Document Type: Research/Original/Regular Article


1 Department of Electrical and Computer Engineering, Babol Noushirvani University of Technology, Babol, Iran.

2 Department of Computer Science, Shahed University, Tehran, Iran.

3 Hamrah-e-Aval Telecom Operator, Tehran, Iran.



As fraudsters understand the time window and act fast, real-time fraud management systems becomes necessary in Telecommunication Industry. In this work, by analyzing traces collected from a nationwide cellular network over a period of a month, an online behavior-based anomaly detection system is provided. Over time, users' interactions with the network provides a vast amount of usage data. These usage data are modeled to profiles by which users can be identified. A statistical model is proposed that allocate a risk number to each upcoming record which reveals deviation from the normal behavior stored in profiles. Based on the amount of this deviation a decision is made to flag the record as normal or anomaly. If the activity is normal the associated profile is updated; otherwise the record is flagged as anomaly and it will be considered for further investigation. For handling the big data set and implementing the methodology we have used the Apache Spark engine which is an open source, fast and general-purpose cluster computing system for big data handling and analyzes. Experimental results show that the proposed approach can perfectly detect deviations from the normal behavior and can be exploited for detecting anomaly patterns.


Main Subjects