23-07-2012, 03:58 PM
MOBILE FRAUD DETECTION
MOBILE FRAUD DETECTION.doc (Size: 62.5 KB / Downloads: 22)
Abstract
This paper discusses the status of research on detection of fraud undertaken in mobile system.
A first task has been the identification of possible fraud scenarios and of typical fraud indicators, which can be mapped to data in toll tickets. Currently, this project is exploring the detection of fraudulent behaviour based on a combination of absolute and differential usage. Three approaches are being investigated: a rule-based approach, and two approaches based on neural networks, where both supervised and unsupervised learning are considered. Special attention is being paid to the feasibility of the implementations.
Introduction
It is estimated that the mobile communications industry loses several million customers per year due to fraud. Therefore, prevention and early detection of fraudulent activity is an important goal for network operators. It is clear that the additional security measures taken in GSM and in the future UMTS (Universal Mobile Telecommunications System) make these networks less vulnerable to fraud than the analogue networks. Nevertheless, certain types of commercial fraud are very hard to preclude by technical means. It is also anticipated that the introduction of new services can lead to the development of new ways to defraud the system. The use of sophisticated fraud detection techniques can assist in early detection of commercial frauds, and will also reduce the effectivity of technical frauds.
Toll Ticket
The potential fraud indicators have been mapped to network data required to measure them. The information required to monitor the use of the communications network is contained in the toll tickets.
Toll Tickets are data records containing details pertaining to every mobile phone call attempt. Toll Tickets are transmitted to the network operator by the cells or switches that the mobile phone was communicating with. They are used to determine the charge to the subscriber, but they also provide information about customer usage and thus facilitate the detection of any possible fraudulent use. It has been investigated which fields in the GSM toll tickets can be used as indicators for fraudulent behaviour.
Before use in the fraud detection engine, the toll tickets are being preprocessed. An essential component of this process is the encryption of all personal information in the toll tickets (such as telephone numbers). This allows for the protection of the privacy of users during the development of the fraud detection tools, while at the same time the network operators will be able to obtain the identity of fraudulent users.
Absolute or differential analysis
Absolute analysis
Existing fraud detection systems tend to interrogate sequences of Toll Tickets comparing a function of the various fields with fixed criteria known as triggers. A trigger, if activated, raises an alert status, which cumulatively would lead to an investigation by the network operator. Such fixed trigger systems perform what is known as an absolute analysis of the Toll Tickets and are good at detecting the extremes of fraudulent activity.
Differential analysis
Another approach to the problem is to perform a differential analysis. Here we monitor behavioural patterns of the mobile phone comparing its most recent activities with a history of its usage. Criteria can then be derived to use as triggers that are activated when usage patterns of the mobile phone change significantly over a short period of time. A change in the behaviour pattern of a mobile phone is a common characteristic in nearly all fraud scenarios excluding those committed on subscription where there is no behavioural pattern established.
Rule-based approach to fraud detection
This approach works best with user profiles containing explicit information, where fraud criteria given as rules can be referred. User profiles are maintained for the directory number of the calling party (A-number), for the directory number of the called party (B-number) and also for the cells used to make/receive the calls. A-number profiles represent user behaviour and are useful for the detection of most types of fraud, while B-number profiles point to hot destinations and thus allow the detection of frauds based upon call forwarding. All deviations from normal user behaviour resulting from the different analyzing processes are collected and alarms will finally be raised if the results in combination fulfill given alarm criteria.
The implementation of this solution is based on an existing rule-based tool for audit trail analysis PDAT (Protocol Data Analysis Tool). PDAT is a rule-based tool for intrusion detection. PDAT works in heterogeneous environments, has the possibility of on-line analysis, and provides a performance of about 200 KB input per second. Important goals were flexibility and broad applicability, including the analysis of general protocol data, which is achieved by the special language PDAL (Protocol Data Analysis Language). PDAL allows the programming of analysis criteria as well as a GUI-aided configuration of the analysis at run-time.
Neural network based approach to fraud detection
A second approach to identify fraudulent behaviour uses neural networks. The multiplicity and heterogeneity of the fraud scenarios require the use of intelligent detection systems. The fraud detection engine has to be flexible enough to cope with the diversity of fraud. It should also be adaptive in order to face new fraud scenarios, since fraudsters are likely to develop new forms of fraud once older attacks become impractical. Further, fraud appears in the billing system as abnormal usage patterns in the toll ticket records of one or more users. The function of the fraud detection engine is to recognise such patterns and produce the necessary alarms. High flexibility and adaptivity for a pattern recognition problem directly point to neural networks as a potential solution. Neural networks are systems of elementary decision units that can be adapted by training in order to recognise and classify arbitrary patterns. The interaction of a high number of elementary units makes it possible to learn arbitrarily complex tasks. For fraud detection in telephone networks, neural network engines are currently being developed worldwide. As a closely related application, neural networks are now routinely used for the detection of credit card fraud.
