mobile fraud detection using neural networks
TRANSCRIPT
Mobile Fraud Detection Using Neural Networks
ByVidhya Moorthy
IIIrd Year, Sri Sairam Engineering College
Introduction• What are frauds ?
The answer is rather simple as any activity by which service is obtained without intention of paying.
• Frauds in network is of great concern for mobile network operators as they lose millions of customer every year due to fraud.
• Eventough network operators take additional security measures in GSM and UMTS systems to reduce the risk of fraud, certain commercial frauds are not detected accurately leading to misuse of network.
• In this presentation we focus on a brief classification of fraud and its two detection methods in prevalence and the one I propose using “NEURAL NETWOKS”
Possible Frauds in Mobile Network• Fraudulent behavior in mobile network is classified briefly as follows
Indicators• Indicators are tools used to process network data to detect fraudulent activity
in the network.
• Indicators are classified as follows
Usage indicators – indicates the usage pattern of the mobile network.
Mobility Indicators – indicates movement of mobile in network area.
Deductive Indicators – indicates sudden change or suspicious behavior like overlapping calls and velocity checks.
Primary Indicators – produces useful information when used in isolation to detect fraud.
Secondary Indicators – produces useful information in isolation but not sufficient as a stand alone indicator.
Tertiary Indicators – produces supporting information when used in combination.
Toll TicketA toll ticket is metadata containing details pertaining to every attempt of phone calls.Toll tickets are used to provide information to the indicators for the process of fraud detection.
User Profiling• The toll tickets are preprocessed to encrypt user profile data and
establish privacy of users .
• After this the metadata is analyzed by two approaches namely
Absolute analysis
Differential analysis
Absolute Analysis
Toll Ticket
•Collect data on each call of a number in network
•Preprocess to encrypt private user data
Compare to trigger
•Compare user data with standard data
•Detect the occurrence of a fraudulent event
•Event means a hacking forms like “denial of service” ,”spoofing”
Fire Trigger to Network operator
•The trigger fires an alarm status to the network operator
•Network operator receives the message
Networ
k Operat
or Action
It blocks switches and routers of the
detected path
Differential Analysis
Toll Ticket
•Collect data on each call of a number in network
•Preprocess to encrypt private user data
Compare to history
•Compare user data with user history of data of the same user.
•Detect the occurrence of a sudden changes in the pattern of data in history and present.
•Change means a sudden high usage of memory or datagram packets per call
Fire Trigger to Network operator
•The trigger fires an alarm status to the network operator
•Network operator receives the message
Networ
k Operator Action
It blocks switches and routers of the detected path
Advantages Of Differential Analysis
• The main advantage of differential approach is that it goes into the scope of the user data history. Whereas in absolute approach is restricted to a network activity as a whole.
• The anomalous activity of one user may appear legal to another user hence absolute approach lacks to support this feature whereas differential approach does.
Strategies Of Differential Approach
• Huge quantity of toll tickets are collected and encrypted. The encrypted data is stored and manipulated by using two strategies.
Strategy 1
• The encrypted data is stored in record format and This would require two windows or spans over the sequence of transactions for each user namely “ The Current User Profile” (CUP) and “The User Profile History” (UPH).
• Both profiles could be treated and maintained as finite length queues. When a new Toll Ticket arrives for a given user, the oldest entry from the UPH would be discarded and the oldest entry from the CUP would move to the back of the UPH queue. The new record encoded from the incoming Toll Ticket would then join the back of the CUP queue
Strategy 2
• A more suitable approach is to compute a single cumulative CUP and UPH, for each user, from incoming Toll Tickets, which can be stored as individual records, possibly in a database.
• So that we maintain the concept of having two different spans over the Toll Tickets without retaining a database record for each Toll Ticket, we will need to decay both profiles before the influence of a new Toll Ticket can be taken into consideration.
• A straightforward decay factor may not be suitable, as this will potentially dilute information relating to encoded parameters stored in the user's profile. An important concern here is the potential creation of false behavior patterns. Several decaying systems are currently being investigated.
Fraud relevant user profile• Charged_IMSI (identifies the user)
• First_Cell_Id (location characteristic for mobile originating calls)
• Chargeable_Duration (base for all cost estimations)
• B_Type_of_Number (for distinguishing between national / international calls)
• Non_Charged_Party (the number dialed)
Rule Based Approach Of Fraud Detection
Based on a standard set of rules to monitor a suspicious calling party
Scenario
User A User B
User C (UNKNOWN)
Calling Party (Suspect)
Called Party (Suspect or User)
Forwarded Party (Mostly User)PDAT
Toll Ticket
Protocol Data
Analysis Tool(PDAT)
This tool is used to analyze toll ticket of each user of network and provide a GUI interface to the user on analysis result.
It uses a special programming language call PDAL
Neural Network Based Approach for Fraud
Detection Based on training network by supervised or unsupervised
manner to handle existing and new frauds in coming future
Transition from “Rule Based” to “Neural Networks”
• DISADVANTAGES OF RULE BASED APPROACH
Only standard fraud patterns are detected, new forms of frauds developed with advance technologies are not detected.
Stores huge volume of unsuspicious data, wasting memory efficiency.
Needs human handling mostly .
• ADVANTAGES OF NEURAL NETWORK BASED APPROACH
Existing and new fraud behavior is detected.
Stores only relevant and suspicious data for processing.
Needs human training only in the beginning.
Neural Networks• computational models inspired by an animal's central nervous systems
(in particular the brain) which is capable of machine learning as well as pattern recognition. Artificial neural networks are generally presented as systems of interconnected "neurons" which can compute values from inputs.
• For example, a neural network for handwriting recognition is defined by a set of input neurons which may be activated by the pixels of an input image. After being weighted and transformed by a function (determined by the network's designer), the activations of these neurons are then passed on to other neurons. This process is repeated until finally, an output neuron is activated. This determines which character was read.
• Training of neurons is of two types
Supervised training
Unsupervised training
Process
Training of Neural
Network
Storing relevant and suspicious data only
Raising alarm to network operator
Conclusion• Since this system is based on history of user, it is not a foolproof
system. There is every possibility that even stolen mobile can be made similar use as before. But anyhow the losses by making similar use will be very less. Usually whenever a mobile is stolen, the user is likely to complaint to the police. So the limitation mentioned above may not be a major problem. Another limitation may be that, the user may himself make abnormal use of his mobile. So it is very essential that such false alarms should be prevented.
• The above-mentioned limitation can be overcome very easily. One of the available methods is to have a password mechanism.
• In password mechanism the user will be provided with a unique code or password. When network moderator has a doubt of misuse of a particular mobile he can ask for password confirmation from the user.
Click icon to add picture