To achieve the goal of the research, namely to increase the effectiveness of the process of detecting fraudulent activity due to the combination of the flow of detailed records from switches together with standardized formats, the following scientific tasks were formed at the end of the chapter:
1. Investigate methods of comparing data from a network probe to identify a negative impact on the operation of network elements.
2. Analyze data monitoring methods of a virtualized environment with redundancy.
3. Investigate the flow of CDR data from IMS switches and develop an algorithm for the interaction of the calculation system with the monitoring system.
4. Determine the components of the architecture of the big data analytics system depending on the source of information and develop a scheme of fraud detection stages.
5. Calculate the evaluation indicators of the weighted average value of the delay time to determine the effectiveness of the developed interface on a test environment that simulates the operation of an information network.
The second section analyzes the impact of fraud on the information and communication network, the main types, technologies used to implement one or another type of fraud, and the main signs of a fraudulent attack or activity. The components of NRTRDE and TAP3, the prerequisites for their occurrence, the types of services for transmission and their shortcomings were analyzed. Detailed attention was paid to the direct collection of data from the network using a network probe. Such technologies as optical splitters and mirroring of traffic from ports are considered, the basic principles during integration with network elements are given. Aspects of the integration of the virtualized environment into the information communication network and its operation, which influence the process of analytics and fraud detection, were investigated.
In the third chapter of the dissertation, the theoretical aspects and practical application of the developed algorithm are considered with the help of complex use of detailed records. The elements of the vEPC test network and the scheme of interaction of data sources with the fraud detection system based on RDBMS Oracle were given. A general scheme of traffic processing was given and performance coefficients were created based on time intervals using a weighted average value. The detailed records of the IMS platform made it possible to create a supplemented CDR, which can be loaded into the database for further analysis by the fraud detection system. The main attention is paid to the software implementation of this algorithm, which is based on the integration of bash coding together with the ODI toolkit for the transformation of the field format and the calculation of the provided services, followed by uploading to the Oracle database. The section provides a detailed description of each process and demonstrates the performance of the developed interface based on the time-weighted average performance method.
The following scientific results were obtained:
1. The method of monitoring a virtualized environment with redundancy received further development, which, unlike the existing ones, made it possible to detect data duplication, install an additional network probe during network expansion to improve the model of supporting its infrastructure.
2. An algorithm for the interaction of the IMS switch with the fraud detection and service calculation system has been developed, the scientific novelty of which is the use of available bash coding for formatting detailed records based on the application of data integration tools, which allows creating an interface with subsequent uploading of information directly into the monitoring system database.
3. For the first time, a method for evaluating the effectiveness of a fraud detection system based on a static weighting method was developed, based on the comprehensive use of detailed records, which allowed to reduce the weighted average data delay time by 3.7 times for NRTRDE and 14 times for TAP3.
The dissertation was completed at the State University of Information and Communication Technologies. The chosen direction of research corresponds to the topic of research works of the State University of Information and Communication Technologies.
Key words: Monitoring, wireless network, information latency, data analysis, statistical models, text information, model, real-time system, machine learning, database, intrusion detection system, traffic control, information security, cloud computing, statistical analysis.
