Fraud detection - integration test guide
Scenarios
| Pattern | Scenario file | Inject CSV | Expected detection |
|---|---|---|---|
| Wangiri burst | fraud-wangiri-burst.xml | numbers-fraud-wangiri.csv | ACD below 3s, high ASR, Pattern Analyzer flag within 5 min |
| IRSF premium | fraud-irsf-premium.xml | numbers-fraud-irsf.csv | Destination match on Cook Islands, Somalia, or BVI premium ranges |
| Concentration | Manual CDR fixture or SQL seed | Manual | Single originator above 60% toward one destination country within the analysis window |
Run
ssh sipp-01-staging
sudo /opt/akira/sipp/run_fraud_test.sh wangiri 100.100.0.10:5060
sudo /opt/akira/sipp/run_fraud_test.sh irsf 100.100.0.10:5060
Verify Detection
- Open
https://akira-staging.asheep.it/pattern-analyzer. - Check for a new "Wangiri pattern detected" alert within 5 minutes after the Wangiri run.
- Check for a new IRSF or premium destination alert after the IRSF run.
- Drill into the detection and verify that the triggering CDR list contains
fraud-test-wangiri-orfraud-test-irsf-call IDs. - Use the "Block CLI" action on a test CLI and verify the resulting blocklist entry.
Cleanup
Run cleanup only against the staging test database used for the integration run:
DELETE FROM cdr WHERE call_id LIKE 'fraud-test-%';
DELETE FROM cdr_patterns WHERE detection_source = 'integration-test';
Concentration risk is intentionally not generated by the SIPp launcher: it is an aggregate-hour risk signal and should be tested with a deterministic CDR fixture or SQL seed.