diff --git a/db/schema/fraud_detection.xml b/db/schema/fraud_detection.xml
new file mode 100644
index 00000000000..f8e6a5df7f7
--- /dev/null
+++ b/db/schema/fraud_detection.xml
@@ -0,0 +1,141 @@
+
+
+%entities;
+
+]>
+
+
+ fraud_detection
+ 1
+ &MYSQL_TABLE_TYPE;
+
+ This table is used by the Fraud Detection module to store
+ information about fraud-profiles.
+ More information can be found at: &OPENSIPS_MOD_DOC;fraud_detection.html.
+
+
+
+
+ ruleid
+ unsigned int
+ &table_id_len;
+
+
+
+ int,auto
+ Rule unique ID
+
+
+
+
+ profileid
+ unsigned int
+ The ID of the profile the current rule is part of
+
+
+
+
+ prefix
+ string
+ 64
+ Numerical prefix to match this rule
+
+
+
+ start_hour
+ string
+ 5
+ Start of the interval in which the rule should be matched.
+
+
+
+
+ end_hour
+ string
+ 5
+ End of the interval in which the rule should be matched.
+
+
+
+
+ daysoftheweek
+ string
+ 64
+ List/interval of days in which the rule is available.
+
+
+
+
+ cpm_warning
+ unsigned int
+ 5
+ Warning threshold for calls per minute.
+
+
+
+ cpm_critical
+ unsigned int
+ 5
+ Crtical threshold for calls per minute.
+
+
+
+ call_duration_warning
+ unsigned int
+ 5
+ Warning threshold for calls per minute.
+
+
+
+ call_duration_critical
+ unsigned int
+ 5
+ Crtical threshold for call duration.
+
+
+
+ total_calls_warning
+ unsigned int
+ 5
+ Warning threshold for total calls.
+
+
+
+ total_calls_critical
+ unsigned int
+ 5
+ Crtical threshold for total calls.
+
+
+
+ concurrent_calls_warning
+ unsigned int
+ 5
+ Warning threshold for concurrent calls.
+
+
+
+ concurrent_calls_critical
+ unsigned int
+ 5
+ Crtical threshold for concurrent calls.
+
+
+
+ sequential_calls_warning
+ unsigned int
+ 5
+ Warning threshold for sequential calls.
+
+
+
+ sequential_calls_critical
+ unsigned int
+ 5
+ Crtical threshold for sequential calls.
+
+
+
diff --git a/db/schema/opensips-fraud_detection.xml b/db/schema/opensips-fraud_detection.xml
new file mode 100644
index 00000000000..a8abef30b7f
--- /dev/null
+++ b/db/schema/opensips-fraud_detection.xml
@@ -0,0 +1,13 @@
+
+
+%entities;
+
+]>
+
+
+ Fraud Detection
+
+
diff --git a/modules/fraud_detection/README b/modules/fraud_detection/README
new file mode 100644
index 00000000000..e542849ec99
--- /dev/null
+++ b/modules/fraud_detection/README
@@ -0,0 +1,448 @@
+Fraud Detection Module
+
+Andrei Daniel Datcu
+
+
+
+ Copyright © 2014 OpenSIPs Foundation
+ Revision History
+ Revision $Revision: 1 $ $Date$
+ __________________________________________________________
+
+ Table of Contents
+
+ 1. Admin Guide
+
+ 1.1. Overview
+
+ 1.1.1. Monitorized Stats
+ 1.1.2. Fraud rules
+
+ 1.2. Dependencies
+
+ 1.2.1. OpenSIPS modules
+ 1.2.2. External libraries or applications
+
+ 1.3. Exported Parameters
+
+ 1.3.1. db_url (string)
+ 1.3.2. table_name (string)
+ 1.3.3. rid_col (string)
+ 1.3.4. pid_col (string)
+ 1.3.5. prefix_col (string)
+ 1.3.6. start_h (string)
+ 1.3.7. end_h (string)
+ 1.3.8. days_col (string)
+ 1.3.9. cpm_thresh_warn_col (string)
+ 1.3.10. cpm_thresh_crit_col (string)
+ 1.3.11. calldur_thresh_warn_col (string)
+ 1.3.12. calldur_thresh_crit_col (string)
+ 1.3.13. totalc_thresh_warn_col (string)
+ 1.3.14. totalc_thresh_crit_col (string)
+ 1.3.15. concalls_thresh_warn_col (string)
+ 1.3.16. concalls_thresh_crit_col (string)
+ 1.3.17. seqcalls_thresh_warn_col (string)
+ 1.3.18. seqcalls_thresh_crit_col (string)
+
+ 1.4. Exported Functions
+
+ 1.4.1. check_fraud(user, number, profile_id)
+
+ 1.5. Exported MI Functions
+
+ 1.5.1. show_fraud_stats
+ 1.5.2. fraud_reload
+
+ 1.6. Exported Events
+
+ 1.6.1. E_FRD_WARNING
+ 1.6.2. E_FRD_CRITICAL
+
+ List of Examples
+
+ 1.1. Set the “db_url” parameter
+ 1.2. Set the “table_name” parameter
+ 1.3. Set “rid_col” parameter
+ 1.4. Set “pid_col” parameter
+ 1.5. Set “prefix_col” parameter
+ 1.6. Set “start_h” parameter
+ 1.7. Set “end_h” parameter
+ 1.8. Set “days_col” parameter
+ 1.9. Set “cpm_thresh_warn_col” parameter
+ 1.10. Set “cpm_thresh_crit_col” parameter
+ 1.11. Set “calldur_thresh_warn_col” parameter
+ 1.12. Set “calldur_thresh_crit_col” parameter
+ 1.13. Set “totalc_thresh_warn_col” parameter
+ 1.14. Set “totalc_thresh_crit_col” parameter
+ 1.15. Set “concalls_thresh_warn_col” parameter
+ 1.16. Set “concalls_thresh_crit_col” parameter
+ 1.17. Set “seqcalls_thresh_warn_col” parameter
+ 1.18. Set “seqcalls_thresh_crit_col” parameter
+
+Chapter 1. Admin Guide
+
+1.1. Overview
+
+ This module provides a way to prevent some basic fraud attacks.
