Open Access

ARTICLE

DC-FIPD: Fraudulent IP Identification Method Based on Homology Detection

Yuanyuan Ma¹, Ang Chen¹, Cunzhi Hou¹, Ruixia Jin², Jinghui Zhang¹, Ruixiang Li^3,4,*

1 College of Computer and Information Engineering, Henan Normal University, Xinxiang, 453007, China
2 Intelligent Medical Engineering, SanQuan Medical College, Xinxiang, 453003, China
3 Information Engineering University, Information Engineering University, Zhengzhou, 450001, China
4 Key Laboratory of Cyberspace Situation Awareness of Henan Province, Zhengzhou, 450001, China

* Corresponding Author: Ruixiang Li. Email:

Computers, Materials & Continua 2024, 81(2), 3301-3323. https://doi.org/10.32604/cmc.2024.056854

Received 01 August 2024; Accepted 29 September 2024; Issue published 18 November 2024

Abstract

Currently, telecom fraud is expanding from the traditional telephone network to the Internet, and identifying fraudulent IPs is of great significance for reducing Internet telecom fraud and protecting consumer rights. However, existing telecom fraud identification methods based on blacklists, reputation, content and behavioral characteristics have good identification performance in the telephone network, but it is difficult to apply to the Internet where IP (Internet Protocol) addresses change dynamically. To address this issue, we propose a fraudulent IP identification method based on homology detection and DBSCAN(Density-Based Spatial Clustering of Applications with Noise) clustering (DC-FIPD). First, we analyze the aggregation of fraudulent IP geographies and the homology of IP addresses. Next, the collected fraudulent IPs are clustered geographically to obtain the regional distribution of fraudulent IPs. Then, we constructed the fraudulent IP feature set, used the genetic optimization algorithm to determine the weights of the fraudulent IP features, and designed the calculation method of the IP risk value to give the risk value threshold of the fraudulent IP. Finally, the risk value of the target IP is calculated and the IP is identified based on the risk value threshold. Experimental results on a real-world telecom fraud detection dataset show that the DC-FIPD method achieves an average identification accuracy of 86.64% for fraudulent IPs. Additionally, the method records a precision of 86.08%, a recall of 45.24%, and an F1-score of 59.31%, offering a comprehensive evaluation of its performance in fraud detection. These results highlight the DC-FIPD method’s effectiveness in addressing the challenges of fraudulent IP identification.

---

Keywords

---