Anomaly Detection Systems have been applied successfully to a great variety of applications. To the present day there is still no system available that detects anomalies in call patterns in a Voice over IP system in order to prevent possible abuses. This work analyses different established methods for anomaly detection and examines their applicability in this context. The goal of this work is to design, develop and prototypically implement an Anomaly Detection System which is able to monitor a user's call behavior and detect anomalies in real time. The Anomaly Detection System developed in this work takes into account the call parameters destination number, day of the week and time of day. The profile creation, as well as the classification process are realized with statistical methods. The implementation is done in C++ and connected to Asterisk® using Asterisk's FastAGI protocol. The evaluation shows that the prototype can operate in real time successfully. The false positive and the false negative rates depend on the actual values of the classifier settings (thresholds, number of calls used for profile creation, etc.). The results show that using the same values for all the profiles do not lead to optimal classification results for all profiles. Further investigations with respect to a dynamic adjustment of the configuration values to the user profile are necessary. Also, the expansion of the model to take into account additional parameters (for example the location of the user) must be considered. Therefore the model could be expanded to a multi-stage classifier.
Supervisors: Prof. Dr. Burkhard Stiller
back to the main page