Search

CN-121985337-A - Multi-mode-based 5G message fraud prevention method and related equipment

CN121985337ACN 121985337 ACN121985337 ACN 121985337ACN-121985337-A

Abstract

The application provides a multi-mode-based 5G message fraud prevention method and related equipment, which comprise the steps of capturing an initial 5G message of an authorized user, preprocessing the initial 5G message to obtain a target 5G message, extracting semantic features of the text content, extracting link risk features of the embedded link, extracting fake content features of the multimedia image and carrying out historical behavior association on the sender information to generate map features, carrying out dynamic weighted fusion on the semantic features, the link risk features, the fake content features and the map features to generate comprehensive fraud probability, carrying out risk classification on the 5G message according to the comprehensive fraud probability, and intercepting user plane data corresponding to the initial 5G message at a 5G edge computing node when the risk level of the target 5G message is high risk. Therefore, the fraud risk of the 5G message is comprehensively and accurately estimated, and the detection precision is remarkably improved.

Inventors

  • TIAN HAO
  • YANG RONG
  • CHEN SIYI

Assignees

  • 网思科技股份有限公司

Dates

Publication Date
20260505
Application Date
20260331

Claims (10)

  1. 1. A multi-modality based 5G message fraud prevention method, the method comprising: Capturing an initial 5G message of an authorized user, and preprocessing the initial 5G message to obtain a target 5G message, wherein the target 5G message comprises text content, embedded links, multimedia images and sender information; Extracting semantic features of the text content, extracting link risk features of the embedded links, extracting counterfeit content features of the multimedia image, and performing historical behavior association on the sender information to generate map features; After optimizing the semantic features, the link risk features and the counterfeit content features based on the map features, performing dynamic weighted fusion by adopting an adaptive attention mechanism to generate comprehensive fraud probability; And carrying out risk classification on the 5G message according to the comprehensive fraud probability, and intercepting user plane data corresponding to the initial 5G message at a 5G edge computing node when the risk classification of the target 5G message is high risk.
  2. 2. The multi-modal based 5G message fraud prevention method of claim 1, wherein the steps of capturing an initial 5G message of an authorized user and preprocessing the initial 5G message to obtain a target 5G message, comprise: copying user plane data of the authorized user through a user plane function bypass mirror image technology to obtain the initial 5G message; unpacking and deeply analyzing a protocol of a GTP-U tunnel of the user plane data, extracting an original data packet, and recombining a media stream based on RTP and RTCP protocols for rich media content transmitted in a fragmentation way in the original data packet to obtain an encrypted 5G message; And after the encrypted 5G message is decrypted and restored, the target 5G message is obtained through validity screening and standardization processing.
  3. 3. The multi-modality based 5G message fraud prevention method as claimed in claim 1, wherein the step of extracting semantic features of the text contents includes: performing word segmentation processing and deep semantic analysis on the text content by adopting a pre-trained BERT-5G model; The technical scheme is that the BERT-5G model is obtained by performing field self-adaptive pre-training and knowledge distillation compression on the BERT-base model, the field self-adaptive pre-training uses a 5G message special corpus, the 5G message special corpus comprises fraud expression in the financial and government fields, the knowledge distillation compression is used for generating a lightweight model for adapting to 5G edge computing node deployment, the BERT-5G model is used for computing fraud sensitivity scores of words at a word element level, identifying a high risk collocation mode at a phrase level through dependency syntax analysis, and representing overall semantic tendency at a chapter level through classification vectors; And according to the deep semantic analysis result, carrying out risk keyword matching by combining with the dynamically updated fraud keyword graph, and advantageously identifying the urgent emotion tendencies and the induced emotion tendencies in the text to generate the semantic features.
  4. 4. The multi-modality based 5G message fraud prevention method as claimed in claim 1, wherein the step of extracting link risk characteristics of the embedded links includes: Real-time rendering access is carried out on the embedded link through a dynamic sandbox, the multi-stage jump path of the embedded link and the dynamic behavior characteristics of each jump page are captured, and the final domain name pointed by the embedded link after jumping is determined; Based on WHOIS registration information, DNS analysis records and SSL certificate states, carrying out multidimensional analysis on the final domain name to generate a reputation score of the final domain name; Based on a preset brand domain name knowledge base, performing visual similarity calculation and voice confusion detection on the final domain name, and generating a counterfeit identification result of the final domain name; and generating the link risk characteristic according to the multi-stage jump path, the dynamic behavior characteristic, the reputation score and the counterfeit identification result.
