VOICE CALL ANALYTICS PACKAGE FOR DETECTING FRAUDULENT ACTIVITIES AND ANOMALY DETECTION

Voice Call Anomaly Detection (VCAD) is described herein to detect inconsistencies in patterns. VCAD is an anomaly detection system which is based on a long short-term memory (LSTM) algorithm and statistical methods. By detecting inconsistencies in patterns, the models described herein may detect and alert user of unusual voice service behavior that if not properly corrected can degrade, and possibly disrupt, the voice service. The statistical and machine learning methods used by VCAD are generic and may be used for solving other time-series problems when using other type of logs such as call logs, game logs, application usage logs, etc. The VCAD proactive, predictive capabilities allow customers to either eliminate the issue altogether, or turn costly, unplanned outages into controlled maintenance windows

VOICE CALL ANALYTICS PACKAGE FOR DETECTING FRAUDULENT ACTIVITIES AND ANOMALY DETECTION

Voice Call Anomaly Detection (VCAD) is described herein to detect inconsistencies in patterns. VCAD is an anomaly detection system which is based on a long short-term memory (LSTM) algorithm and statistical methods. By detecting inconsistencies in patterns, the models described herein may detect and alert user of unusual voice service behavior that if not properly corrected can degrade, and possibly disrupt, the voice service. The statistical and machine learning methods used by VCAD are generic and may be used for solving other time-series problems when using other type of logs such as call logs, game logs, application usage logs, etc. The VCAD proactive, predictive capabilities allow customers to either eliminate the issue altogether, or turn costly, unplanned outages into controlled maintenance windows

Intrusion alert prioritisation and attack detection using post-correlation analysis

Event Correlation used to be a widely used technique for interpreting alert logs and discovering network attacks. However, due to the scale and complexity of today's networks and attacks, alert logs produced by these modern networks are much larger in volume and difficult to analyse. In this research we show that adding post-correlation methods can be used alongside correlation to significantly improve the analysis of alert logs. We proposed a new framework titled A Comprehensive System for Analysing Intrusion Alerts (ACSAnIA). The post-correlation methods include a new prioritisation metric based on anomaly detection and a novel approach to clustering events using correlation knowledge. One of the key benefits of the framework is that it significantly reduces false-positive alerts and it adds contextual information to true-positive alerts. We evaluated the post-correlation methods of ACSAnIA using data from a 2012 cyber range experiment carried out by industrial partners of the British Telecom Security Practice Team. In one scenario, our results show that false-positives were successfully reduced by 97% and in another scenario, 16%. It also showed that clustering correlated alerts aided in attack detection. The proposed framework is also being developed and integrated into a pre-existing Visual Analytic tool developed by the British Telecom SATURN Research Team for the analysis of cyber security data

Introduction to Security Onion

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management