+ Alerts are provided through return codes and events.
+
+1.1.1. Monitorized Stats
+
+ Basically, this module watches the following parameters:
+ * Total calls
+ * Calls per minute
+ * Concurrent calls
+ * Number of sequential calls
+ * Call duration
+
+ Each of the above parameters is monitored for every user and
+ every called prefix separately. The stats are altered whenever
+ the check_fraud function is called. The function assumes a new
+ call is made, and checks the called number against all the
+ rules from the supplied profile. The rule's prefix is
+ considered to be the called prefix which along with the
+ provided user will be used to monitor values for the 5
+ parameters.
+
+1.1.2. Fraud rules
+
+ A rule is a set of two thresholds (warning and critical
+ thresholds) for each of the five parameters (as described
+ above) and is only available for a specified prefix. Further
+ more, a rule will only match between the indicated hours in the
+ indicated days of the week (similarly to a dr rule). A fraud
+ profile is simply a group of fraud rules and is used to only to
+ limit the list of rules to match when calling the check_fraud
+ function.
+
+1.2. Dependencies
+
+1.2.1. OpenSIPS modules
+
+ The following modules must be loaded before this module:
+ * drouting
+ * dialog
+
+1.2.2. External libraries or applications
+
+ The following libraries or applications must be installed
+ before running OpenSIPS with this module:
+ * none.
+
+1.3. Exported Parameters
+
+1.3.1. db_url (string)
+
+ Database where to load the rules from.
+
+ Default value is “NULL”. At least one db_url should be defined
+ for the fraud_detection module to work.
+
+ Example 1.1. Set the “db_url” parameter
+...
+modparam("fraud_detection", "db_url", "mysql://user:passwb@localhost/dat
+abase")
+...
+
+1.3.2. table_name (string)
+
+ If you want to load the rules from the database you must set
+ this parameter as the database name.
+
+ The default value is “fraud_detection”.
+
+ Example 1.2. Set the “table_name” parameter
+...
+modparam("fraud_detection", "table_name", "my_fraud")
+...
+
+1.3.3. rid_col (string)
+
+ The column's name in the database storing the fraud rule's id.
+
+ Default value is “ruleid”.
+
+ Example 1.3. Set “rid_col” parameter
+...
+modparam("dispatcher", "rid_col", "theruleid"")
+...
+
+1.3.4. pid_col (string)
+
+ The column's name in the database storing the fraud profile's
+ id.
+
+ Please keep in mind that a profile is merely a set of rules.
+
+ Default value is “profileid”.
+
+ Example 1.4. Set “pid_col” parameter
+...
+modparam("dispatcher", "pid_col", "profile"")
+...
+
+1.3.5. prefix_col (string)
+
+ The column's name in the database storing the prefix for which
+ the fraud rule will match.
+
+ Default value is “prefix”.
+
+ Example 1.5. Set “prefix_col” parameter
+...
+modparam("dispatcher", "prefix_col", "myprefix")
+...
+
+1.3.6. start_h (string)
+
+ The column's name in the database storing the the start time of
+ the interval in which the rule will match.
+
+ The time needs to be specified as string using the format:
+ “HH:MM”
+
+ Default value is “start_hour”.
+
+ Example 1.6. Set “start_h” parameter
+...
+modparam("dispatcher", "start_h", "the_start_time")
+...
+
+1.3.7. end_h (string)
+
+ The column's name in the database storing the the end time of
+ the interval in which the rule will match.
+
+ The time needs to be specified as string using the format:
+ “HH:MM”
+
+ Default value is “end_hour”.
+
+ Example 1.7. Set “end_h” parameter
+...
+modparam("dispatcher", "end_h", "the_end_time")
+...
+
+1.3.8. days_col (string)
+
+ The column's name in the database storing the week days in
+ which the fraud rule's interval is available.
+
+ The daysoftheweek needs to be specified as a string containing
+ a list of days or intervals. Each day must be specified using
+ the first three letters of its name. A valid string would be:
+ "Fri-Mon, Wed, Thu"
+
+ Default value is “daysoftheweek”.
+
+ Example 1.8. Set “days_col” parameter
+...
+modparam("dispatcher", "days_col", "days")
+...
+
+1.3.9. cpm_thresh_warn_col (string)
+
+ The column's name in the database storing the warning threshold
+ value for calls per minute.