  5. 5. The multi-modality based 5G message fraud prevention method as claimed in claim 1, wherein the step of extracting counterfeit content characteristics of the multimedia image includes: Positioning and identifying brand marks in the multimedia image, comparing the identified brand marks with a preset official LOGO library in similarity, and outputting LOGO forging confidence; Positioning and decoding a two-dimensional code area in the multimedia image, extracting a link address pointed by a two-dimensional code, verifying consistency of the link address and context content in the multimedia image, and outputting a two-dimensional code risk score; carrying out frequency domain analysis and airspace feature extraction on the multimedia image, identifying the trace generated or tampered by AI in the image, and outputting the depth forging confidence; and fusing the LOGO counterfeiting confidence, the two-dimensional code risk score and the deep counterfeiting confidence to obtain the counterfeiting content characteristics.
  6. 6. The multi-modality based 5G message fraud prevention method as claimed in claim 1, wherein said step of performing historical behavior association on said sender information, generating a atlas feature, comprises: The method comprises the steps of taking a sender number, an IP address and a device fingerprint contained in sender information as nodes, and constructing an association edge between the nodes, wherein the association edge comprises association among a plurality of numbers used by the same device, association among a plurality of devices associated with the same IP address, and association between each node and a history malicious node in a preset malicious entity library; performing embedded representation learning on each node and the associated edge thereof by adopting a graph neural network to obtain an embedded vector of each node, wherein the embedded vector is used for reflecting the association strength between the corresponding node and the history malicious node; Identifying a fraud group partner community to which each node belongs based on the embedded vector of each node, and obtaining a fraud group partner identification result; And generating the map features according to the nodes and the associated edges thereof and combining the fraud partner identification results.
  7. 7. The multi-modal based 5G message fraud prevention method according to any of claims 1 to 6, wherein said step of intercepting said initial 5G message at a 5G edge computing node when a risk level of said target 5G message is high risk comprises: And when the comprehensive fraud probability is greater than or equal to a preset first threshold, determining that the risk level of the target 5G message is high risk, and executing real-time blocking on user plane data corresponding to the initial 5G message through a lightweight multi-mode model deployed at a 5G edge computing node so as to prevent the user plane data from being issued to the terminal of the user.
  8. 8. A multi-modality based 5G message fraud prevention apparatus, the apparatus comprising: the target 5G message determining module is used for capturing an initial 5G message of an authorized user, preprocessing the initial 5G message to obtain a target 5G message, wherein the target 5G message comprises text content, embedded links, a multimedia image and sender information; The multi-mode feature extraction module is used for extracting semantic features of the text content, extracting link risk features of the embedded links, extracting counterfeit content features of the multimedia image, and carrying out historical behavior association on the sender information to generate map features; the comprehensive fraud probability generation module is used for carrying out dynamic weighted fusion by adopting a self-adaptive attention mechanism after optimizing the semantic features, the link risk features and the fake content features based on the map features to generate comprehensive fraud probability; And the 5G message interception module is used for carrying out risk classification on the 5G message according to the comprehensive fraud probability, and intercepting user plane data corresponding to the initial 5G message at a 5G edge computing node when the risk level of the target 5G message is high risk.
  9. 9. A storage medium having stored therein computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of a multimodal 5G message fraud prevention method as defined in any of claims 1 to 7.
  10. 10. A computer device includes one or more processors and a memory; Stored in the memory are computer readable instructions which, when executed by the one or more processors, perform the steps of the multimodal 5G message fraud prevention method of any of claims 1 to 7.

