阅读说明：本技术 一种涉诈识别方法和装置 (Method and device for recognizing fraud ) 是由 赵晓宇 丁正 顾晓东 董伟 周荣 蔡子衿 杨正敏 孙婷 佟志卫 任宇 于 2021-09-13 设计创作，主要内容包括：本申请公开了一种涉诈识别方法和装置,其中方法包括：从电信运营商网络,获取指定的通信和网络日志数据；利用深度报文检测技术,从所述通信和网络日志数据中提取指定数据；基于所述提取的结果,进行数据特征分析,得到指定的涉诈关联特征；基于所述涉诈关联特征,按照预设的涉诈筛选策略,识别涉诈嫌疑对象。采用本申请,可以对涉嫌诈骗的人员进行快速、有效地识别。(The application discloses a method and a device for fraud-related identification, wherein the method comprises the following steps: obtaining specified communication and network log data from a telecommunications carrier network; extracting specified data from the communication and weblog data by using a deep packet inspection technology; performing data feature analysis based on the extracted result to obtain specified fraud-related associated features; and identifying the suspected fraud-related objects according to a preset fraud-related screening strategy based on the fraud-related associated characteristics. By adopting the method and the device, the suspected fraud personnel can be quickly and effectively identified.)

1. A method for fraud-related identification, comprising:

obtaining specified communication and network log data from a telecommunications carrier network;

extracting specified data from the communication and weblog data by using a deep packet inspection technology;

performing data feature analysis based on the extracted result to obtain specified fraud-related associated features;

and identifying the suspected fraud-related objects according to a preset fraud-related screening strategy based on the fraud-related associated characteristics.

2. The method of claim 1, wherein the communication and network log data comprises an internet signaling log, an internet traffic access log, a Session Initiation Protocol (SIP) traffic log, and an instant messaging internet log.

3. The method of claim 2, wherein the extracting the specified data comprises:

extracting a user identification card number, a terminal mobile station identification code software version IMEI-SV, a mobile subscriber number MSISDN, a tracking area code TAC, a cell identifier of a cell where user equipment is located, an access destination address and a destination port of a user from the internet surfing signaling log and the internet flow access log;

extracting a calling direction, a calling number, a called number, a calling type, a hang-up reason, an SIP transaction type and an SIP message response code from the SIP flow log;

and extracting the type and the account of the instant messaging APP from the instant messaging internet log.

4. The method of claim 2, wherein performing data feature analysis based on the extracted results comprises:

determining a telephone number attribution used by a user for surfing the internet, a mobile phone card type, an equipment terminal type, a type of a user access operator, a type of an access network, internet surfing position information and an area corresponding to an access destination address based on data extracted from the internet surfing signaling log and the internet flow access log;

determining the calling times, calling dispersion and call proportion of refused calling of each user based on the data extracted from the SIP flow log, and analyzing the calling time period proportion of each user to obtain the calling active time of the user;

and determining the number of login accounts of each terminal device based on the data extracted from the instant messaging internet log.

5. The method as recited in claim 1, wherein said identifying, according to a preset fraud-related screening policy, suspected fraud-related objects based on said fraud-related associated features comprises:

if the user simultaneously satisfies: determining that the user is a suspected fraud object if the attribution of a telephone number used by the user for surfing the Internet does not belong to an area corresponding to an access destination address, the type of a mobile phone card belongs to a designated risk card, the type of an access network is not an access network designated by an operator and at least M instant messaging account numbers are used; wherein M is greater than 1;

if the number of times of surfing the Internet by a user in a coverage area of a specified high-risk base station is larger than a preset Internet surfing number threshold value, and the model of an equipment terminal used for surfing the Internet belongs to a specified low-end model, determining that the user is a suspected fraud object;

if the user simultaneously satisfies: if the calling times are larger than a preset calling time threshold, the calling dispersion is larger than a preset calling dispersion threshold, the call rejected conversation occupation ratio is larger than a preset call rejection occupation ratio threshold, and the calling active time is within a preset common time period range, determining that the user is a suspected fraud object;

and if at least two suspected fraud-related objects are in the same position at the same time in the first specified time range, determining the position intersection as a suspected fraud-related pit, and determining the suspected fraud-related objects corresponding to the suspected fraud-related pit as a group partner.

6. The method of claim 1, further comprising:

generating fraud-related portrait information corresponding to the fraud-related suspected object based on the extracted data; the information of the fraud-related image comprises terminal information, telephone numbers, position information, information related to an instant messaging APP, telephone numbers of victims, suspected fraud-related nest points and/or suspected fraud groups of the suspected fraud-related object.