+
+ Default value is “cpm_warning”.
+
+ Example 1.9. Set “cpm_thresh_warn_col” parameter
+...
+modparam("dispatcher", "cpm_thresh_warn_col", "cpm_warn_thresh")
+...
+
+1.3.10. cpm_thresh_crit_col (string)
+
+ The column's name in the database storing the critical
+ threshold value for calls per minute.
+
+ Default value is “cpm_critical”.
+
+ Example 1.10. Set “cpm_thresh_crit_col” parameter
+...
+modparam("dispatcher", "cpm_thresh_crit_col", "cpm_crit_thresh")
+...
+
+1.3.11. calldur_thresh_warn_col (string)
+
+ The column's name in the database storing the warning threshold
+ value for call duration.
+
+ Default value is “call_duration_warning”.
+
+ Example 1.11. Set “calldur_thresh_warn_col” parameter
+...
+modparam("dispatcher", "calldur_thresh_warn_col", "calldur_warn_thresh")
+...
+
+1.3.12. calldur_thresh_crit_col (string)
+
+ The column's name in the database storing the critical
+ threshold value for call duration.
+
+ Default value is “call_duration_critical”.
+
+ Example 1.12. Set “calldur_thresh_crit_col” parameter
+...
+modparam("dispatcher", "calldur_thresh_crit_col", "calldur_crit_thresh")
+...
+
+1.3.13. totalc_thresh_warn_col (string)
+
+ The column's name in the database storing the warning threshold
+ value for the number of total calls.
+
+ Default value is “total_calls_warning”.
+
+ Example 1.13. Set “totalc_thresh_warn_col” parameter
+...
+modparam("dispatcher", "totalc_thresh_warn_col", "totalc_warn_thresh")
+...
+
+1.3.14. totalc_thresh_crit_col (string)
+
+ The column's name in the database storing the critical
+ threshold value for the number of total calls.
+
+ Default value is “total_calls_critical”.
+
+ Example 1.14. Set “totalc_thresh_crit_col” parameter
+...
+modparam("dispatcher", "totalc_thresh_crit_col", "totalc_crit_thresh")
+...
+
+1.3.15. concalls_thresh_warn_col (string)
+
+ The column's name in the database storing the warning threshold
+ value for the number of concurrent calls.
+
+ Default value is “concurrent_calls_warning”.
+
+ Example 1.15. Set “concalls_thresh_warn_col” parameter
+...
+modparam("dispatcher", "concalls_thresh_warn_col", "concalls_warn_thresh
+")
+...
+
+1.3.16. concalls_thresh_crit_col (string)
+
+ The column's name in the database storing the critical
+ threshold value for the number of concurrent calls.
+
+ Default value is “concurrent_calls_critical”.
+
+ Example 1.16. Set “concalls_thresh_crit_col” parameter
+...
+modparam("dispatcher", "concalls_thresh_crit_col", "concalls_crit_thresh
+")
+...
+
+1.3.17. seqcalls_thresh_warn_col (string)
+
+ The column's name in the database storing the warning threshold
+ value for the number of sequential calls.
+
+ Default value is “sequential_calls_warning”.
+
+ Example 1.17. Set “seqcalls_thresh_warn_col” parameter
+...
+modparam("dispatcher", "seqcalls_thresh_warn_col", "seqcalls_warn_thresh
+")
+...
+
+1.3.18. seqcalls_thresh_crit_col (string)
+
+ The column's name in the database storing the critical
+ threshold value for the number of sequential calls.
+
+ Default value is “sequential_calls_critical”.
+
+ Example 1.18. Set “seqcalls_thresh_crit_col” parameter
+...
+modparam("dispatcher", "seqcalls_thresh_crit_col", "seqcalls_crit_thresh
+")
+...
+
+1.4. Exported Functions
+
+1.4.1. check_fraud(user, number, profile_id)
+
+ This method should be called each time a given user calls a
+ given number. It will try to match a fraud rule within de given
+ fraud profile and update the stats (see above). Furthermore,
+ the stats will be checked against the rule's thresholds. If any
+ of the stats is above it's threhsold value the appropriate
+ event will also be raised (see further details below).
+
+ Meaning of the parameters is as follows:
+ * user - the user who is making the call. Please keep in mind
+ that the user doesn't have to be registered. This string is
+ only used do keep different stats for different registered
+ users.
+ * number - the number the user is calling to.
+ * profile_id - the fraud profile id (i.e. the subset of fraud
+ rules) in which to try and find a matching fraud rule.
+
+ The meaning of the return code is as follows:
+ * 2 - no matching fraud rule was found
+ * 1 - a matching rule was found, but there is no parameter
+ above the rule's threshlod, i.e - everything is ok
+ * -1 - there is a parameter above the warning threhsold
+ value. Check the raised event for more info
+ * -2 - there is a parameter above the critical threhsold
+ value. Check the raised event for more info
+ * -3 - something went wrong (internal mechanism failed)
+
+ This function can be used from REQUEST_ROUTE and ONREPLY_ROUTE.
+
+1.5. Exported MI Functions
+
+1.5.1. show_fraud_stats
+
+ Show the current stats of a given user for a given prefix.
