprises: the method comprises the following steps of constructing a first submodel by adopting a multilayer perceptron, a second submodel by adopting a convolutional neural network, and a classification layer;

the first sub-model is used for acquiring first feature information of the target number according to the first feature vector;

the second submodel is used for acquiring second feature information according to the second feature vector;

and the classification layer is used for acquiring the identification probability of whether the target number is a fraud number according to the first characteristic information and the second characteristic information.

8. A number processing system, the system comprising:

the real-time monitoring module is used for acquiring a target number to be identified;

the data acquisition module is used for acquiring basic data of the target number, and flow detailed note data and call detailed note data of the target number in a first historical duration;

and the fraud detection module is used for acquiring the recognition probability of whether the target number is a fraud number or not by utilizing a number recognition model according to the basic data, the traffic detail data and the call detail data, and determining whether the target number is the fraud number or not according to the recognition probability.

9. A computing device, comprising: a processor, and a memory communicatively coupled to the processor;

the memory stores computer execution instructions;

the processor executes computer-executable instructions stored by the memory to implement the method of any of claims 1 to 7.

10. A computer-readable storage medium having computer-executable instructions stored therein, which when executed by a processor, are configured to implement the number processing method of any one of claims 1 to 7.

Images