Use cases

It is scenario based Use Cases which describes interaction of User with System. Each separate Use Case is focused on achieving one particular Goal. Scenarios in scope of single Use Case describes possible variation and erroneous path in the Goal achievement. 

 

Use case #1: Setting E-Mails and interval between checks

Roles: Administrator, System

Use scenario #1.1: Setting multiple E-Mails to notify

Scenario:


Use scenario #1.2: Setting interval between checks

  • The administrator enters 60 minutes as an interval

  • The system checks for possible fraud every 60 minutes

  • If there is some suspicious traffic found during this interval - system sends a notification.

Use case #2: Configuration of destinations and thresholds

Roles: Administrator, System

Preconditions: Administrator knows the list of suspicious destinations and normal traffic volumes, in minutes per hour

Use scenario #2.1: Setting threshold for Somalia

Scenario:

  • Administrator clicks "Add new destination"

  • Administrator types or pastes "Somalia".

  • The system shows destinations for Somalia: 252 SOMALIA Proper, 25216 SOMALIA Mogadishu, 25225 SOMALIA Telesom ...

  • Administrator chooses 252 SOMALIA Proper

  • Administrator enters 200 minutes as a threshold

  • System saves this destination and starts monitoring the calls to Somalia

Use scenario #2.2: Search for a wrong destination
Scenario:

  • Administrator clicks "Add a new destination"

  • Administrator types or pastes "SomElia"

  • The system can not find such destination, an error is shown

  • Administrator has to correct the destination - "Somalia", now the system finds it.
  • The system shows destinations for Somalia: 252 SOMALIA Proper, 25216 SOMALIA Mogadishu, 25225 SOMALIA Telesom ...

Use scenario #2.3: Modification of the threshold for Somalia

Scenario:

  • Administrator finds a record for "Somalia" and sees 200 minutes as a threshold

  • Administrator edits the threshold to make it 300 minutes

  • System saves this destination and starts monitoring the calls to Somalia with a new value - 300 minutes

Use scenario #2.4: Too small threshold value - false positive alerts

Scenario:

  • Administrator changes threshold to Somalia to 10 minutes

  • System saves this destination and starts monitoring the calls to Somalia with a new value - 10 minutes
  • Normal traffic to Somalia is 20 to 160 minutes, so administrator receives false alerts every hour.

Use case #3: Alert on suspicious traffic to Somalia

Roles: Administrator, System

Preconditions: Administrator has configured alerts for Somalia (252 SOMALIA Proper),

threshold: 200 minutes

e-mails: noc@domain.com, boss@domain.com, admin@domain.com

Use scenario #3.1: No alerts if the traffic is lower than the threshold

Scenario:

  • System checks traffic to suspicious destinations on 19 Feb 2015 at 11:00

  • Traffic to Somalia for the period 19 Feb 2015 10:00-11:00 is 12 minutes, lower than the threshold(200 minutes)

  • System does not send alerts - everything looks good.

 

Use scenario #3.2: Alert when the traffic is higher than the threshold

Scenario:

  • System checks traffic to suspicious destinations on 19 Feb 2015 at 12:00

  • Traffic to Somalia for the period 19 Feb 2015 11:00-12:00 is 350 minutes, higher than the threshold(200 minutes)

  • System sends an E-Mail alert to noc@domain.com, boss@domain.com, admin@domain.com

Subject: Traffic to "SOMALIA Proper" has exceeded your selected alert threshold

Body:

Traffic Date     Hour UTC     Destination           Alert Setting     Actual Minutes   Customers who sent traffic

19-FEB-2015 11:00-12:00   SOMALIA Proper       200                 350                  XYZ Telecom, YYY Call Center

 

  • Administrator receives E-Mail alert and blocks the suspicious traffic.

Use scenario #3.3: Selectivity of the destinations

Scenario:

  • System checks traffic to suspicious destinations on 19 Feb 2015 at 13:00

  • There are calls to multiple destinations within Somalia for 19 Feb 2015 12:00-13:00

  1. 10 minutes to 252 SOMALIA Proper,
  2. 15 minutes to 25218 SOMALIA Mogadishu
  3. 8 minutes to 25229 SOMALIA Somalia-STC

  • System sums usage for 252 SOMALIA Proper and all sub-destinations (25218 SOMALIA Mogadishu, 25229 SOMALIA Somalia-STC ), the result: 33 minutes.

  • The system compares 33 minutes with the threshold.

 

Use case #4: User-friendly configuration of destinations and thresholds

Problem: In Use Case #2, administrator knew normal traffic volumes to suspicious destinations, in minutes per hour.

In reality, administrator may not know a specific value. So there is a high chance that he or she will abandon the configuration or configure threshold in a wrong way, leading to false alerts. To get the exact amount of minutes, administrator will need to run some query "give me a number of minutes to Congo for the busiest hour in the system". And then apply some formula to get the threshold, enter the result into the configuration.

For customers who don't want to calculate "the amount of minutes to Congo during the busiest hour last month", but want to use this feature, it will be nice if the system can calculate current volumes and suggest the thresholds based on current traffic pattern.

Roles: Administrator, System

Preconditions: Administrator heard that their competitor had a huge loss due to toll fraud on Congo destinations. So administrator decided to setup alerts for Congo.

Use scenario #4.1: Configuring a threshold for Congo using system's suggestions

Scenario:

  • Administrator clicks "Add new destination"

  • Administrator types or pastes "Congo".

  • The system shows destinations for Congo: 242 CONGO Proper, 2422 CONGO Mobile,24231 CONGO Mobile ...

  • Administrator chooses 242 CONGO Proper

  • Administrator is given a choice: enter a specific amount of minutes OR use a suggested value based on last month usage

  • Administrator chooses "use a suggested value..."

  • An idea of a formula for the threshold: max ( ( 2x busiest hour ) , 200 )
  • The system analyzes traffic to 242* for the last month. Finds that the busiest hour for 242* had 180 minutes. System sets 360 as a threshold for Congo.
  • On the next run, 360 minutes threshold is used for Congo.

Use scenario #4.2: Updating the threshold from the e-mail alert

 

Scenario:

  • System checks traffic to suspicious destinations on 19 Feb 2015 at 12:00

  • Traffic to Somalia for the period 19 Feb 2015 11:00-12:00 is 350 minutes, higher than the threshold(200 minutes)

  • System sends an E-Mail alert to noc@domain.com, boss@domain.com, admin@domain.com

Subject: Traffic to "SOMALIA Proper" has exceeded your selected alert threshold

Body:

Traffic Date     Hour UTC     Destination           Alert Setting     Actual Minutes   Customers who sent traffic

19-FEB-2015 11:00-12:00   SOMALIA Proper       200                 350                  XYZ Telecom, YYY Call Center

If the traffic is legitimate, you may:
 * increase the threshold manually <here>;
 * let the system <rebuild the suggested threshold based on current traffic>.

  • Administrator clicks <rebuild the suggested threshold based on current traffic>.
  • The system changes the threshold using formula and last hour traffic for Somalia Proper. 350 minutes traffic => 700 minutes threshold.
  • Next hour alerts are generated using 700 minutes threshold for Somalia.