A system is provided for thwarting the undesired incoming calls and eliminating the impact of robocalls, tollfree pumping, political spam, data collection bots, and other phone fraud forms. The system has a spam detection unit with a plurality of spam type modules and each spam type module is configured to detect a different type of spam.

Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner. Other aspects utilize inner edge data from an intermediate node of the communications network which may be analyzed against other inner edge data from other intermediate nodes and/or outer edge data.

A telephony communications system for detecting abuse in a public telephone network to which a telephone network subscriber is connected includes: a telephone system server, configured to: emulate an extension subscriber in order to simulate the existence of the emulated extension subscriber of the telephone system vis-à-vis an attacking entity, receive a control command from the attacking entity to establish a telephone connection between the emulated extension subscriber and the telephone network subscriber, and send a connection request to the telephone network subscriber in response to receiving the control command in order to initiate the establishment of the telephone connection between the emulated extension subscriber and the telephone network subscriber; and a telephone network abuse detection device configured to detect an abuse attempt in the public telephone network on the basis of the telephone network address of the telephone network subscriber.

Systems and methods for using machine-learning techniques for labeling incoming calls with categories relating to a risk level. A model is generated using call log data. The call log data is augmented using information from additional data sources to generate features for the model. The model may then be used to categorize additional incoming calls. The model may be used in real-time to categorize incoming calls, or categorization results may be stored for a plurality of calling numbers. Various embodiments provide various technical advantages by virtue of how the components of the system are deployed between an endpoint communication device, a telephony provider system, and possibly other systems.

Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner. Other aspects utilize inner edge data from an intermediate node of the communications network which may be analyzed against other inner edge data from other intermediate nodes and/or outer edge data.

Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Systems and methods are disclosed for using machine-learning techniques for labeling incoming calls with categories relating to a risk level. A model is generated using call log data. The call log data is augmented using information from additional data sources to generate features for the model. The model may then be used to categorize additional incoming calls. The model may be used in real-time to categorize incoming calls, or categorization results may be stored for a plurality of calling numbers. Various embodiments provide various technical advantages by virtue of how the components of the system are deployed between an endpoint communication device, a telephony provider system, and possibly other systems.

Systems and methods for using machine-learning techniques for labeling incoming calls with categories relating to a risk level. A model is generated using call log data. The call log data is augmented using information from additional data sources to generate features for the model. The model may then be used to categorize additional incoming calls. The model may be used in real-time to categorize incoming calls, or categorization results may be stored for a plurality of calling numbers. Various embodiments provide various technical advantages by virtue of how the components of the system are deployed between an endpoint communication device, a telephony provider system, and possibly other systems.