7. A fraud-related identification apparatus, comprising:

the data acquisition unit is used for acquiring appointed communication and network log data from a telecommunication operator network;

the data extraction unit is used for extracting specified data from the communication and weblog data by utilizing a deep packet inspection technology;

the data analysis unit is used for carrying out data characteristic analysis based on the extracted result to obtain the specified fraud-related associated characteristics;

and the fraud-related identification unit is used for identifying the suspected fraud-related object according to a preset fraud-related screening strategy based on the fraud-related associated characteristics.

8. The apparatus of claim 7, wherein the communication and network log data comprises an internet signaling log, an internet traffic access log, a Session Initiation Protocol (SIP) traffic log, and an instant messaging internet log.

9. The apparatus according to claim 8, wherein the data analysis unit, in particular configured to perform data feature analysis based on the extracted result, comprises:

determining a telephone number attribution used by a user for surfing the internet, a mobile phone card type, an equipment terminal type, a type of a user access operator, a type of an access network, internet surfing position information and an area corresponding to an access destination address based on data extracted from the internet surfing signaling log and the internet flow access log;

determining the calling times, calling dispersion and call proportion of refused calling of each user based on the data extracted from the SIP flow log, and analyzing the calling time period proportion of each user to obtain the calling active time of the user;

and determining the number of login accounts of each terminal device based on the data extracted from the instant messaging internet log.

10. The apparatus as claimed in claim 7, wherein said fraud-related identification unit, specifically configured to identify suspected fraud-related objects according to a preset fraud-related screening policy based on said fraud-related associated features, comprises:

if the user simultaneously satisfies: determining that the user is a suspected fraud object if the attribution of a telephone number used by the user for surfing the Internet does not belong to an area corresponding to an access destination address, the type of a mobile phone card belongs to a designated risk card, the type of an access network is not an access network designated by an operator and at least M instant messaging account numbers are used; the risk cards comprise an outdoor card, an Internet of things card and a virtual business card, and M is greater than 1;

if the number of times of surfing the Internet by a user in a coverage area of a specified high-risk base station is larger than a preset Internet surfing number threshold value, and the model of an equipment terminal used for surfing the Internet belongs to a specified low-end model, determining that the user is a suspected fraud object;

if the user simultaneously satisfies: if the calling times are larger than a preset calling time threshold, the calling dispersion is larger than a preset calling dispersion threshold, the call rejected conversation occupation ratio is larger than a preset call rejection occupation ratio threshold, and the calling active time is within a preset common time period range, determining that the user is a suspected fraud object;

and if at least two suspected fraud-related objects are in the same position at the same time in the first specified time range, determining the position intersection as a suspected fraud-related pit, and determining the suspected fraud-related objects corresponding to the suspected fraud-related pit as a group partner.

Technical Field

The present invention relates to communication security technologies, and in particular, to a method and an apparatus for fraud identification.

Background

The increasingly mature internet technology and the increasingly large internet scale provide society with a new life of "internet +". The internet brings convenience to people in various aspects of life, and various threats come after all. The lawbreakers' fraud patterns are endless, and show the trend from "telephone fraud" to "telecom fraud". For example, some lawbreakers build financial, credit and lottery websites, and promote the websites in the form of short messages and telephones to induce the victims to pay money, thereby implementing fraud. The phishing outbreak rate increases year by year, and the involved money also increases exponentially. In order to avoid such fraud behaviors disturbing normal work and life order of people, a fraud-related identification scheme is required to rapidly and effectively identify suspected fraud-related people and reduce fraud rate.

Disclosure of Invention

In view of the above, the main objective of the present invention is to provide a fraud-related identification method and apparatus, which can quickly and effectively identify the suspected fraud-related personnel.

In order to achieve the above purpose, the embodiment of the present invention provides a technical solution:

a fraud-related identification method, comprising:

obtaining specified communication and network log data from a telecommunications carrier network;

extracting specified data from the communication and weblog data by using a deep packet inspection technology;

performing data feature analysis based on the extracted result to obtain specified fraud-related associated features;

and identifying the suspected fraud-related objects according to a preset fraud-related screening strategy based on the fraud-related associated characteristics.

Preferably, the communication and network log data includes internet access signaling log, internet traffic access log, session initiation protocol SIP traffic log, and instant communication internet log.

