Now that I’m back and rested, I’m going to be investing more nights and weekends into driving the SITCH project forward. The demo was fine and all, but the more testing I do, the less I trust the OpenCellID database as the source of truth for what we should see in the real world. It’s a data source that could be poisoned, and it’s not backed up by any official data from cell providers.
While it’s certainly less specific, we can do a lot with FCC licenses… and you can download those very easily. I’m almost done with the next version of the feed generator, and it will support the OpenCellID database as well as the FCC’s license database. The license data shows us the location of the facility and the frequencies it’s permitted to operate on. From that, we can derive the ARFCNs that we should be seeing as well as the provider that should be owning them… with any luck we’ll be able to correlate that with the provider owning the HNI (MCC+MNC) to narrow the scope of what we’ll call an anomaly.
Getting the feed generator re-written to accommodate the FCC license database alongside the OpenCellID database (and run as its own web server to remove S3 as a dependency) is only part of it… then the Sensor will have to be modified to take advantage of the new feed… including the correlation/enrichment rules that perform first-tier correlation in the sensor.
Add to that the initiative to wrap up the service side in a set of deployment scripts… and I’m going to be a busy fellow for the foreseeable future.
I think that once I get the feed part sorted out (schema, etc), the project can be more easily shared among a group of developers (hint, hint)… and I’ll accept good pull requests with a great deal of gratitude.
More information Here.