Detecting SIMBox Fraud Using CDR Files And Neo4j Technology

摘要

Voice traffic termination fraud; often referred to Subscriber Identity Module box (SIMBox) fraud, is a common illegal practice on mobile networks, in which cellular operators around the world incur billions loss annually. Fraudulent SIMBoxes seize international voice calls to be transferred over the Internet to a cellular device network, where it is re-injected into the cellular network. Therefore, calls do not appear local at the destination network, and cellular operators of intermediate and destination networks do not receive payments for routing and terminating calls. Recently, data mining techniques have gained great popularity as a robust and inevitable technique among fraud prevention approaches. The aim of this research is to detect simBox fraud using CDR files related to the Almadar Aljadid operator. The analysis of the CDR files was performed over a period of four months using the Neo4j technology to discover SIM cards used in SIMBox devices. We examine users' natural behavior to define any suspicious behavior in order to detect fraudulent cards. The data preparation process was performed using Python language to be ready for the analysis using Neo4j technology, where Cypher queries for Neo4j technology were written based on four features: users' numbers making calls without receiving any, those who received text messages without sending any, numbers related to users making calls from a fixed location and numbers that their calls exceeded the predefined duration. A graphical user interface was designed to facilitate the application of the practical side of the study. Our result confirms the efficiency of the neo4j technology to analyze the CDR and thus recognizing SIMBox frauds.