Preferably, the extracting the specified data includes:

extracting a user identification card number, a terminal mobile station identification code software version IMEI-SV, a mobile subscriber number MSISDN, a tracking area code TAC, a cell identifier of a cell where user equipment is located, an access destination address and a destination port of a user from the internet surfing signaling log and the internet flow access log;

extracting a calling direction, a calling number, a called number, a calling type, a hang-up reason, an SIP transaction type and an SIP message response code from the SIP flow log;

and extracting the type and account number of an instant messaging application program (APP) from the instant messaging internet log.

Preferably, the performing data feature analysis based on the extracted result includes:

determining a telephone number attribution used by a user for surfing the internet, a mobile phone card type, an equipment terminal type, a type of a user access operator, a type of an access network, internet surfing position information and an area corresponding to an access destination address based on data extracted from the internet surfing signaling log and the internet flow access log;

determining the calling times, calling dispersion and call proportion of refused calling of each user based on the data extracted from the SIP flow log, and analyzing the calling time period proportion of each user to obtain the calling active time of the user;

and determining the number of login accounts of each terminal device based on the data extracted from the instant messaging internet log.

Preferably, the identifying suspected fraud-related objects according to a preset fraud-related screening policy based on the fraud-related associated features comprises:

if the user simultaneously satisfies: determining that the user is a suspected fraud object if the attribution of a telephone number used by the user for surfing the Internet does not belong to an area corresponding to an access destination address, the type of a mobile phone card belongs to a designated risk card, the type of an access network is not an access network designated by an operator and at least M instant messaging account numbers are used; the risk cards comprise an outdoor card, an Internet of things card and a virtual business card, and M is greater than 1;

if the number of times of surfing the Internet by a user in a coverage area of a specified high-risk base station is larger than a preset Internet surfing number threshold value, and the model of an equipment terminal used for surfing the Internet belongs to a specified low-end model, determining that the user is a suspected fraud object;

if the user simultaneously satisfies: if the calling times are larger than a preset calling time threshold, the calling dispersion is larger than a preset calling dispersion threshold, the call rejected conversation occupation ratio is larger than a preset call rejection occupation ratio threshold, and the calling active time is within a preset common time period range, determining that the user is a suspected fraud object;

and if at least two suspected fraud-related objects are in the same position at the same time in the first specified time range, determining the position intersection as a suspected fraud-related pit, and determining the suspected fraud-related objects corresponding to the suspected fraud-related pit as a group partner.

Preferably, the method further comprises:

generating fraud-related portrait information corresponding to the fraud-related suspected object based on the extracted data; the information of the fraud-related image comprises terminal information, telephone numbers, position information, information related to an instant messaging APP, telephone numbers of victims, suspected fraud-related nest points and/or suspected fraud groups of the suspected fraud-related object.

The embodiment of the invention also discloses a fraud identification device, which comprises:

the data acquisition unit is used for acquiring appointed communication and network log data from a telecommunication operator network;

the data extraction unit is used for extracting specified data from the communication and weblog data by utilizing a deep packet inspection technology;

the data analysis unit is used for carrying out data characteristic analysis based on the extracted result to obtain the specified fraud-related associated characteristics;

and the fraud-related identification unit is used for identifying the suspected fraud-related object according to a preset fraud-related screening strategy based on the fraud-related associated characteristics.

Preferably, the communication and network log data includes internet access signaling log, internet traffic access log, session initiation protocol SIP traffic log, and instant communication internet log.

Preferably, the data extracting unit is specifically configured to extract the specified data, and includes:

extracting a user identification card number, a terminal mobile station identification code software version IMEI-SV, a mobile subscriber number MSISDN, a tracking area code TAC, a cell identifier of a cell where user equipment is located, an access destination address and a destination port of a user from the internet surfing signaling log and the internet flow access log;

extracting a calling direction, a calling number, a called number, a calling type, a hang-up reason, an SIP transaction type and an SIP message response code from the SIP flow log;

and extracting the type and the account of the instant messaging APP from the instant messaging internet log.

Preferably, the data analysis unit is specifically configured to perform data feature analysis based on the extracted result, and includes:

determining a telephone number attribution used by a user for surfing the internet, a mobile phone card type, an equipment terminal type, a type of a user access operator, a type of an access network, internet surfing position information and an area corresponding to an access destination address based on data extracted from the internet surfing signaling log and the internet flow access log;

determining the calling times, calling dispersion and call proportion of refused calling of each user based on the data extracted from the SIP flow log, and analyzing the calling time period proportion of each user to obtain the calling active time of the user;

and determining the number of login accounts of each terminal device based on the data extracted from the instant messaging internet log.

