CN-122002289-A - Intervention method for fraud risk, terminal equipment and storage medium

Abstract

The specification provides a fraud risk intervention method, terminal equipment and storage medium. In the intervention method of fraud risk, a terminal device responds to a call event to obtain a calling number of the call, performs trusted verification on the calling number, collects multi-mode call data in the call process if the calling number fails the trusted verification, and performs fraud risk judgment on the terminal device locally based on the multi-mode call data to obtain fraud risk level, wherein the multi-mode call data comprises at least two data streams of a call audio stream, a semantic text stream or an interactive event stream, and performs corresponding risk intervention operation on the terminal device locally based on the fraud risk level.

Inventors

• DU YONG
• FANG YONG

Assignees

• 支付宝(杭州)数字服务技术有限公司

Dates

Publication Date

20260508

Application Date

20260206

Claims (16)

1. 1. An intervention method of fraud risk, applied to a terminal device, the method comprising: responding to the detected call event, and obtaining the calling number of the call; performing trusted verification on the calling number; If the calling number fails the trusted verification, multi-mode call data are collected in the call process, fraud risk judgment is carried out on the basis of the multi-mode call data locally at the terminal equipment, and fraud risk levels are obtained, wherein the multi-mode call data comprise at least two data streams of a call audio stream, a semantic text stream or an interactive event stream, and And based on the fraud risk level, performing corresponding risk intervention operation locally on the terminal equipment.
2. 2. The intervention method of claim 1, wherein, when the multimodal call data includes a call audio stream, a semantic text stream, and an interactivity event stream, performing fraud risk determination based on the multimodal call data, resulting in a fraud risk level, comprising: performing fraud risk assessment based on the call audio stream to obtain a first fraud risk score; performing fraud risk assessment based on the semantic text stream to obtain a second fraud risk score; performing fraud risk assessment based on the interaction event stream to obtain a third fraud risk score, and And comprehensively judging based on the first fraud risk score, the second fraud risk score and the third fraud risk score to obtain the fraud risk level.
3. 3. The intervention method of claim 2, wherein performing fraud risk assessment based on the call audio stream results in a first fraud risk score comprising: extracting target voiceprint characteristics of the calling party from the call audio stream, and And comparing the similarity of the target voiceprint features with the voiceprint features stored in a first database, and determining the first fraud risk score based on the comparison result, wherein the first database stores the voiceprint features of at least one fraudulent user.
4. 4. The intervention method of claim 2, wherein performing fraud risk assessment based on the semantic text stream, resulting in a second fraud risk score, comprising: And inputting the semantic text stream into a fraud recognition model which is arranged at the local terminal equipment so as to perform semantic understanding and fraud intention recognition on the semantic text stream through the fraud recognition model to obtain a second fraud risk score, wherein the fraud recognition model is a model obtained by performing knowledge distillation on a basic large language model to obtain a light-weight model and performing fine tuning training on the light-weight model by using marked fraud sample data.
5. 5. The intervention method of claim 2, wherein performing fraud risk assessment based on the interaction event stream, resulting in a third fraud risk score, comprises: extracting the target interactive behavior characteristics of the current call from the interactive event stream, and And comparing the target interactive behavior characteristics with the interactive behavior characteristics stored in a second database to obtain the third fraud risk score, wherein the second database stores at least one interactive behavior characteristic of the historical call with fraudulent activity.
6. 6. The intervention method of claim 2, wherein the comprehensively determining based on the first fraud risk score, the second fraud risk score, and the third fraud risk score, resulting in the fraud risk level, comprises: determining the weights of three modes; weighting and fusing the first fraud risk score, the second fraud risk score and the third fraud risk score based on the weights of the three modes to obtain a fraud risk total score, and The fraud risk level is determined based on the fraud risk total score.
7. 7. The intervention method of claim 2, wherein collecting multi-modality call data during a call comprises: Collecting a first audio signal output by a loudspeaker of the terminal equipment and a second audio signal input by a microphone by calling a system interface provided by an operating system in the conversation process, and carrying out mixing processing on the first audio signal and the second audio signal to obtain a conversation audio stream; Converting the call audio stream into text data by a speech recognition technique to obtain the semantic text stream, and And collecting operation events in a user interface of the terminal equipment by calling a system interface provided by an operation system in the conversation process, and arranging the operation events in time sequence to obtain the interactive event stream.
8. 8. The intervention method of claim 7, wherein the interactive event stream comprises at least one of an application switch event, an operation event of a preset control, a paste event, a share screen capture event, a remote control event, an open barrier-free service right, or an install application event.
9. 9. The intervention method of claim 1, wherein the trusted verification of the calling number comprises: Obtaining number sets from at least two different data sources in the terminal equipment to dynamically generate a set of trusted numbers; Comparing the calling number with the numbers in the set of trusted numbers to identify whether the calling number belongs to the set of trusted numbers, and Based on the identification result, whether the calling number passes the trusted verification is determined.
10. 10. The intervention method of claim 9, wherein obtaining sets of numbers from at least two different data sources in the terminal device to dynamically generate a set of trusted numbers comprises: Obtaining a first number set from an address book of the terminal equipment; Acquiring order data related to logistics distribution from life type applications installed in the terminal equipment, and extracting numbers of a distributor from the order data to obtain a second number set; obtaining a logistics notification short message from a short message database local to the terminal equipment, and extracting the number of a distributor from the logistics notification short message to obtain a third number set; obtaining a fourth number set from the historical call records of the terminal equipment and The set of trusted numbers is generated based on the first set of numbers, the second set of numbers, the third set of numbers, and the fourth set of numbers.
11. 11. The intervention method of claim 1, wherein performing the corresponding risk intervention operation locally at the terminal device based on the fraud risk level comprises: and when the fraud risk level is higher than or equal to a preset level, monitoring interactive operation between a user and the financial application locally at the terminal equipment, and executing corresponding risk intervention operation when monitoring specific operation.
12. 12. The intervention method of claim 11, wherein the specific operation comprises at least one of a transfer operation, a payment operation, a modify account security settings operation, or an open automated deduction protocol operation.
13. 13. The intervention method of claim 1, wherein the risk intervention operation comprises at least one of a pop-up prompt, a voice-over prompt, a light prompt, or a hover text prompt.
14. 14. The intervention method of claim 1, wherein the call event is an incoming call event; the collecting multi-mode call data during a call includes collecting multi-mode call data during a call in response to detecting a call connection setup event.
15. 15. A terminal device, comprising: at least one storage medium storing at least one instruction set, and At least one processor in communication with the at least one storage medium, wherein the at least one processor, when executed, reads the at least one instruction set and performs the fraud risk intervention method of any of claims 1-14, according to an indication of the at least one instruction set.
16. 16. A computer-readable non-transitory storage medium having stored therein at least one set of instructions that, when executed by at least one processor, implements the fraud risk intervention method of any of claims 1-14.