+
+ Name: show_fraud_stats
+
+ Parameters:
+ * user
+ * number
+ * prefix
+
+1.5.2. fraud_reload
+
+ Reload the all the fraud rules.
+
+ Name: fraud_reload
+
+ Parameters: none
+
+1.6. Exported Events
+
+1.6.1. E_FRD_WARNING
+
+ This event is raised whenever one of the 5 monitored parameters
+ is above the warning threhsold value
+
+ Parameters:
+ * param - the name of the parameter.
+ * value - the current value of the parameter.
+ * threshold - the warning threshold value.
+ * user - the user who initiated the call.
+ * called_number - the number that was called.
+ * rule_id - the id of the fraud rule that matched when the
+ call was initiated
+
+1.6.2. E_FRD_CRITICAL
+
+ This event is raised whenever one of the 5 monitored parameters
+ is above the warning threhsold value
+
+ Parameters:
+ * param - the name of the parameter.
+ * value - the current value of the parameter.
+ * threshold - the warning threshold value.
+ * user - the user who initiated the call.
+ * called_number - the number that was called.
+ * rule_id - the id of the fraud rule that matched when the
+ call was initiated
diff --git a/modules/fraud_detection/doc/fraud_detection.xml b/modules/fraud_detection/doc/fraud_detection.xml
new file mode 100644
index 00000000000..16d6ecb03f9
--- /dev/null
+++ b/modules/fraud_detection/doc/fraud_detection.xml
@@ -0,0 +1,38 @@
+
+
+
+
+
+%docentities;
+
+]>
+
+
+
+ Fraud Detection Module
+ &osipsname;
+
+
+ Andrei Daniel
+ Datcu
+ datcuandrei@gmail.com
+
+
+
+ 2014
+ OpenSIPs Foundation
+
+
+
+ $Revision: 1 $
+ $Date$
+
+
+
+
+
+ &admin;
+
diff --git a/modules/fraud_detection/doc/fraud_detection_admin.xml b/modules/fraud_detection/doc/fraud_detection_admin.xml
new file mode 100644
index 00000000000..f1167e629b2
--- /dev/null
+++ b/modules/fraud_detection/doc/fraud_detection_admin.xml
@@ -0,0 +1,688 @@
+
+
+
+
+ &adminguide;
+
+
+ Overview
+
+ This module provides a way to prevent some basic fraud attacks.
+ Alerts are provided through return codes and events.
+
+
+ Monitorized Stats
+
+ Basically, this module watches the following parameters:
+
+
+
+ Total calls
+
+
+
+
+ Calls per minute
+
+
+
+
+ Concurrent calls
+
+
+
+
+ Number of sequential calls
+
+
+
+
+ Call duration
+
+
+
+
+
+ Each of the above parameters is monitored for every user and
+ every called prefix separately. The stats are altered whenever
+ the check_fraud function is called. The
+ function assumes a new call is made, and checks the called
+ number against all the rules from the supplied profile. The
+ rule's prefix is considered to be the called prefix which along with
+ the provided user will be used to monitor values for the 5
+ parameters.
+
+
+
+
+ Fraud rules
+
+ A rule is a set of two thresholds (warning and critical thresholds) for each of the
+ five parameters (as described above) and is only available for a specified prefix.
+ Further more, a rule will only match between the indicated hours in the indicated days
+ of the week (similarly to a dr rule). A fraud profile is simply a group of fraud rules
+ and is used to only to limit the list of rules to match when calling the check_fraud
+ function.
+
+
+
+
+ Dependencies
+
+ &osips; modules
+
+ The following modules must be loaded before this module:
+
+
+
+ drouting
+
+
+
+
+ dialog
+
+
+
+
+
+
+ External libraries or applications
+
+ The following libraries or applications must be installed before
+ running &osips; with this module:
+
+
+
+ none.
+
+
+
+
+
+
+
+
+ Exported Parameters
+
+ db_url (string)
+
+ Database where to load the rules from.
+
+
+
+ Default value is NULL
. At least one db_url should
+ be defined for the fraud_detection module to work.
+
+
+
+ Set the db_url
parameter
+
+...
+modparam("fraud_detection", "db_url", "mysql://user:passwb@localhost/database")
+...
+
+
+
+
+
+ table_name (string)
+
+ If you want to load the rules from the database you must set
+ this parameter as the database name.
+
+
+
+ The default value is fraud_detection
.
+
+
+
+ Set the table_name
parameter
+
+...
+modparam("fraud_detection", "table_name", "my_fraud")
+...
+
+
+
+
+
+ rid_col (string)
+
+ The column's name in the database storing the
+ fraud rule's id.
+
+
+
+ Default value is ruleid
.
+
+
+
+ Set rid_col
parameter
+
+...
+modparam("dispatcher", "rid_col", "theruleid"")
+...
+
+
+
+
+
+ pid_col (string)
+
+ The column's name in the database storing the
+ fraud profile's id.
+
+
+ Please keep in mind that a profile is merely
+ a set of rules.
+
+
+
+ Default value is profileid
.
+
+
+
+ Set pid_col
parameter
+
+...
+modparam("dispatcher", "pid_col", "profile"")
+...
+
+
+
+
+
+ prefix_col (string)
+
+ The column's name in the database storing the
+ prefix for which the fraud rule will match.
