Section: Contracts and Grants with Industry


Participants : Olivier Festor [contact] , Mohamed Nassar.


April 2010 - December 2011


INRIA Nancy Grand Est (MADYNES)

In traditional telecommunication, various experts estimate that fraud accounts for annual losses at an average of 5% of the operators revenue and still increasing at a rate of more than 10% yearly. Hence, with the openness and low cost structure of voice over IP (VoIP) service one can expect an even higher threat of fraud and higher losses of revenue making fraud and misuse of services one of the main challenges to VoIP providers. Fraud detection has been an active research and development area in the world of banking and credit card industry. In the VoIP area, there is still hardly any research or products that can assist providers in detecting anomalous behaviour. To fill in this gap, SCAMSTOP will provide a complete framework/solution for automatic fraud detection that alarms providers when suspicious behaviour is detected. The design of the SCAMSTOP fraud detection tools will be based on two aspects. On the one side, SCAMSTOP will use well known methods for statistical behavioural modelling and anomaly detection that have proven their efficiency in the area of credit card, banking and telecommunication and apply them to Internet telephony services. Of special interest here is characterizing the normal usage behaviour while taking into consideration the offered service plans and service structure. On the other side, innovative approaches based on multi-protocol event correlation that takes into account the specific nature of VoIP protocols and components will be developed. This solution will not only be designed to achieve a high detection rate but it will also be optimized to be resource efficient as well. To assess the efficiency and usability of the developed tools and mechanisms, the SCAMSTOP fraud detection system will be intensively tested and probed throughout the project. The consortium is a healthy mixture of SMEs including VoIP service provider, VoIP security and signalling products manufacturers as well as reputed research organizations.

We have developped an integrated environment that allows an operator to perform various clustering activities on call detail records and use profiles. In a cooperation with the University of Liege, we have also investigated alternative methods to detect fraud in Voice over IP systems. A decision tree approach was designed to automatically classify INVITE messages as SPIT or normal based only on the content and order of their fields. A supporting architecture enabling user reporting of SPIT was also designed in this work.