Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg

971 visualizaciones

Publicado el

POST Luxembourg deep dive on telco fraud and how to stay a step ahead with Splunk's Machine Learning Toolkit

Publicado en: Tecnología
  • Inicia sesión para ver los comentarios

SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg

  1. 1. Telco Fraud Detection and Mitigation Cu D. Nguyen, Ph.D. Data Scientist and Security Architect POST Luxembourg November 2018
  2. 2. POST Luxembourg Telecom Services, Infrastructures & ICT Postal/Courrier & Logistique Financial Services 4371 employees 43 nationalities
  3. 3. My Background and Role ▶ Data Scientist and Security Architect at Post Luxembourg ▶ Machine learning, computer security, software engineering ▶ Security blue team: ▶ Visibility, Intelligence, and Action ▶ Innovation ▶ “Splunk> see the forest, and the trees” Cu D. Nguyen, Ph.D.
  4. 4. Telco fraud – a multi-million-dollar-a-year problem
  5. 5. PBX hacking ▶ A telephone system within an enterprise ▶ Switching calls among local users and share external phone lines What is a PBX? And when it’s hacked, what happens? ▶ Attackers/fraudsters control the PBX, making premium rate (expensive) calls
  6. 6. A deep-dive into a PBX hacking fraud Hacked phone numbers Premium phone numbers owned by fraudsters
  7. 7. A deep-dive into a PBX hacking fraud A well-organized crime: • 19 calling numbers from the hacked PBX • 1000+ destination numbers all over the world • Cost ~50K euros if not handled
  8. 8. What we’ve learned Fraudsters are well-organized and evolving Running AFTER them, we need to be FAST and PRECISE! BigData Analytics Machine Learning Automation
  9. 9. Comprehensive Quality & Governance ▶ Filtering ▶ Anonymizing ▶ Parsing ▶ Enriching ▶ Role-based access control ▶ Auditability Extendibility and Scalability ▶ Scalable in a linear fashion ▶ Apps & TAs Why Splunk? hours weeks
  10. 10. Splunk at Post Luxembourg Spam/Fraud detectors Voice Mobile & Fix SMS/MMS Block/unblock API On Telecom Gateways Network CDRs Machine learning IT DDoS TIDS DevOps • 62.5M events/day • Approx. filtered 80GB/day Fraud management GUI
  11. 11. Fraud detection using machine learning  Use historical data for training models (detectors)  Use the trained models for classifying new data  Frequent retraining to catch new patterns Image source:
  12. 12. Fraud detection using Splunk ML Toolkit normal cases frauds Features: number of calls, number of targets, destination countries, cost, duration …. Models: Random Forest (+ statistical models)
  13. 13. Encouraging results Hacked numbers being detected and blocked automatically
  14. 14. What’s next? ▶ Evolving telco frauds meet evolving solutions ▶ Faster ▶ Broader, covering more cases ▶ Smarter, being more precise and dealing with new patterns ▶ Machine learning ▶ From supervised to semi or unsupervised, in collaboration with University of Luxembourg ▶ AutoML (algorithm selection and hyperparameter tuning)
  15. 15. © 2018 SPLUNK INC. Key Takeaways