Preferably, the fraud-related identification unit is specifically configured to identify a suspected fraud-related object according to a preset fraud-related screening policy based on the fraud-related associated characteristics, and includes:

if the user simultaneously satisfies: determining that the user is a suspected fraud object if the attribution of a telephone number used by the user for surfing the Internet does not belong to an area corresponding to an access destination address, the type of a mobile phone card belongs to a designated risk card, the type of an access network is not an access network designated by an operator and at least M instant messaging account numbers are used; the risk cards comprise an outdoor card, an Internet of things card and a virtual business card, and M is greater than 1;

if the number of times of surfing the Internet by a user in a coverage area of a specified high-risk base station is larger than a preset Internet surfing number threshold value, and the model of an equipment terminal used for surfing the Internet belongs to a specified low-end model, determining that the user is a suspected fraud object;

if the user simultaneously satisfies: if the calling times are larger than a preset calling time threshold, the calling dispersion is larger than a preset calling dispersion threshold, the call rejected conversation occupation ratio is larger than a preset call rejection occupation ratio threshold, and the calling active time is within a preset common time period range, determining that the user is a suspected fraud object;

and if at least two suspected fraud-related objects are in the same position at the same time in the first specified time range, determining the position intersection as a suspected fraud-related pit, and determining the suspected fraud-related objects corresponding to the suspected fraud-related pit as a group partner.

Preferably, the fraud-related identification unit is further configured to:

generating fraud-related portrait information corresponding to the fraud-related suspected object based on the extracted data; the information of the fraud-related image comprises terminal information, telephone numbers, position information, information related to an instant messaging APP, telephone numbers of victims, suspected fraud-related nest points and/or suspected fraud groups of the suspected fraud-related object.

In summary, in the fraud-related identification scheme provided by the present invention, designated log data is acquired from the telecom operator network, the designated data is extracted from the log data by using a deep packet inspection technology, data feature analysis is performed based on the extracted data, to obtain fraud-related associated features, and finally, according to a preset fraud-related screening policy, a fraud-related suspected object is identified based on the obtained fraud-related associated features. Therefore, by mining the communication and network characteristics related to the fraud based on the log data of the telecom operator network, the suspected fraud object can be timely and effectively identified.

Drawings

FIG. 1 is a schematic flow chart of a method according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.

Fig. 1 is a schematic flow chart of an embodiment of the present invention, and as shown in fig. 1, the method for fraud identification implemented in the embodiment mainly includes:

step 101, obtaining specified communication and network log data from a telecom operator network.

This step is used to collect communication and weblog data from the operator side for the subsequent steps to perform fraud-related characteristic analysis.

In one embodiment, the communication and weblog data specifically includes: internet access signaling logs, internet traffic access logs, Session Initiation Protocol (SIP) traffic logs, and instant messaging internet logs.

In practical application, the log data may be obtained from the operator side periodically according to a certain collection period in this step. Specifically, a suitable acquisition period may be set according to the real-time requirement of data acquisition.

And 102, extracting specified data from the communication and weblog data by using a deep packet inspection technology.

In this step, a Deep Packet Inspection (DPI) technology is required to filter out specific signaling data from the log data obtained in step 101.

After deep detection and analysis are performed by using a DPI technology, an XDR (x Data recording) log is formed based on filtered signaling Data, wherein the XDR refers to a key information record of Data traffic in a mobile network and a bearer network, that is, a traffic log, and one session forms one XDR record by taking a user session as a unit. In practical applications, the XDR log data can be written to a big data platform archive for subsequent fraud-related analysis.

In one embodiment, the following method may be specifically adopted to extract the specified data from the internet access signaling log, the internet traffic access log, the SIP traffic log, and the instant messaging internet log, respectively:

1. and extracting the user identification card number, the terminal mobile station identification code software version (IMEI-SV), the mobile subscriber number (MSISDN), the Tracking Area Code (TAC), the cell identification of the cell where the user equipment is located, the access destination address and the access destination port of the user from the Internet surfing signaling log and the Internet flow access log.

The subscriber identity card number may specifically be an International Mobile Subscriber Identity (IMSI), and the cell identity may specifically be an E-UTRAN cell global identifier (ECI).

2. And extracting the calling direction, the calling number, the called number, the calling type, the hang-up reason, the SIP transaction type and the SIP message response code from the SIP flow log.

3. And extracting the type and the account of the instant messaging APP from the instant messaging internet log.

And 103, performing data characteristic analysis based on the extracted result to obtain the specified fraud-related characteristics.

