Call Analytics – Beyond CDR analysis – Part I

“Oh, just get me the CDR‘s and I’ll take it from there” – how many times have I heard these words before? I can’t even imagine the number of times in the past 15 years of IT/Telecom’s work that I’ve done and in the last 8 years of Asterisk in particular – when it comes to billing and fraud management, it would appear that the CDR’s are the Rosetta Stone of the industry.

Over the past 6 months, several of my friends and I had been asking ourselves this question: “Is there more to billing, fraud management and profit leakage? does it really all begins and ends with the CDRs?” – so, here we were, a group of 3 engineers dealing with telecom system and billing systems – we knew that the answer is a definite YES, however, how come most companies and system aren’t even aware of this, in such a way that causes them to leak telecom profits and waste their hard earned profit margins on simple accidental mis-interpretation of CDR records.

So, we’ve decided to sit down and start analyzing calls in real-time, trying to evaluate not only the CDR record that is received upon the completion of the call – but also understand the traversal path of the call, analyzing it in real time and evaluating it profit leakage potential. At the mean time, we’re concentrating our work on Asterisk, as it is the simplest for us to implement – however, we’re not focusing it only on that – we’ll looking at adding it to FreeSwitch, Yate, OpenSer/Kamailio, OpenSIPS and the various varients.

So, what have we done so far? well, one thing we never really had with any of the existing systems was a clear view of what’s going on “right-now” on our systems, so we said: “it would really be great if we could know how many call hits we’ve received during the past 15, 30, 45 or 60 minutes” – so here is what we made:

Inbound call statistics for 30 minutesThe above image shows our top 10 inbound DID numbers, as you can see these are in the 972 and 447 country codes (yes, we work mainly in Israel and the UK). At the backend, our servers are analyzing the data in real time, generating an active alert in the case a DID number’s statistics change in a somewhat drastic change, thus, establish a traffic anomaly. Another thing that interested us was our usage across multiple servers, which we are exhibiting in the below graph:

Traffic by server spread

Now, as you can see, the top graph shows a discrete anomaly:

Discrete traffic anomalyThis anomaly indicates something went wrong on all our servers between 00:45 and 1:15, which gives us a fairly discrete period of time to seek for a problem in the system. What happened was that one of the guys updated a portion of the data traversal API – basically deleting it 🙂 [we resumed full work after about 40 minutes].

So, where is it all going to? well simple, a new Open Source based service that we’ll be launching within a few months from now. Our intention is to provide a means for simple, straight forward, highly reliable, call analytics, fraud management and profit leakage analysis service. A service which is based upon a simple to use API on one hand and Open Source based data gathering agents. Our belief is that by analyzing large amounts of data, from multiple sources around the world, we’ll be able to ascertain the fingerprint of a telecom bound attack – being able to alert the respective users of the service and maybe in the later future, also provide a means to block the attack as it advances across the world.

I’ll be updating about our advancement as we go along, but for the time being, this is something I felt would interest you.

Reblog this post [with Zemanta]

A baby, a house and a full time job

For those of you who know personally, you probably already know that last month I became a father. I guess the transition is something that I was more or less ready for, at least on the technical terms of the transition. However, the thing that completely surprised me was the mental transition – which isn’t even related to the somewhat lack of sleep here and there.

So, here I am, about a month and half away into the final touches to our new home, spending the weekend deploying over 100 meters of CAT-5 cabling in the house – yes the house is network rigged to the teeth. I’m sitting in my daughters room, clamping away the wall sockets for the network, thinking to myself: “hmmmm…. will Nitzan need a single network connection? or should I put at least two for future usage? … hmmmm…. well, I guess time would tell”. In any case, so there I was, spending most of my weekend being my own geeky self, thinking about wiring, networking, wireless exposures, access points, etc. I then go back home, and suddenly, all that disappears the minute I put Nitzan on my shoulder to burp her. It’s really funny, but with her on my shoulder, I guess everything goes away for a few minutes. My brother-in-law informed the house that he caught me burping Nitzan, while sitting at my computer answering emails with the other hand – Ok, so I can’t stop being a geek all together.

In any case, here I am juggling the various aspects of being a father to a new born baby, attending to the various tasks required to final touches of the house (painters, cleaners, air cons, dry walls, etc) and of course, attending to my customers – some of which are completely ambivalent to the fact that I’m under a constant lack of sleep in the past month. Well, I guess in a couple of months Nitzan will start sleeping better, and would make life easier for both me and my wife; in the mean while, we take comfort with the sleep periods my wife gets during the day, so that I can work and cater to my customers, while she caters to Nitzan during the nights – and I have to be honest about this, when it comes to the baby, my wife is the closest thing to a Jedi Knight, her ability to stay focused and clam even when the Nitzan is screaming is amazing – I can’t always do it.

Ok, enough about the house and Nitzan, let’s go back to been geeks for a bit. As you can see on the right hand side of the blog, I’ll be speaking at the up-coming Astricon. I’ll be giving a talk about how to build “IP-Centrex” like installations, utilizing Asterisk and tools like VMWARE, XEN and OpenVZ. However, while my talk may be interesting to you (I hope), my pre-conference tutorial will be much more interesting. I’ll be giving a full day tutorial, teaching people how to install Asterisk in a clouded environment (cloud computing), mainly the Amazon EC2 cloud computing infrastructure. For those of you reading this blog, you may have noticed that I’ve developed a distinct interest in the Amazon EC2 cloud, which I’ve written about several times and also lectured about at Amoocon. While my Amoocon presentation was mainly informational, at Astricon I’ll be primarily teaching you how to do what I did. Well, I won’t be teaching you the inner workings of the GreenfieldTech IVR API framework, although, if you’re gonna ask questions I will answer (especially if you ask the question 3 times, I can’t stand it when people ask the same question 3 times – I just have to answer it – nudge nudge).

Ok, back to fatherhood and Nitzan stuff. The mental transition that I was referring to before is something that I felt last night in its most force. My wife and I decided to go to one of the malls, not far away from our house. So, we entrusted Nitzan with my in-laws and drove to the mall. The mall I’m referring to is called “The seven stars mall” and we like it. It’s not a big mall, but its got this shop called DOMO, that carries these high class cooking ware (my wife and I really like to cook – my chilli con-carne is well known). So, here we were walking the mall, after I ordered a pair of shoes that I needed. So, my wife comments: “You know something, let’s see if there is some sale at Super-Pharm.” – and then we ended up purchasing baby formula, pacifiers and baby wipes. I then asked my wife if she maybe wants to walk into DOMO, but we both didn’t really think about it – suddenly, something that was like a default prior to Nitzan is no longer a default – interesting isn’t it?

In any case, this is how my life looks like at this point in time – and I have to admit that I kind’a like it. Sure, I don’t get as much sleep as I got before, but hey, I’m happy with it – so I just keep on smiling and go on forward.

Reblog this post [with Zemanta]