+
+
+
+ Default value is prefix
.
+
+
+
+ Set prefix_col
parameter
+
+...
+modparam("dispatcher", "prefix_col", "myprefix")
+...
+
+
+
+
+
+ start_h (string)
+
+ The column's name in the database storing the
+ the start time of the interval in which the
+ rule will match.
+
+
+ The time needs to be specified as string using
+ the format: HH:MM
+
+
+
+ Default value is start_hour
.
+
+
+
+ Set start_h
parameter
+
+...
+modparam("dispatcher", "start_h", "the_start_time")
+...
+
+
+
+
+
+ end_h (string)
+
+ The column's name in the database storing the
+ the end time of the interval in which the
+ rule will match.
+
+
+ The time needs to be specified as string using
+ the format: HH:MM
+
+
+
+ Default value is end_hour
.
+
+
+
+ Set end_h
parameter
+
+...
+modparam("dispatcher", "end_h", "the_end_time")
+...
+
+
+
+
+
+ days_col (string)
+
+ The column's name in the database storing the
+ week days in which the fraud rule's interval
+ is available.
+
+
+ The daysoftheweek needs to be specified as a
+ string containing a list of days or intervals.
+ Each day must be specified using the first
+ three letters of its name. A valid string
+ would be: "Fri-Mon, Wed, Thu"
+
+
+
+ Default value is daysoftheweek
.
+
+
+
+ Set days_col
parameter
+
+...
+modparam("dispatcher", "days_col", "days")
+...
+
+
+
+
+
+ cpm_thresh_warn_col (string)
+
+ The column's name in the database storing the
+ warning threshold value for calls per minute.
+
+
+
+ Default value is cpm_warning
.
+
+
+
+ Set cpm_thresh_warn_col
parameter
+
+...
+modparam("dispatcher", "cpm_thresh_warn_col", "cpm_warn_thresh")
+...
+
+
+
+
+
+ cpm_thresh_crit_col (string)
+
+ The column's name in the database storing the
+ critical threshold value for calls per minute.
+
+
+
+ Default value is cpm_critical
.
+
+
+
+ Set cpm_thresh_crit_col
parameter
+
+...
+modparam("dispatcher", "cpm_thresh_crit_col", "cpm_crit_thresh")
+...
+
+
+
+
+
+ calldur_thresh_warn_col (string)
+
+ The column's name in the database storing the
+ warning threshold value for call duration.
+
+
+
+ Default value is call_duration_warning
.
+
+
+
+ Set calldur_thresh_warn_col
parameter
+
+...
+modparam("dispatcher", "calldur_thresh_warn_col", "calldur_warn_thresh")
+...
+
+
+
+
+
+ calldur_thresh_crit_col (string)
+
+ The column's name in the database storing the
+ critical threshold value for call duration.
+
+
+
+ Default value is call_duration_critical
.
+
+
+
+ Set calldur_thresh_crit_col
parameter
+
+...
+modparam("dispatcher", "calldur_thresh_crit_col", "calldur_crit_thresh")
+...
+
+
+
+
+
+ totalc_thresh_warn_col (string)
+
+ The column's name in the database storing the
+ warning threshold value for the number of total calls.
+
+
+
+ Default value is total_calls_warning
.
+
+
+
+ Set totalc_thresh_warn_col
parameter
+
+...
+modparam("dispatcher", "totalc_thresh_warn_col", "totalc_warn_thresh")
+...
+
+
+
+
+
+ totalc_thresh_crit_col (string)
+
+ The column's name in the database storing the
+ critical threshold value for the number of total calls.
+
+
+
+ Default value is total_calls_critical
.
+
+
+
+ Set totalc_thresh_crit_col
parameter
+
+...
+modparam("dispatcher", "totalc_thresh_crit_col", "totalc_crit_thresh")
+...
+
+
+
+
+
+ concalls_thresh_warn_col (string)
+
+ The column's name in the database storing the
+ warning threshold value for the number of
+ concurrent calls.
+
+
+
+ Default value is concurrent_calls_warning
.
+
+
+
+ Set concalls_thresh_warn_col
parameter
+
+...
+modparam("dispatcher", "concalls_thresh_warn_col", "concalls_warn_thresh")
+...
+
+
+
+
+
+ concalls_thresh_crit_col (string)
+
+ The column's name in the database storing the
+ critical threshold value for the number of
+ concurrent calls.
+
+
+
+ Default value is concurrent_calls_critical
.
+
+
+
+ Set concalls_thresh_crit_col
parameter
+
+...
+modparam("dispatcher", "concalls_thresh_crit_col", "concalls_crit_thresh")
+...
+
+
+
+
+
+ seqcalls_thresh_warn_col (string)
+
+ The column's name in the database storing the
+ warning threshold value for the number of
+ sequential calls.
+
+
+
+ Default value is sequential_calls_warning
.
+
+
+
+ Set seqcalls_thresh_warn_col
parameter
+
+...
+modparam("dispatcher", "seqcalls_thresh_warn_col", "seqcalls_warn_thresh")
+...
+
+
+
+
+
+ seqcalls_thresh_crit_col (string)
+
+ The column's name in the database storing the
+ critical threshold value for the number of
+ sequential calls.