In one embodiment, in order to improve the accuracy of the fraud-related identification, the following method may be specifically adopted to perform data feature analysis based on the data extracted in step 103:

and determining a telephone number attribution used by the user for surfing the internet, a mobile phone card type (such as an international card, an internet of things card, a traffic card, a virtual business card and the like), an equipment terminal model, a type of a user access operator, a type of an access network, internet surfing position information and an area corresponding to an access destination address based on the data extracted from the internet surfing signaling log and the internet flow access log.

And determining the calling times, the calling dispersion and the call proportion of refused calling of each user based on the data extracted from the SIP flow log, and analyzing the calling time period proportion of each user to obtain the calling active time of the user.

And determining the number of login accounts of each terminal device based on the data extracted from the instant messaging internet log.

In practical application, the step may periodically obtain the XDR log from the big data platform according to a preset analysis period, and perform data feature analysis.

And 104, identifying the suspected fraud-related objects according to a preset fraud-related screening strategy based on the fraud-related associated characteristics.

In one embodiment, in order to improve the accuracy of fraud-related identification, the following methods can be adopted to identify suspected fraud-related objects from multiple dimensions according to a preset fraud-related screening policy based on the fraud-related associated features:

if the user simultaneously satisfies: if the area of the phone number used by the user for surfing the internet does not belong to the area corresponding to the access destination address, the type of the mobile phone card belongs to the designated risk card, the type of the access network is not the access network designated by the operator and at least M instant messaging account numbers are used, the user is considered to have the basic characteristics of the fraud-related personnel, and the user is determined to be a suspected fraud-related object.

Specifically, the risk card may include, but is not limited to, an outbound card, an internet of things card, and a virtual business card.

The value of M is greater than 1, and a person skilled in the art can set an appropriate value of M according to the characteristics of the number of the instant messaging accounts of the actual scammers.

And if the number of times of surfing the Internet by the user in the coverage area of the specified high-risk base station is greater than a preset Internet surfing number threshold value, and the model of the equipment terminal used for surfing the Internet belongs to a specified low-end model, determining that the user is a suspected fraud object.

Specifically, the low-end models may include low-end models such as Huaye, VIVO, OPPO, and millet, but are not limited thereto, and may be specifically set according to models commonly used by actual fraud-related personnel.

The threshold of the number of surfing times may be set by those skilled in the art according to the actual fraud-related characteristics, for example, may be set to 1, that is, only when the threshold occurs in the high-risk base station area, but is not limited thereto.

If the user simultaneously satisfies: and if the calling times are greater than a preset calling time threshold, the calling dispersion is greater than a preset calling dispersion threshold, the call rejected conversation occupation ratio is greater than a preset call rejection occupation ratio threshold, and the calling active time is within a preset common time period range, determining that the user is a suspicion related object.

Here, when the user generates a large number of call frequencies and has a high dispersion, a call rejection ratio is high, and the call active time also satisfies the normal time period, the user is determined as a suspected fraud object by considering that the user has the characteristics of a fraud related person.

The common time period may be set according to a common working time, for example, but not limited to, 9:00 a morning to 6:00 a night.

And if at least two suspected fraud-related objects are in the same position at the same time in the first specified time range, determining the position intersection as a suspected fraud-related pit, and determining the suspected fraud-related objects corresponding to the suspected fraud-related pit as a group partner.

The first designated time range may be set according to actual fraud-related characteristics, for example, may be 5 to 7 days or 10 to 14 days, but is not limited thereto.

The method integrates the analysis results of multiple dimensions, carries out statistics and figure portrayal on the user, finally classifies the user and accurately identifies the fraud-related nest points.

In one embodiment, the image of the fraud-related person may be generated based on the recognition result of the step and the data extracted in the step 102, and the method may further include:

and generating fraud-related image information corresponding to the fraud-related suspected object based on the data extracted in the step 102. The information of the fraud-related image comprises terminal information, telephone numbers, position information, information related to an instant messaging APP, telephone numbers of victims, suspected fraud-related nest points and/or suspected fraud groups of the suspected fraud-related object.

Corresponding to the above method embodiment, an embodiment of the present invention further provides a fraud identification apparatus, as shown in fig. 2, the apparatus mainly includes:

a data acquisition unit 201 for acquiring specified communication and network log data from a telecom operator network;

a data extraction unit 202, configured to extract specified data from the communication and weblog data by using a deep packet inspection technology;

a data analysis unit 203, configured to perform data feature analysis based on the extracted result to obtain a designated fraud-related associated feature;

a fraud-related identifying unit 204, configured to identify a suspected fraud-related object according to a preset fraud-related screening policy based on the fraud-related associated characteristics.

