Cloud computing in telecom space Part1

Cloud computing in telecom space:
Cloud Computing is a buzzword in the telecoms industry.By moving into the Cloud Computing arena, and beyond their role as mere connectivity providers, operators were hoping that by applying cloud services mainly like Iaas(Infrastructure as Service),Paas(Platform as a Service) and SaaS(Software as a Service) in telecom spaces they are going to get huge benifit. A Major issue in cloud computing,especially while using public clouds with Privacy,Security and with Standard Complaince.So Industry is going through a common framework where all issues can be addreseed in cloud computing space.
Major benifits of cloud computing in telecom space were
Competition, cost pressures, and the demand for services and applications anytime, anywhere, and on any device are forcing telecom service providers to consider alternative model and deleiver IT services demanded by the customers.
Read more...

Fraud Management System Part5(Investigation or Analysis Techniques)

Investigation or Analysis Techniques for Fraud Management :
• Rule based Analysis
• Data Mining (scoring module)
• Profiling
• Fingerprinting
• Link Analysis
Rule-based Analysis
• Used to customize how Alarm Analysis performs its work, based on operator unique policies and procedures
• Rule Conditions
− Existence of a specified severity level of a particular Alarm Count or Threshold Alarm
• Rule Results
− Create a case of a certain fraud type
− Take/Recommend an action
− Route a case on a specific worklist
Data Mining Analysis
• Activity parallel to rule analysis
• For each new alarm, the customer will be evaluated using existing scoring models
• SPSS Clementine provide the mechanism to extend and adapt the base models
• The resulting score will be taken into account by the workflow engine (case creation/routing)
New Case Redirection
Case Investigation --Supporting Information
• Displays information about the Case, including a list of Alarms detected and calls
• View Alarm or Call details
• Also, view:
− Entity information (general, contact, usage, profile)
− Actions (recommended by system, as well as analyst)
− System Findings
− Notes (entered by analyst, past or present)
− Additional investigation data (from other systems)
Case Creation Policies
>Correlates Alarms
>Generates case with confidence level
>Provides recommended actions

Alarm AnalysisCase Resolution
Case managementCase List summary
• Case Status
− Unseen not yet looked at by analyst
− Open an analyst is working on it
− On Watch analyst has reviewed and is not sure if fraud, watching for further evidence
− Alarmed case “on watch” by analyst, and new alarms have occurred for the customer
• Sort on
− Fraud Type detected, Service #, Confidence Level, Date Case created or modified, # of Alarms
• Select a Case to work on
Case Worklists
• Worklists define which analysts can see or work on different cases
− Individual Worklists
− Shared Worklists
• Allow fraud manager to organize FMS results to fit into their organizational structure
− subgroups or individuals that specialize in different networks or types of fraud
− cases for VIPs or sensitive subscribers
Automatic ActionsAllows Automatic Response To Fraud
• Service Providers’ Policies and Procedures
• Logical vs. Physical Actions
• Interface to external systems
• Invokes a shell script
− Shell script parameters
• equipment identifier
• service identifier
• etc.
Interactive ActionsAllow Manual Control
• Allow customers to access Web-Enabled applications through the FMS client
• System integrators will be able to:
− create custom buttons
− assign text and tool tips
− specify bitmaps and tie them to different customer applications
• FMS will be able to open a window displaying the contents of the URL associated with the button
Link Analysis & Call TracerInvestigation Analysis for subscription fraud
• Allows analyst to identify
− when two or more cases had calls to a common number
− when multiple fraudulent subscribers were called by a common number
• Link exploration
− Displaying in graphical form all numbers called by the target
− Reversing direction, and displaying in graphical form all numbers that called the target
− Iterate through multiple levels of linkage
Link Analysis
Case Archive
• Store information for resolved cases
− whether actual fraud or not
− fraud types, alarms, calls, actions
• The purpose is three-fold:
− cases can be retrieved and shown in the user interface
− input to data mining case analysis
− source of data carriers may use for their own analysis
FMS user access
• Four types of Users
− Case Manager fraud analyst
− Knowledge Manager implementing carrier’s fraud management policies
− System Manager responsible for overall system stability and proper performance
− Security Manager user management and ensuring proper use by the users
• Other privileges
− white list, add to black list, link analysis, custom toolbar, call archive query
• Access Buttons
− only enabled if authorized
FMS User Interface
• Explorer-type GUI supports pane-based editing
− Information organized in hierarchal view
− Easy navigation to make user more efficient
• Graphs
− New graphs combine thresholds, usage etc
• Print function on windows
• New editing capabilities for black and white lists
• User- and time-stamped Notes
Reports
− Only authorized users can create each class of report
− Case, Knowledge, and System Management
− HTML generated reports
− Custom reports can be developed for you
− In addition, carrier can use any Oracle compliant reporting tool to customize other types of reports (e.g. Business Objects)
Read more...