MOBILE FRAUD DETECTION.doc (Size: 62.5 KB / Downloads: 22)
Abstract
This paper discusses the status of research on detection of fraud undertaken in mobile system.
A first task has been the identification of possible fraud scenarios and of typical fraud indicators, which can be mapped to data in toll tickets. Currently, this project is exploring the detection of fraudulent behaviour based on a combination of absolute and differential usage. Three approaches are being investigated: a rule-based approach, and two approaches based on neural networks, where both supervised and unsupervised learning are considered. Special attention is being paid to the feasibility of the implementations.
Introduction
It is estimated that the mobile communications industry loses several million customers per year due to fraud. Therefore, prevention and early detection of fraudulent activity is an important goal for network operators. It is clear that the additional security measures taken in GSM and in the future UMTS (Universal Mobile Telecommunications System) make these networks less vulnerable to fraud than the analogue networks. Nevertheless, certain types of commercial fraud are very hard to preclude by technical means. It is also anticipated that the introduction of new services can lead to the development of new ways to defraud the system. The use of sophisticated fraud detection techniques can assist in early detection of commercial frauds, and will also reduce the effectivity of technical frauds.
Toll Ticket
The potential fraud indicators have been mapped to network data required to measure them. The information required to monitor the use of the communications network is contained in the toll tickets.
Toll Tickets are data records containing details pertaining to every mobile phone call attempt. Toll Tickets are transmitted to the network operator by the cells or switches that the mobile phone was communicating with. They are used to determine the charge to the subscriber, but they also provide information about customer usage and thus facilitate the detection of any possible fraudulent use. It has been investigated which fields in the GSM toll tickets can be used as indicators for fraudulent behaviour.
Before use in the fraud detection engine, the toll tickets are being preprocessed. An essential component of this process is the encryption of all personal information in the toll tickets (such as telephone numbers). This allows for the protection of the privacy of users during the development of the fraud detection tools, while at the same time the network operators will be able to obtain the identity of fraudulent users.
Absolute or differential analysis
Absolute analysis
Existing fraud detection systems tend to interrogate sequences of Toll Tickets comparing a function of the various fields with fixed criteria known as triggers. A trigger, if activated, raises an alert status, which cumulatively would lead to an investigation by the network operator. Such fixed trigger systems perform what is known as an absolute analysis of the Toll Tickets and are good at detecting the extremes of fraudulent activity.
Differential analysis
Another approach to the problem is to perform a differential analysis. Here we monitor behavioural patterns of the mobile phone comparing its most recent activities with a history of its usage. Criteria can then be derived to use as triggers that are activated when usage patterns of the mobile phone change significantly over a short period of time. A change in the behaviour pattern of a mobile phone is a common characteristic in nearly all fraud scenarios excluding those committed on subscription where there is no behavioural pattern established.
Rule-based approach to fraud detection
This approach works best with user profiles containing explicit information, where fraud criteria given as rules can be referred. User profiles are maintained for the directory number of the calling party (A-number), for the directory number of the called party (B-number) and also for the cells used to make/receive the calls. A-number profiles represent user behaviour and are useful for the detection of most types of fraud, while B-number profiles point to hot destinations and thus allow the detection of frauds based upon call forwarding. All deviations from normal user behaviour resulting from the different analyzing processes are collected and alarms will finally be raised if the results in combination fulfill given alarm criteria.
The implementation of this solution is based on an existing rule-based tool for audit trail analysis PDAT (Protocol Data Analysis Tool). PDAT is a rule-based tool for intrusion detection. PDAT works in heterogeneous environments, has the possibility of on-line analysis, and provides a performance of about 200 KB input per second. Important goals were flexibility and broad applicability, including the analysis of general protocol data, which is achieved by the special language PDAL (Protocol Data Analysis Language). PDAL allows the programming of analysis criteria as well as a GUI-aided configuration of the analysis at run-time.
Neural network based approach to fraud detection
A second approach to identify fraudulent behaviour uses neural networks. The multiplicity and heterogeneity of the fraud scenarios require the use of intelligent detection systems. The fraud detection engine has to be flexible enough to cope with the diversity of fraud. It should also be adaptive in order to face new fraud scenarios, since fraudsters are likely to develop new forms of fraud once older attacks become impractical. Further, fraud appears in the billing system as abnormal usage patterns in the toll ticket records of one or more users. The function of the fraud detection engine is to recognise such patterns and produce the necessary alarms. High flexibility and adaptivity for a pattern recognition problem directly point to neural networks as a potential solution. Neural networks are systems of elementary decision units that can be adapted by training in order to recognise and classify arbitrary patterns. The interaction of a high number of elementary units makes it possible to learn arbitrarily complex tasks. For fraud detection in telephone networks, neural network engines are currently being developed worldwide. As a closely related application, neural networks are now routinely used for the detection of credit card fraud.