3. My Background and Role
▶ Data Scientist and Security Architect at Post
Luxembourg
▶ Machine learning, computer security, software
engineering
▶ Security blue team:
▶ Visibility, Intelligence, and Action
▶ Innovation
▶ “Splunk> see the forest, and the trees”
Cu D. Nguyen, Ph.D.
5. PBX hacking
▶ A telephone system within an enterprise
▶ Switching calls among local users and
share external phone lines
What is a PBX?
And when it’s hacked, what happens?
▶ Attackers/fraudsters control the PBX,
making premium rate (expensive) calls
6. A deep-dive into a PBX hacking fraud
Hacked phone numbers
Premium phone numbers
owned by fraudsters
7. A deep-dive into a PBX hacking fraud
A well-organized crime:
• 19 calling numbers from the
hacked PBX
• 1000+ destination numbers all
over the world
• Cost ~50K euros if not handled
8. What we’ve learned
Fraudsters are well-organized and evolving
Running AFTER them, we need to be FAST and PRECISE!
BigData
Analytics
Machine
Learning
Automation
9. Comprehensive Quality & Governance
▶ Filtering
▶ Anonymizing
▶ Parsing
▶ Enriching
▶ Role-based access
control
▶ Auditability
Extendibility and
Scalability
▶ Scalable in a linear
fashion
▶ Apps & TAs
Why Splunk?
hours
weeks
10. Splunk at Post Luxembourg
Spam/Fraud
detectors
Voice
Mobile & Fix
SMS/MMS
Block/unblock API
On Telecom Gateways
Network
CDRs
Machine learning
IT DDoS
TIDS DevOps
• 62.5M events/day
• Approx. filtered
80GB/day
Fraud management GUI
11. Fraud detection using machine learning
Use historical data
for training models
(detectors)
Use the trained
models for
classifying new data
Frequent retraining
to catch new
patterns
Image source: http://www.cognub.com/index.php/cognitive-platform/
12. Fraud detection using Splunk ML Toolkit
normal cases
frauds
Features: number of calls, number of targets, destination countries, cost, duration ….
Models: Random Forest (+ statistical models)
14. What’s next?
▶ Evolving telco frauds meet evolving solutions
▶ Faster
▶ Broader, covering more cases
▶ Smarter, being more precise and dealing with new patterns
▶ Machine learning
▶ From supervised to semi or unsupervised, in collaboration with University of Luxembourg
▶ AutoML (algorithm selection and hyperparameter tuning)