There are currently many situations in which telecommunications networks are used by individuals without authorization. Unauthorized network use places a large financial burden on the entity which owns the network or pays for use of the network. The risk of loss due to unauthorized use is particularly acute in those networks which allow access to the network remotely, for example, through the use of an authorization code and a toll-free ("800") telephone number. The authorization code is used to gain access to a private branch exchange (PBX) which provides "remote access" capabilities--the ability to access private network facilities from off-network locations--to a network customer or PBX owner (collectively referred to as a "subscriber"). Remote access is useful, for example, for allowing a salesperson traveling outside company premises to place calls through the subscriber's PBX to take advantage of volume discount rates. Though useful and convenient, this remote access capability may present a security risk to the subscriber by inadvertently providing an opportunity for unauthorized users to gain access to the network.
Current methods for detecting and preventing unauthorized remote access to a communications network typically involve analyzing traffic patterns on the network. For example, one technique involves analyzing the average call duration or the number of calls placed to foreign countries to determine whether the traffic patterns are consistent with a subscriber's call history or call pattern profile. In the event that a call is inconsistent with the subscriber's call pattern profile, the subscriber is provided with a report of the abnormal call activity. Other methods for dealing with the problem of unauthorized use involve automatically denying or blocking access to the network when abnormal use is detected so as to minimize the subscriber's financial loss.
Systems which use these techniques may annoy valid users of the network whose authorized calls are blocked inadvertently. Also, systems which automatically deny access encourage "hackers" seeking access to the network to try other authorization codes or points of entry to the network. Such systems do not provide a means for identifying security weaknesses within the network to permit improvement or correction.