A case study on using heavy-hitters in interconnect bypass fraud

AbstractNowadays, fraudsters are continually trying to explore technical gaps in telecom companies to get some profit. The high cost of international termination rates in Telecom Companies, and mainly because of their high asymmetry property, attracts the attention of fraudsters. In this paper, we explore the application of three deterministic algorithms and one probabilistic, that combined can help to identify possible abnormal behaviors. Interconnect Bypass Fraud (IBF) is on the top three (worldwide), most common frauds in the telecommunication domain. Typically, the Telecom Companies can detect IBF by the occurrence of bursts of calls, repetitions, and mirror behaviors from specific numbers. The goal of our work is to discover as soon as possible numbers with abnormal behaviors and based on this assumption we developed: (i) the lossy count algorithm with fast forgetting technique; and (ii) the single-pass hierarchical heavy hitter algorithm that also contains a forgetting technique; as well as the application of the HyperLogLog sketches, and the application of sticky sampling algorithm. We applied the four algorithms in two real datasets and did a parameter sensitivity analysis. The results show that our two proposals (Lossy Counting with fast forgetting and the Hierarchical Heavy Hitters) can capture the most recent abnormal behaviors, faster than the baseline algorithms. Nonetheless, these four algorithms combined can make the fraud task more difficult and can complement the techniques used by the Telecom Company.