+
+
+
+ Default value is sequential_calls_critical
.
+
+
+
+ Set seqcalls_thresh_crit_col
parameter
+
+...
+modparam("dispatcher", "seqcalls_thresh_crit_col", "seqcalls_crit_thresh")
+...
+
+
+
+
+
+
+
+ Exported Functions
+
+
+ check_fraud(user, number, profile_id)
+
+
+ This method should be called each time a given user
+ calls a given number. It will try to match a fraud rule
+ within de given fraud profile and update the stats (see above). Furthermore,
+ the stats will be checked against the rule's thresholds. If any of the stats
+ is above it's threhsold value the appropriate event will also be raised
+ (see further details below).
+
+ Meaning of the parameters is as follows:
+
+
+
+ user - the user who is making the call. Please keep in mind that
+ the user doesn't have to be registered. This string is only used do keep different stats
+ for different registered users.
+
+
+
+
+ number - the number the user is calling to.
+
+
+
+
+ profile_id - the fraud profile id (i.e. the subset of fraud
+ rules) in which to try and find a matching fraud rule.
+
+
+
+
+ The meaning of the return code is as follows:
+
+
+
+
+ 2 - no matching fraud rule was found
+
+
+
+
+ 1 - a matching rule was found, but there is no
+ parameter above the rule's threshlod, i.e - everything is ok
+
+
+
+
+ -1 - there is a parameter above the warning threhsold value.
+ Check the raised event for more info
+
+
+
+
+ -2 - there is a parameter above the critical threhsold value.
+ Check the raised event for more info
+
+
+
+
+ -3 - something went wrong (internal mechanism failed)
+
+
+
+
+ This function can be used from REQUEST_ROUTE and ONREPLY_ROUTE.
+
+
+
+
+
+ Exported MI Functions
+
+
+ show_fraud_stats
+
+
+ Show the current stats of a given user for a given prefix.
+
+
+ Name: show_fraud_stats
+
+ Parameters:
+
+ user
+
+ number
+
+ prefix
+
+
+
+
+ fraud_reload
+
+
+ Reload the all the fraud rules.
+
+
+ Name: fraud_reload
+
+ Parameters: none
+
+
+
+
+
+ Exported Events
+
+
+ E_FRD_WARNING
+
+
+ This event is raised whenever one of the 5 monitored parameters
+ is above the warning threhsold value
+ Parameters:
+
+
+ param - the name of the parameter.
+
+
+ value - the current value of the parameter.
+
+
+ threshold - the warning threshold value.
+
+
+ user - the user who initiated the call.
+
+
+ called_number - the number that was called.
+
+
+ rule_id - the id of the fraud rule that matched
+ when the call was initiated
+
+
+
+
+
+ E_FRD_CRITICAL
+
+
+ This event is raised whenever one of the 5 monitored parameters
+ is above the warning threhsold value
+ Parameters:
+
+
+ param - the name of the parameter.
+
+
+ value - the current value of the parameter.
+
+
+ threshold - the warning threshold value.
+
+
+ user - the user who initiated the call.
+
+
+ called_number - the number that was called.
+
+
+ rule_id - the id of the fraud rule that matched
+ when the call was initiated
+
+
+
+
+
+
+
diff --git a/modules/fraud_detection/fraud_detection.c b/modules/fraud_detection/fraud_detection.c
index 1df8ca265ae..ef986bcebe1 100644
--- a/modules/fraud_detection/fraud_detection.c
+++ b/modules/fraud_detection/fraud_detection.c
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#include "../../ut.h"
#include "../../db/db.h"
#include "../../time_rec.h"
diff --git a/modules/fraud_detection/frd_events.c b/modules/fraud_detection/frd_events.c
index 8e52bac921f..51ac81c7020 100644
--- a/modules/fraud_detection/frd_events.c
+++ b/modules/fraud_detection/frd_events.c
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#include "../../evi/evi_params.h"
#include "../../evi/evi_modules.h"
diff --git a/modules/fraud_detection/frd_events.h b/modules/fraud_detection/frd_events.h
index 6d509c8d2c7..64abe9f40f9 100644
--- a/modules/fraud_detection/frd_events.h
+++ b/modules/fraud_detection/frd_events.h
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#ifndef __FRD_EVENTS_H__
#define __FRD_EVENTS_H__
diff --git a/modules/fraud_detection/frd_hashmap.c b/modules/fraud_detection/frd_hashmap.c
index 817811a7851..3c4e8ac2f44 100644
--- a/modules/fraud_detection/frd_hashmap.c
+++ b/modules/fraud_detection/frd_hashmap.c
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#include "frd_hashmap.h"
#include "../../hash_func.h"
diff --git a/modules/fraud_detection/frd_hashmap.h b/modules/fraud_detection/frd_hashmap.h
index 140d9f9e050..7f6cdda839a 100644
--- a/modules/fraud_detection/frd_hashmap.h
+++ b/modules/fraud_detection/frd_hashmap.h
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#ifndef __FRD_HASHMAP_H__
#define __FRD_HASHMAP_H__
diff --git a/modules/fraud_detection/frd_load.c b/modules/fraud_detection/frd_load.c
index c8e4be6276b..15baef2ac40 100644
--- a/modules/fraud_detection/frd_load.c
+++ b/modules/fraud_detection/frd_load.c
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#include "../../ut.h"
#include "../../db/db.h"
#include "../drouting/dr_api.h"
diff --git a/modules/fraud_detection/frd_load.h b/modules/fraud_detection/frd_load.h
index a9fcb062841..44cc9974f6c 100644
--- a/modules/fraud_detection/frd_load.h
+++ b/modules/fraud_detection/frd_load.h
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#ifndef __FRD_LOAD_H__
#define __FRD_LOAD_H__
diff --git a/modules/fraud_detection/frd_stats.c b/modules/fraud_detection/frd_stats.c
index 21d01c2a7d6..6943f10063b 100644
--- a/modules/fraud_detection/frd_stats.c
+++ b/modules/fraud_detection/frd_stats.c
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#include
#include "frd_stats.h"
#include "frd_hashmap.h"
diff --git a/modules/fraud_detection/frd_stats.h b/modules/fraud_detection/frd_stats.h
index 3c6e7dda1f7..cfa7f573a63 100644
--- a/modules/fraud_detection/frd_stats.h
+++ b/modules/fraud_detection/frd_stats.h
@@ -1,3 +1,30 @@
+/**
+ *
+ * Fraud Detection Module
+ *
+ * Copyright (C) 2014 OpenSIPS Foundation
+ *
+ * This file is part of opensips, a free SIP server.