Description

Multi-mode-based 5G message fraud prevention method and related equipment Technical Field The application relates to the technical field of mobile communication, in particular to a multi-mode-based 5G message fraud prevention method and related equipment. Background With the continuous perfection of the 5G infrastructure, basic communication service is continuously upgraded, 5G messages gradually replace traditional text messages, a rich media form information display mode is provided for users, the users can finish services such as service searching, discovery, interaction, payment and the like in a message window, and user experience is greatly improved. However, the rich media nature and interactive convenience of 5G messages also make them novel targets for attack by fraud molecules, accompanied by a large amount of fraud information. The current 5G message fraud prevention method mainly relies on keyword filtering, sender black-and-white list, static rule engine and other methods, but the methods have obvious defects in practical application. The keyword filtering relies on manual maintenance rules, cannot cope with dynamic evolution and variant expression of fraud, is difficult to identify a pseudo base station or a counterfeit official number by a black-and-white list, lacks self-adaption capability by a static rule engine, has high false alarm rate, and cannot identify novel fraud methods such as personalized fishing content generated by AI. In addition, the existing scheme mostly adopts a cloud detection mode, detection delay is high, and in-process interception cannot be realized before a message reaches a user, so that the user still possibly receives a fraud message. Therefore, the existing 5G message fraud prevention method has the problem of detection accuracy. Disclosure of Invention The application aims to at least solve one of the technical defects, and particularly the technical defect of detection precision of the existing 5G message fraud prevention method. In a first aspect, the present application provides a multi-mode based 5G message fraud prevention method, the method comprising: capturing an initial 5G message of an authorized user, and preprocessing the initial 5G message to obtain a target 5G message, wherein the target 5G message comprises text content, embedded links, multimedia images and sender information; Extracting semantic features of text content, extracting link risk features of embedded links, extracting counterfeit content features of multimedia images, and performing historical behavior association on sender information to generate map features; after semantic features, link risk features and fake content features are optimized based on the map features, dynamic weighting fusion is carried out by adopting a self-adaptive attention mechanism, and comprehensive fraud probability is generated; and carrying out risk classification on the 5G message according to the comprehensive fraud probability, and intercepting user plane data corresponding to the initial 5G message at the 5G edge computing node when the risk classification of the target 5G message is high risk. In one embodiment, the steps of capturing an initial 5G message of an authorized user and preprocessing the initial 5G message to obtain a target 5G message include: copying user plane data of the authorized user through a user plane function bypass mirror image technology to obtain an initial 5G message; unpacking a GTP-U tunnel of user plane data and carrying out protocol deep analysis, extracting an original data packet, and carrying out media stream recombination based on RTP and RTCP on rich media content transmitted in a fragmentation way in the original data packet to obtain an encrypted 5G message; After decryption and restoration are carried out on the encrypted 5G message, the target 5G message is obtained through validity screening and standardization processing. In one embodiment, the step of extracting semantic features of the text content comprises: performing word segmentation processing and deep semantic analysis on text contents by adopting a pre-trained BERT-5G model; The BERT-5G model is obtained by performing field self-adaptive pre-training and knowledge distillation compression on the BERT-base model, the field self-adaptive pre-training uses a 5G message special corpus, the 5G message special corpus comprises fraud expression in the financial and government fields, the knowledge distillation compression is used for generating a lightweight model for adapting to 5G edge computing node deployment, the BERT-5G model is used for computing fraud sensitivity scores of words at a word element level, a high risk collocation mode is identified through dependency syntactic analysis at a phrase level, and the whole semantic tendency is represented through classification vectors at a chapter level; And according to the deep semantic analysis result, carrying out risk keyword matching by combining wi