A telephone switching system capable of enabling an administrator to easily change the setting when an illegal outgoing call is detected and the illegal outgoing call is regulated is provided. A telephone switchboard includes a detection section for detecting an occurrence of a predetermined event, an e-mail creation section for creating a notification mail in which a content of the detected event is described, and a transmitting section for transmitting the notification mail, and the management terminal includes a receiving section for receiving the notification mail, an e-mail creation section for creating a reply mail corresponding to the notification mail, and a transmitting section for transmitting the reply mail. Further, the telephone switchboard further includes a receiving section for receiving the reply mail, and a setting section for setting an operation condition for a predetermined operation performed by the telephone switchboard based on the reply mail received.

Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner. Other aspects utilize inner edge data from an intermediate node of the communications network which may be analyzed against other inner edge data from other intermediate nodes and/or outer edge data.

Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.