+ *
+ * opensips is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version
+ *
+ * opensips is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * History
+ * -------
+ * 2014-09-26 initial version (Andrei Datcu)
+*/
+
#ifndef __FRD_STATS_H__
#define __FRD_STATS_H__
diff --git a/scripts/db_berkeley/opensips/fraud_detection b/scripts/db_berkeley/opensips/fraud_detection
new file mode 100644
index 00000000000..0a1c190160a
--- /dev/null
+++ b/scripts/db_berkeley/opensips/fraud_detection
@@ -0,0 +1,12 @@
+METADATA_COLUMNS
+ruleid(int) profileid(int) prefix(str) start_hour(str) end_hour(str) daysoftheweek(str) cpm_warning(int) cpm_critical(int) call_duration_warning(int) call_duration_critical(int) total_calls_warning(int) total_calls_critical(int) concurrent_calls_warning(int) concurrent_calls_critical(int) sequential_calls_warning(int) sequential_calls_critical(int)
+METADATA_KEY
+0
+METADATA_READONLY
+0
+METADATA_LOGFLAGS
+0
+METADATA_DEFAULTS
+NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL|NIL
+fraud_detection|
+fraud_detection|1
diff --git a/scripts/dbtext/opensips/fraud_detection b/scripts/dbtext/opensips/fraud_detection
new file mode 100644
index 00000000000..7aacc079392
--- /dev/null
+++ b/scripts/dbtext/opensips/fraud_detection
@@ -0,0 +1,2 @@
+ruleid(int,auto) profileid(int) prefix(string) start_hour(string) end_hour(string) daysoftheweek(string) cpm_warning(int) cpm_critical(int) call_duration_warning(int) call_duration_critical(int) total_calls_warning(int) total_calls_critical(int) concurrent_calls_warning(int) concurrent_calls_critical(int) sequential_calls_warning(int) sequential_calls_critical(int)
+fraud_detection:1
diff --git a/scripts/mysql/fraud_detection-create.sql b/scripts/mysql/fraud_detection-create.sql
new file mode 100644
index 00000000000..8c981c9ab48
--- /dev/null
+++ b/scripts/mysql/fraud_detection-create.sql
@@ -0,0 +1,20 @@
+INSERT INTO version (table_name, table_version) values ('fraud_detection','1');
+CREATE TABLE fraud_detection (
+ ruleid INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY NOT NULL,
+ profileid INT UNSIGNED NOT NULL,
+ prefix CHAR(64) NOT NULL,
+ start_hour CHAR(5) NOT NULL,
+ end_hour CHAR(5) NOT NULL,
+ daysoftheweek CHAR(64) NOT NULL,
+ cpm_warning INT(5) UNSIGNED NOT NULL,
+ cpm_critical INT(5) UNSIGNED NOT NULL,
+ call_duration_warning INT(5) UNSIGNED NOT NULL,
+ call_duration_critical INT(5) UNSIGNED NOT NULL,
+ total_calls_warning INT(5) UNSIGNED NOT NULL,
+ total_calls_critical INT(5) UNSIGNED NOT NULL,
+ concurrent_calls_warning INT(5) UNSIGNED NOT NULL,
+ concurrent_calls_critical INT(5) UNSIGNED NOT NULL,
+ sequential_calls_warning INT(5) UNSIGNED NOT NULL,
+ sequential_calls_critical INT(5) UNSIGNED NOT NULL
+) ENGINE=MyISAM;
+
diff --git a/scripts/oracle/fraud_detection-create.sql b/scripts/oracle/fraud_detection-create.sql
new file mode 100644
index 00000000000..37f01a357d1
--- /dev/null
+++ b/scripts/oracle/fraud_detection-create.sql
@@ -0,0 +1,28 @@
+INSERT INTO version (table_name, table_version) values ('fraud_detection','1');
+CREATE TABLE fraud_detection (
+ ruleid NUMBER(10) PRIMARY KEY,
+ profileid NUMBER(10),
+ prefix VARCHAR2(64),
+ start_hour VARCHAR2(5),
+ end_hour VARCHAR2(5),
+ daysoftheweek VARCHAR2(64),
+ cpm_warning NUMBER(10),
+ cpm_critical NUMBER(10),
+ call_duration_warning NUMBER(10),
+ call_duration_critical NUMBER(10),
+ total_calls_warning NUMBER(10),
