Abstract: A centralized security management system (CSMS) is provided to monitor a network to detect and mitigate attacks in or to the network. The CSMS includes a variety of devices located throughout the network to collect and synthesize data collected or obtained from devices operating in the network. The collected data is analyzed using behavioral engines or other software algorithms to develop trends for a normal and abnormal operating condition. The abnormal operating conditions are analyzed further to determine attacks to the devices or the network. Based on the attacks, a mitigation scheme is implemented to remove or reduce the attacks.

Abstract: Generating fraud indications related to communications devices. A fraud metric is calculated for known nonfraudulent users. A fraud metric is calculated for known fraudulent users. An initial value is selected for the threshold. The fraud metric is calculated for a third set of users. The users of the third set are classified as being fraudulent or nonfraudulent according to the threshold. A false positive rate is determined and compared to a maximum false positive rate. When the rate exceeds the maximum, then the threshold is raised and the process is repeated until the false positive rate does not exceed the maximum false positive rate. A false negative rate is determined and compared to a maximum false negative rate. When the false negative rate exceeds the maximum false negative rate, then the threshold is lowered and the process is repeated until the false negative rate does not exceed the maximum.

Abstract: Subject matter described herein is directed to detecting unauthorized use, such as by a cloned mobile device, of wireless telecommunication services. Differences in location patterns of unauthorized and authorized mobile devices are leveraged to detect likely fraudulent uses. For example, a location-pattern entropy of an authorized mobile device is tracked. A change in the location-pattern entropy suggests an unauthorized use of the mobile device's account.

Abstract: Subject matter described herein is directed to detecting unauthorized use, such as by a cloned mobile device, of wireless telecommunication services. Mobile-device locations are analyzed to detect outlying locations, such as locations that lack a call relationship with other locations or that are greater than a threshold distance away from other locations. Outlying locations might be detected when more than one discrete location cluster exists among a plurality of mobile-device locations, the discrete clusters having respective locations that are not related by way of a call and that fail to satisfy a threshold distance. Outlying locations or multiple discrete locations clusters suggest an unauthorized use of a mobile device's account.

Abstract: A centralized security management system (CSMS) is provided to monitor a network to detect and mitigate attacks in or to the network. The CSMS includes a variety of devices located throughout the network to collect and synthesize data collected or obtained from devices operating in the network. The collected data is analyzed using behavioral engines or other software algorithms to develop trends for a normal and abnormal operating condition. The abnormal operating conditions are analyzed further to determine attacks to the devices or the network. Based on the attacks, a mitigation scheme is implemented to remove or reduce the attacks.

Abstract: Subject matter described herein is directed to detecting fraud in a telecommunications environment. Communication records of a mobile device include attributes that describe communication instances of the device. For example, communication records might include a start time or end time of voice calls initiated by a mobile device. The attributes are analyzed, such as by calculating call-gap durations, to determine if any thresholds are violated. Threshold violations suggest fraudulent use and prompt an unauthorized-use response.

Abstract: A centralized security management system (CSMS) is provided to monitor a network to detect and mitigate attacks in or to the network. The CSMS includes a variety of devices located throughout the network to collect and synthesize data collected or obtained from devices operating in the network. The collected data is analyzed using behavioral engines or other software algorithms to develop trends for a normal and abnormal operating condition. The abnormal operating conditions are analyzed further to determine attacks to the devices or the network. Based on the attacks, a mitigation scheme is implemented to remove or reduce the attacks.

Abstract: A method, system, and medium are provided for detecting fraud, the method comprising: initializing a fraud hypothesis variable associated with a communications device, receiving data that describes a plurality of outgoing communication records that are associated with said communications device, wherein the data is related to activity that took place over a given period of time, extracting a plurality of destination identifiers from said plurality of communication records, for each of at least a portion of said plurality of destination identifiers, modifying said fraud hypothesis variable based on a fraud metric associated with said destination identifier, comparing said fraud hypothesis variable to a first predetermined threshold, and when said fraud hypothesis variable exceeds said first predetermined threshold, generating a fraud indication that is related to said communications device.

Abstract: A method, system, and medium are provided for detecting fraud, the method comprising obtaining a plurality of communication records associated with a communications device associated with a user over a fixed period of time, calculating a fraud metric for said records, comparing said metric to a threshold, if said metric exceeds said threshold, generating a fraud alert for said user.

Abstract: Subject matter described herein is directed to detecting fraudulent use of telecommunication services. Different attributes (e.g., dialed number, start location, start time, end time, etc.) are analyzed that describe communication instances. When an authorized-use parameter is violated, fraudulent use can be detected. Once unauthorized use of services with a mobile device has been detected, a location of the mobile device can be used to determine a locus of fraudulent activity.

Abstract: A method and apparatus for setting up a conference communication between a remote party and a plurality of local parties. A base unit may engage in communication with a remote party. Thereafter, the base unit may apply a floor control process with respect to the local parties to limit the number local parties that can have dedicated channels at any give time. More particularly, the base unit may receive from a local party a request for a new dedicated channel to transmit conference bearer data and responsively establish the new dedicated channel with the local party only if a present number of established dedicated channels with local parties is less than a predetermined threshold. The base unit may then receive conference bearer data and responsively transmit the conference bearer data over a broadcast channel for receipt by the plurality of local parties.

Abstract: A method and apparatus for processing mobile-IP registration messages. Upon receipt of a mobile-IP registration request (RRQ) message that designates a care-of address matching the mobile-IP home agent's IP address, the RRQ would be dropped. Alternatively, before deciding to drop such an RRQ, the invention may further involve determining whether the home agent is currently functioning as a foreign agent for the requesting mobile node, which would justify the care-of address matching the home agent's IP address. If the home agent is not currently functioning as a foreign agent for the mobile node, then the RRQ would be dropped. On the other hand, if the home agent is currently functioning as a foreign agent for the mobile node, then RRQ processing would proceed as normal.

Abstract: A centralized security management system (CSMS) is provided to monitor a network to detect and mitigate attacks in or to the network. The CSMS includes a variety of devices located throughout the network to collect and synthesize data collected or obtained from devices operating in the network. The collected data is analyzed using behavioral engines or other software algorithms to develop trends for a normal and abnormal operating condition. The abnormal operating conditions are analyzed further to determine attacks to the devices or the network. Based on the attacks, a mitigation scheme is implemented to remove or reduce the attacks.