Description

Intervention method for fraud risk, terminal equipment and storage medium Technical Field The present disclosure relates to the field of terminal technologies, and in particular, to a fraud risk intervention method, a terminal device, and a storage medium. Background With the rapid development of communication technology, fraud telephones are increasingly sent, and means are continuously upgraded, so that the method has the characteristics of high camouflage and intelligence. Currently, the main scheme of preventing fraudulent calls mainly relies on two modes, namely, a number mark, namely, when a terminal device detects a call event, a calling number is extracted and uploaded to a remote server. The server matches in a fraud number base. If the calling number matches the number in the fraud number base, interception or warning is triggered. The other is keyword recognition based on cloud speech recognition, namely, call speech is uploaded to the cloud in real time, converted into text through an automatic speech recognition technology, and compared with a preset sensitive word stock, so that whether fraud risks exist or not is judged. However, there are significant limitations to both of the above approaches. On the one hand, the judgment logic of the number mark depends on the history mark number, and the fraud party can cause the failure of the protection mechanism only by replacing the number and using the number which is not recorded. On the other hand, the cloud speech recognition-based mode needs to upload call content to the cloud platform, and risks of data leakage, abuse and illegal retention exist. The statements in this background section merely provide information to the inventors and may not represent prior art to the present disclosure nor may they represent prior art to the filing date of the present disclosure. Disclosure of Invention The specification provides an intervention method, terminal equipment and storage medium for fraud risk, wherein the fraud risk is identified and intervened by using multi-mode call data locally at the terminal equipment, so that the identification accuracy and robustness of the fraud risk are improved, and meanwhile, the user privacy data is prevented from being revealed in the transmission or storage process. In a first aspect, the specification provides an intervention method of fraud risk, which is applied to terminal equipment, and the method comprises the steps of responding to a call event, obtaining a calling number of a call, performing trusted verification on the calling number, collecting multi-mode call data in a call process if the calling number fails the trusted verification, and executing fraud risk judgment on the terminal equipment locally based on the multi-mode call data to obtain fraud risk level, wherein the multi-mode call data comprises at least two data streams of a call audio stream, a semantic text stream or an interaction event stream, and executing corresponding risk intervention operation on the terminal equipment locally based on the fraud risk level. In some embodiments, when the multi-modal call data comprises a call audio stream, a semantic text stream and an interactive event stream, performing fraud risk determination based on the multi-modal call data to obtain a fraud risk level, including performing fraud risk assessment based on the call audio stream to obtain a first fraud risk score, performing fraud risk assessment based on the semantic text stream to obtain a second fraud risk score, performing fraud risk assessment based on the interactive event stream to obtain a third fraud risk score, and performing comprehensive determination based on the first fraud risk score, the second fraud risk score and the third fraud risk score to obtain the fraud risk level. In some embodiments, fraud risk assessment is performed based on the call audio stream to obtain a first fraud risk score, which includes extracting a target voiceprint feature of a calling party from the call audio stream, and comparing the target voiceprint feature with each voiceprint feature stored in a first database, wherein the first database stores voiceprint features of at least one fraudulent user, and determining the first fraud risk score based on the comparison result. In some embodiments, performing fraud risk assessment based on the semantic text stream to obtain a second fraud risk score includes inputting the semantic text stream into a fraud recognition model deployed locally to the terminal device to perform semantic understanding and fraud intention recognition on the semantic text stream through the fraud recognition model to obtain the second fraud risk score, wherein the fraud recognition model is a model obtained by performing knowledge distillation on a basic large language model to obtain a lightweight model and performing fine tuning training on the lightweight model by using marked fraud sample data. In some embodiments, performing fraud