SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
Download as PPTX, PDF1 like1,541 views
The document discusses telco fraud detection, focusing on PBX hacking as a significant issue resulting in multi-million euro losses. Dr. Cu D. Nguyen outlines methods utilizing machine learning and big data analytics to identify and block fraudulent activities efficiently. The emphasis is on evolving solutions that adapt rapidly to new fraud patterns through automation and advanced analytics techniques.
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
- 1. Telco Fraud Detection and Mitigation Cu D. Nguyen, Ph.D. Data Scientist and Security Architect POST Luxembourg November 2018
- 2. POST Luxembourg Telecom Services, Infrastructures & ICT Postal/Courrier & Logistique Financial Services 4371 employees 43 nationalities
- 3. My Background and Role ▶ Data Scientist and Security Architect at Post Luxembourg ▶ Machine learning, computer security, software engineering ▶ Security blue team: ▶ Visibility, Intelligence, and Action ▶ Innovation ▶ “Splunk> see the forest, and the trees” Cu D. Nguyen, Ph.D.
- 4. Telco fraud – a multi-million-dollar-a-year problem
- 5. PBX hacking ▶ A telephone system within an enterprise ▶ Switching calls among local users and share external phone lines What is a PBX? And when it’s hacked, what happens? ▶ Attackers/fraudsters control the PBX, making premium rate (expensive) calls
- 6. A deep-dive into a PBX hacking fraud Hacked phone numbers Premium phone numbers owned by fraudsters
- 7. A deep-dive into a PBX hacking fraud A well-organized crime: • 19 calling numbers from the hacked PBX • 1000+ destination numbers all over the world • Cost ~50K euros if not handled
- 8. What we’ve learned Fraudsters are well-organized and evolving Running AFTER them, we need to be FAST and PRECISE! BigData Analytics Machine Learning Automation
- 9. Comprehensive Quality & Governance ▶ Filtering ▶ Anonymizing ▶ Parsing ▶ Enriching ▶ Role-based access control ▶ Auditability Extendibility and Scalability ▶ Scalable in a linear fashion ▶ Apps & TAs Why Splunk? hours weeks
- 10. Splunk at Post Luxembourg Spam/Fraud detectors Voice Mobile & Fix SMS/MMS Block/unblock API On Telecom Gateways Network CDRs Machine learning IT DDoS TIDS DevOps • 62.5M events/day • Approx. filtered 80GB/day Fraud management GUI
- 11. Fraud detection using machine learning Use historical data for training models (detectors) Use the trained models for classifying new data Frequent retraining to catch new patterns Image source: http://www.cognub.com/index.php/cognitive-platform/
- 12. Fraud detection using Splunk ML Toolkit normal cases frauds Features: number of calls, number of targets, destination countries, cost, duration …. Models: Random Forest (+ statistical models)
- 13. Encouraging results Hacked numbers being detected and blocked automatically
- 14. What’s next? ▶ Evolving telco frauds meet evolving solutions ▶ Faster ▶ Broader, covering more cases ▶ Smarter, being more precise and dealing with new patterns ▶ Machine learning ▶ From supervised to semi or unsupervised, in collaboration with University of Luxembourg ▶ AutoML (algorithm selection and hyperparameter tuning)
- 15. © 2018 SPLUNK INC. Key Takeaways