+ total_calls_critical NUMBER(10),
+ concurrent_calls_warning NUMBER(10),
+ concurrent_calls_critical NUMBER(10),
+ sequential_calls_warning NUMBER(10),
+ sequential_calls_critical NUMBER(10)
+);
+
+CREATE OR REPLACE TRIGGER fraud_detection_tr
+before insert on fraud_detection FOR EACH ROW
+BEGIN
+ auto_id(:NEW.id);
+END fraud_detection_tr;
+/
+BEGIN map2users('fraud_detection'); END;
+/
diff --git a/scripts/pi_http/fraud_detection-mod b/scripts/pi_http/fraud_detection-mod
new file mode 100644
index 00000000000..99b1199ef09
--- /dev/null
+++ b/scripts/pi_http/fraud_detection-mod
@@ -0,0 +1,77 @@
+
+ fraud_detection
+ show
+ fraud_detection
+ DB_QUERY
+
+ ruleidupdate
+ profileid
+ prefix
+ start_hour
+ end_hour
+ daysoftheweek
+ cpm_warning
+ cpm_critical
+ call_duration_warning
+ call_duration_critical
+ total_calls_warning
+ total_calls_critical
+ concurrent_calls_warning
+ concurrent_calls_critical
+ sequential_calls_warning
+ sequential_calls_critical
+
+
+ add
+ fraud_detection
+ DB_INSERT
+
+ profileid
+ prefix
+ start_hour
+ end_hour
+ daysoftheweek
+ cpm_warning
+ cpm_critical
+ call_duration_warning
+ call_duration_critical
+ total_calls_warning
+ total_calls_critical
+ concurrent_calls_warning
+ concurrent_calls_critical
+ sequential_calls_warning
+ sequential_calls_critical
+
+
+ update
+ fraud_detection
+ DB_UPDATE
+
+ ruleid=
+
+
+ profileid
+ prefix
+ start_hour
+ end_hour
+ daysoftheweek
+ cpm_warning
+ cpm_critical
+ call_duration_warning
+ call_duration_critical
+ total_calls_warning
+ total_calls_critical
+ concurrent_calls_warning
+ concurrent_calls_critical
+ sequential_calls_warning
+ sequential_calls_critical
+
+
+ delete
+ fraud_detection
+ DB_DELETE
+
+ ruleid=
+
+
+
diff --git a/scripts/pi_http/fraud_detection-table b/scripts/pi_http/fraud_detection-table
new file mode 100644
index 00000000000..55edc4d1fa7
--- /dev/null
+++ b/scripts/pi_http/fraud_detection-table
@@ -0,0 +1,21 @@
+
+
+ fraud_detection
+ mysql
+ ruleidDB_INT
+ profileidDB_INT
+ prefixDB_STR
+ start_hourDB_STR
+ end_hourDB_STR
+ daysoftheweekDB_STR
+ cpm_warningDB_INT
+ cpm_criticalDB_INT
+ call_duration_warningDB_INT
+ call_duration_criticalDB_INT
+ total_calls_warningDB_INT
+ total_calls_criticalDB_INT
+ concurrent_calls_warningDB_INT
+ concurrent_calls_criticalDB_INT
+ sequential_calls_warningDB_INT
+ sequential_calls_criticalDB_INT
+
diff --git a/scripts/postgres/fraud_detection-create.sql b/scripts/postgres/fraud_detection-create.sql
new file mode 100644
index 00000000000..80695237bb4
--- /dev/null
+++ b/scripts/postgres/fraud_detection-create.sql
@@ -0,0 +1,21 @@
+INSERT INTO version (table_name, table_version) values ('fraud_detection','1');
+CREATE TABLE fraud_detection (
+ ruleid SERIAL PRIMARY KEY NOT NULL,
+ profileid INTEGER NOT NULL,
+ prefix VARCHAR(64) NOT NULL,
+ start_hour VARCHAR(5) NOT NULL,
+ end_hour VARCHAR(5) NOT NULL,
+ daysoftheweek VARCHAR(64) NOT NULL,
+ cpm_warning INTEGER NOT NULL,
+ cpm_critical INTEGER NOT NULL,
+ call_duration_warning INTEGER NOT NULL,
+ call_duration_critical INTEGER NOT NULL,
+ total_calls_warning INTEGER NOT NULL,
+ total_calls_critical INTEGER NOT NULL,
+ concurrent_calls_warning INTEGER NOT NULL,
+ concurrent_calls_critical INTEGER NOT NULL,
+ sequential_calls_warning INTEGER NOT NULL,
+ sequential_calls_critical INTEGER NOT NULL
+);
+
+ALTER SEQUENCE fraud_detection_ruleid_seq MAXVALUE 2147483647 CYCLE;