LEFD, Leissner Fraud Detection
By utilizing a hot-CDR flow directly from the phone switches, the system can instantly tell what’s happening in the network.
LEFD analyzes call behavior in both directions with previous reference periods in order to detect a significant deviation in call behavior.
You can set different limits on different destinations and also group dangerous destinations together in order to detect attacks spread over multiple endpoints.
The system checks for deviations regarding both the number of calls and call duration.
Leissner Fraud Detection can be installed on virtual servers with Linux.
Keep it simple, keep it strong
By minimizing the number of steps between a call to an alarm being sent, the system becomes more resilient to data delays as well as being able to raise the alarm almost instantly.
Inform or act?
LEFD doesn’t wait for the attack to complete before it takes action. You can choose how the system behaves once a deviation is detected; the system may both raise the alarm and take automatic action by contacting remote systems via SOAP.
You can have different actions for different deviations, for instance you may want to simply be notified if the number of premium calls increase for a customer, or you can enable the system to directly act by blocking international and costly destinations before the operations team receives the first warning.
There is no restriction of how many limits you can configure. You can have one limit for a country, another for a region in the country and a third for a specific endpoint. It is up to you to decide what is dangerous and what is trustworthy, once decided you can put all of the rotten eggs in one basket to even detect attacks spread out over multiple destinations all over the world.
You can also group several customers into a separate group with their own limits; this can be useful as business customers may have more international calls whereas private customers may have more premium calls.
A to B and B to A
If a customer begins to exceed a limit or group of limits, the system will act. If multiple customers exceed a limit or group of limits, the system acts; the system is thereby able to handle a massive attack with multiple hacked customers in both directions.