In one embodiment, the communication and network log data includes internet signaling logs, internet traffic access logs, Session Initiation Protocol (SIP) traffic logs, and instant messaging internet logs.

In one embodiment, the data extracting unit 202, specifically configured to extract the specific data, includes:

extracting a user identification card number, a terminal mobile station identification code software version IMEI-SV, a mobile subscriber number MSISDN, a tracking area code TAC, a cell identifier of a cell where user equipment is located, an access destination address and a destination port of a user from the internet surfing signaling log and the internet flow access log;

extracting a calling direction, a calling number, a called number, a calling type, a hang-up reason, an SIP transaction type and an SIP message response code from the SIP flow log;

and extracting the type and the account of the instant messaging APP from the instant messaging internet log.

In one embodiment, the data analysis unit 203 is specifically configured to perform data feature analysis based on the extracted result, and includes:

determining a telephone number attribution used by a user for surfing the internet, a mobile phone card type, an equipment terminal type, a type of a user access operator, a type of an access network, internet surfing position information and an area corresponding to an access destination address based on data extracted from the internet surfing signaling log and the internet flow access log;

determining the calling times, calling dispersion and call proportion of refused calling of each user based on the data extracted from the SIP flow log, and analyzing the calling time period proportion of each user to obtain the calling active time of the user;

and determining the number of login accounts of each terminal device based on the data extracted from the instant messaging internet log.

In one embodiment, the fraud-related identification unit 204 is specifically configured to identify a suspected fraud-related object according to a preset fraud-related screening policy based on the fraud-related associated features, and includes:

if the user simultaneously satisfies: determining that the user is a suspected fraud object if the attribution of a telephone number used by the user for surfing the Internet does not belong to an area corresponding to an access destination address, the type of a mobile phone card belongs to a designated risk card, the type of an access network is not an access network designated by an operator and at least M instant messaging account numbers are used; the risk cards comprise an outdoor card, an Internet of things card and a virtual business card, and M is greater than 1;

if the number of times of surfing the Internet by a user in a coverage area of a specified high-risk base station is larger than a preset Internet surfing number threshold value, and the model of an equipment terminal used for surfing the Internet belongs to a specified low-end model, determining that the user is a suspected fraud object;

if the user simultaneously satisfies: if the calling times are larger than a preset calling time threshold, the calling dispersion is larger than a preset calling dispersion threshold, the call rejected conversation occupation ratio is larger than a preset call rejection occupation ratio threshold, and the calling active time is within a preset common time period range, determining that the user is a suspected fraud object;

and if at least two suspected fraud-related objects are in the same position at the same time in the first specified time range, determining the position intersection as a suspected fraud-related pit, and determining the suspected fraud-related objects corresponding to the suspected fraud-related pit as a group partner.

In one embodiment, the fraud-related identification unit 204 is further configured to:

generating fraud-related portrait information corresponding to the fraud-related suspected object based on the extracted data; the information of the fraud-related image comprises terminal information, telephone numbers, position information, information related to an instant messaging APP, telephone numbers of victims, suspected fraud-related nest points and/or suspected fraud groups of the suspected fraud-related object.

Each of the embodiments of the present invention can be realized by a data processing program executed by a data processing apparatus such as a computer. It is clear that the data processing program constitutes the invention. Further, the data processing program, which is generally stored in one storage medium, is executed by directly reading the program out of the storage medium or by installing or copying the program into a storage device (such as a hard disk and/or a memory) of the data processing device. Such a storage medium therefore also constitutes the present invention. The storage medium may use any type of recording means, such as a paper storage medium (e.g., paper tape, etc.), a magnetic storage medium (e.g., a flexible disk, a hard disk, a flash memory, etc.), an optical storage medium (e.g., a CD-ROM, etc.), a magneto-optical storage medium (e.g., an MO, etc.), and the like.

The invention therefore also discloses a storage medium in which a data processing program is stored which is designed to carry out any one of the embodiments of the method according to the invention described above.

In addition, the method steps described in the present invention can be implemented by hardware, for example, logic gates, switches, Application Specific Integrated Circuits (ASICs), programmable logic controllers, embedded microcontrollers and the like, in addition to data processing programs. Such hardware capable of implementing the methods of the present invention may also constitute the present invention.

In summary, the above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.