4G LTE Key concepts(Why industry is going behind 4g services across the globe)

Key concepts of 4G LTE(Long term Evolution)!
Now Why industry is going behind 4g services across the globe?
LTE encompasses the pillars of next genaration networks,The Key concepts LTE architecture behind Long term evolutions are:-
>Broadband wireless
High throughthroughput, low latency mobile access based on OFDM/MIMO and efficiently deliveringunicast, multicast and broadcast media.
>Convergence technology
A single applications domain serving customers across multiple networks and multiple devices.
> Technology Intelligence at the services edge
Implementing policy enforcementand decisions at the network edge while in an access-agnostic but access-aware across the different technology framework.
> Technology shifted to all-IP
Simplifying and streamlining the network, improving scalability and flexibility of the deployment and enabling consistent access-aware policy for enforcement and billing.
> Embedded security
A multi-layer and multi-vendor approach to network security is critical to ensure that network security is endemic to the network and have to be focused on point solutions.
Read more...

Fraud Management System Part4(Different patterns in Fraud Detection)

Different Fraud Patterns-Sequence – eg
The system will detect a sequence of patterns as:
->In a 2 h time window or depends on the business scenario given by the customer ( Time window)
->The user failed 3 logins or depends on the business scenario given by the customer (Accumulation Pattern)
->Downloaded > 300M Bytes or depends on the business scenario given by the customer (Accumulation Pattern)
->Made an access to a blacklisted IP or depends on the business scenario given by the customer (Single Event Pattern)

Sequence Pattern:
Subscriber Checks
->Unknown Entity (e.g. Subscriber/Service)
− Generate an alarm, when a call is received for an unknown service or subscriber

Suspension checks
-Generate an alarm, when call data indicates a call type for which the customer is suspended or barred

Authorization Checks
− Generate an alarm, when call data indicates a call type for which the customer is not explicitly authorized
This logics also applies to the prepaid or postpaid mismatch
Entity Pattern Detection
• User-defined patterns matched against service or subscriber information fed from billing or other customer database:
− Customer Document is Blacklisted
− Dealer Code is 123.*
− Customer name is ~Bartow
New Subscription Checks
• Contact number analysis
• Inactive new subscriber
• Change of installation-defined fields soon after activation
− e.g., change of billing address for identity theft
• Immediate roaming
• Roaming calls not to home country/carrier
High-risk destinations
• Operators can specify high fraud destinations
− Country Code
− Area Code
• Calls to countries or area codes on the high-fraud lists will generate alarms
− “Severe” alarm or “Unusual” alarm
− unless calls to that country or area code are in the service’s profile
• Examples:
− Country Code = 234 Nigeria (Severe)
− Area Code = 305 Miami (Unusual)
Black list checking
• FMS provides unlimited types of Black Lists
• Examples are:
− Service # (subscriber ID)
− Access Point
− From # (A#)
− To # (B#)
− Originating IP address
− Terminating IP address
− Equipment # (wireless)
• Alarm generated when call matches any entry on a black list
− Example: B# = 9785551234
• Partial blacklists match is supported in patterns, with regular expression
Smart thresholds
• Time Intervals tracked
− Time-of day usage
− Daily basis
• Peak and off-peak days, calendar based
• Ability to define free or reduced rate periods (e.g., nights, weekends)
− Weekly basis
− Monthly basis
− Per Call basis
• Seven ways to track usage
− duration, charge, number of calls, data volumes
Read more...

Fraud Management System Part3(Fraud Detection Techniques..)

