Systems to mitigate improper network usage are deployed in service provider networks, business data centers, etc., to detect abnormal, suspicious, disapproved and/or fraudulent network usage associated with, for example, a customer's account, equipment, devices, etc. Early detection allows swift responsive action to mitigate the potential harm to the customer and/or the network caused by the abnormal, suspicious, disapproved and/or fraudulent network usage. For example, if the detected suspicious network usage is caused by account theft, device theft, network hijacking, etc., then early detection and quick responsive action can limit the damage and financial loss to both the customer and the service provider.
When suspicious activity is detected, an existing system to mitigate improper network usage alerts a customer care team or similar network operations staff. The customer care team then manually: 1) evaluates activity records associated with the triggered activity alert corresponding to the suspicious network usage; 2) contacts the affected customer to determine whether the network usage was improper; and 3) if improper usage is verified, suspends the customer's account, equipment, device(s), etc. The manual responsive action required by existing systems that mitigate improper network usage results in potentially significant operations costs. Furthermore, unnecessary operational costs can be incurred in the presence of “false alarms” which cause the customer care team to respond to activity alerts that are not related to underlying improper network usage.