Fraud Detection module

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fraud Detection module

Andrei Datcu-2

Hello OpenSIPS community,


When was the last time when your users were hijacked and scammed? We know for sure when it will be the last time - NOW! For those of you familiar with the major problem in the VoIP world, we have good news: OpenSIPS 2.1 can now detect and prevent those attacks through it’s fraud detection module!


Fraud is a major problem nowadays and it is more complex as it depends on the end-user/end-device security level. And all the VoIP providers are looking forward for ways to protect their users and avoid the blame.



For recognizing an attack, the Fraud Detection module defines profiles. A profile is a set of five parameters that together decide when an user account is hijacked:


* Total number of calls - maximum number of incoming calls (in a given time frame) before considering the accounted hijacked


* Number of calls per minute - maximum number of CPS before considering the user account hijacked


* Number of concurrent calls - maximum number of parallel calls the user can have without being considered hijacked


* Number of sequential calls - maximum number of consecutive calls to the same destination before the user account is considered hijacked


* Call duration - maximum duration of a call before being considered a potential fraud



Each user gets assigned a profile and OpenSIPS will update and evaluate the profile for each incoming call of that user. The Fraud Detection will keep trace of the user’s calls, of their parameters and how their are fitting into the user’s profile. Whenever a threshold for one of these parameters is hit, you will be noticed either through a return code or through an event.


A quick start tutorial is already available[1]


The module documentation can be found at[2]


Please do not hesitate to provide any feedback, comments, reports or questions in regards to this new module.



[1]http://www.opensips.org/Documentation/Tutorials-FraudDetection-2-1

[2]http://www.opensips.org/html/docs/modules/2.1.x/fraud_detection.html


Regards,

Andrei Datcu


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection module

Laszlo
Hi Andrei, 

This is a very useful module and can be a life saver. We implemented nearly the same thing 1 year ago (actually it's a two level check) with nearly the same logic as we see in this module.
Few more "variables" are used in the logic, like monitoring the useragent string, monitoring the last 10/100/1000 calls to check past dialing patterns, etc. In nowadays's nosql and caching "era" it should not be a problem. This module is definately a good start!


On Wed, Feb 25, 2015 at 3:02 PM, Andrei Datcu <[hidden email]> wrote:

Hello OpenSIPS community,


When was the last time when your users were hijacked and scammed? We know for sure when it will be the last time - NOW! For those of you familiar with the major problem in the VoIP world, we have good news: OpenSIPS 2.1 can now detect and prevent those attacks through it’s fraud detection module!


Fraud is a major problem nowadays and it is more complex as it depends on the end-user/end-device security level. And all the VoIP providers are looking forward for ways to protect their users and avoid the blame.



For recognizing an attack, the Fraud Detection module defines profiles. A profile is a set of five parameters that together decide when an user account is hijacked:


* Total number of calls - maximum number of incoming calls (in a given time frame) before considering the accounted hijacked


* Number of calls per minute - maximum number of CPS before considering the user account hijacked


* Number of concurrent calls - maximum number of parallel calls the user can have without being considered hijacked


* Number of sequential calls - maximum number of consecutive calls to the same destination before the user account is considered hijacked


* Call duration - maximum duration of a call before being considered a potential fraud



Each user gets assigned a profile and OpenSIPS will update and evaluate the profile for each incoming call of that user. The Fraud Detection will keep trace of the user’s calls, of their parameters and how their are fitting into the user’s profile. Whenever a threshold for one of these parameters is hit, you will be noticed either through a return code or through an event.


A quick start tutorial is already available[1]


The module documentation can be found at[2]


Please do not hesitate to provide any feedback, comments, reports or questions in regards to this new module.



[1]http://www.opensips.org/Documentation/Tutorials-FraudDetection-2-1

[2]http://www.opensips.org/html/docs/modules/2.1.x/fraud_detection.html


Regards,

Andrei Datcu


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




--

--
Kind regards,
Laszlo Bekesi
http://voipfreak.net

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Fraud Detection module

Razvan Crainea-3
Hi, Laszlo!

The new module should provide all these features in a unified way. Just give it a try and let us know how it works :).

Best regards,
Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com
On 02/25/2015 06:37 PM, Laszlo wrote:
Hi Andrei, 

This is a very useful module and can be a life saver. We implemented nearly the same thing 1 year ago (actually it's a two level check) with nearly the same logic as we see in this module.
Few more "variables" are used in the logic, like monitoring the useragent string, monitoring the last 10/100/1000 calls to check past dialing patterns, etc. In nowadays's nosql and caching "era" it should not be a problem. This module is definately a good start!


On Wed, Feb 25, 2015 at 3:02 PM, Andrei Datcu <[hidden email]> wrote:

Hello OpenSIPS community,


When was the last time when your users were hijacked and scammed? We know for sure when it will be the last time - NOW! For those of you familiar with the major problem in the VoIP world, we have good news: OpenSIPS 2.1 can now detect and prevent those attacks through it’s fraud detection module!


Fraud is a major problem nowadays and it is more complex as it depends on the end-user/end-device security level. And all the VoIP providers are looking forward for ways to protect their users and avoid the blame.



For recognizing an attack, the Fraud Detection module defines profiles. A profile is a set of five parameters that together decide when an user account is hijacked:


* Total number of calls - maximum number of incoming calls (in a given time frame) before considering the accounted hijacked


* Number of calls per minute - maximum number of CPS before considering the user account hijacked


* Number of concurrent calls - maximum number of parallel calls the user can have without being considered hijacked


* Number of sequential calls - maximum number of consecutive calls to the same destination before the user account is considered hijacked


* Call duration - maximum duration of a call before being considered a potential fraud



Each user gets assigned a profile and OpenSIPS will update and evaluate the profile for each incoming call of that user. The Fraud Detection will keep trace of the user’s calls, of their parameters and how their are fitting into the user’s profile. Whenever a threshold for one of these parameters is hit, you will be noticed either through a return code or through an event.


A quick start tutorial is already available[1]


The module documentation can be found at[2]


Please do not hesitate to provide any feedback, comments, reports or questions in regards to this new module.



[1]http://www.opensips.org/Documentation/Tutorials-FraudDetection-2-1

[2]http://www.opensips.org/html/docs/modules/2.1.x/fraud_detection.html


Regards,

Andrei Datcu


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




--

--
Kind regards,
Laszlo Bekesi
http://voipfreak.net


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users