Fraud Detection Techniques:
• Velocity/Collision
• Stuffing / High Count
− IMSI - Country
− IMSI - CFDW Destination
− IMSI - IMEI
− Subscription document - IMSI
− IMEI - IMSI
• Patterns (Classic, Accumulation, Sequence)
• Unknown / Unauthorized Subscriber checks
• New Subscriber checks
• Thresholds
• Blacklists
Detection Techniques
• Cross Rate
• Credit Limit
• Split Packages
• SIM Gateway
• Prepaid
− Balance Monitor
− Odd recharges
Detection techniquesBreadth of Coverage
Types of Detection -- Technical checks
High Destination Counts
Event Pattern Detection
• Allows operator to look for specific situations
• Detect any call that matches operator-defined patterns
• Allows customer data conditions as well:
− Event is GSM CDR
− Event starts between 00:30 and 05:30, and
− Event duration > 60 minutes and,
− Event category is (International or Premium), and
− Entity activated less than 120 days ago, and
− Entity payment is cash
− Entity age is < 25
Pattern Detection (Event and Entity)
• Blacklisted fields declaration
− If dealer-Id is blacklisted then
• Regular expressions
− If dealer-id = 123.*.* then
• Approximate name matches
− If Family-Name ~ Argento then
• Applied on event fields or on entity information feed
Classic Pattern
New Pattern Model - Examples
• Accumulation Pattern in a time window:
− Pattern-1
• More than 3 recharges@5$
• within a 12 hour period
− Pattern-2
• Three calls duration > 60 min
• Days since activation < 30
• In a 6 hour period
Read more...

Fraud Management System Part2(FMS System Overview)

FMS System Overview:
Event Representation
• Extend current support beyond CDR-like events:
Support for any kind of
• 3G data event
• any revenue related events
New event types added dynamically
• Familiar CDR records become a specific event type
Each event separately represented in the database
• New event types will be defined by a:
− Event type
Set of user-defined associated fields
Set of base modules acting on it (e.g. threshold, pattern)
Optional/custom modules acting on those new events
Support for 3G
• 3G carriers implement services, which allow non-voice data to be transmitted across mobile and fixed line networks.
• FMS features include Event/Transaction data record formats, including fields as:
• Access Point Name (GPRS)
• Destination and Origin IP (IPv4 and IPv6)
• Level of Service
• Etc.
• All fields are useable in pattern matching
• Four user-defined volume tracking types to measure different data volumes

Example of Supported Events
Entity Hierarchy
• Implements a multi level hierarchy of billing entity:
e.g. Company à Account à Subscriber à Service
Service Providers
Internal Operators
Public Phone
etc.
• Better models the hierarchy present in a 3G carrier’s environment

• Addresses the need to perform different detections at each level

• Each level will have a separate threshold configuration and different patterns
Read more...

Different status of Telecom Billing Life cycle

Telecom Billing Life cycle Status:
Billing solution provides a service lifecycle model and the management of subscriptions (MSISDNs) within that life cycle
The following lifecycle states used in the solution and a MSISDN will always be in one of these states:
•Pre-Active – The subscription state where the MSISDN is provisioned through provisioning system but is not yet “Active”
•Active – The MSISDN state while the account balance is greater than the “active balance threshold” and neither the Active or Life Time timers have expired. Switch will allow subscribers to originate events (voice calls, send SMS-MO, MMS, receive SMS-MT etc) in this state (assuming sufficient balance etc to rate the event). A recharge will typically move the subscriber to this state from the Pre-Active, Insufficient Funds or Deactive states. The “active balance threshold” is normally set to zero.balance’ to make calls.
•Inactive – The subscription state when the account balance is less than or equal to zero (due to subscriber or customer care activity) but neither the Active nor Life time timers have expired. The subscriber can only originate calls to the IVR, or CSRs. For example the subscriber has not used all of their active time since the last recharge (e.g. still 20 days left) but they have zero balance.
•Deactive – The subscription state when the Active timer but not the Lifetime timer has expired. The subscriber can only originate calls to the IVR, or CSRs. For example, the subscriber has used all of their active time (e.g. more than 186 days). Once the subscriber performs a recharge they will move back to the Active state and the active time will start again.
•Expired – The subscription state when the Lifetime timer has expired. Subscribers will exist indefinitely in this state on the network switch until a request is received from the csr to erase the subscriber or Reactivate the account (which will change the state from “disconnected” to “Deactive”). For example, more than 372 days have passed since the subscriber’s last successful recharge.
Read more...