A Novel Graph-Based Descriptor for the Detection of Billing-Related Anomalies in Cellular Mobile Networks

Mobile devices are evolving and becoming increasingly popular over the last few years. This growth, however, has exposed mobile devices to a large number of security threats. Malware installed in smartphones can be used for a variety of malicious purposes, including stealing personal data, sending spam SMSs, and launching Denial of Service (DoS) attacks against core network components. Authentication and access-control-based techniques, employed by network operators fail to provide integral protection against malware threats. In order to solve this issue, the activity of each mobile device in the network must be taken into account, and combined with the activities of all the other devices. The communication activity in the mobile network has a source, a destination, and possibly communication weights (e.g., the number of calls between two mobile devices). This relational nature of the communication activity is naturally represented with graphs. This indicates that graphs can be utilized in order to provide better representations of the entire network activity, and lead to better detection results when compared to methods that consider the activity of each mobile device individually. Towards this end, this paper proposes a novel graph-based descriptor for the detection of anomalies in mobile networks, using billing-related information. The graph-based descriptor represents the total activity in the network. Smaller graphs are afterwards extracted from the graph-based descriptor, each one representing the activity of one mobile device (e.g., Calls or SMSs), while multiple features are calculated for each such graph. These features are subsequently used for the supervised classification on network events, and the identification of anomalous mobile devices. Experimental results and comparison of the proposed anomaly detection method to the existing work, show that the graph-based descriptor has superior performance in a variety of scenarios.

[1]  Qiang Yang,et al.  SMS Spam Detection Using Noncontent Features , 2012, IEEE Intelligent Systems.

[2]  Lei Liu,et al.  VirusMeter: Preventing Your Cellphone from Spies , 2009, RAID.

[3]  Patrick D. McDaniel,et al.  Email Communities of Interest , 2007, CEAS.

[4]  Thomas F. La Porta,et al.  Exploiting open functionality in SMS-capable cellular networks , 2005, CCS '05.

[5]  Christos Faloutsos,et al.  oddball: Spotting Anomalies in Weighted Graphs , 2010, PAKDD.

[6]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[7]  Thomas F. La Porta,et al.  A Detection Mechanism for SMS Flooding Attacks in Cellular Networks , 2012, SecureComm.

[8]  Erol Gelenbe,et al.  Signalling storms in 3G mobile networks , 2014, 2014 IEEE International Conference on Communications (ICC).

[9]  Guanhua Yan,et al.  SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection , 2009, RAID.

[10]  Corinna Cortes,et al.  Communities of interest , 2001, Intell. Data Anal..

[11]  Christin Schäfer,et al.  Learning Intrusion Detection: Supervised or Unsupervised? , 2005, ICIAP.

[12]  Ulrike Wirth The Telecommunications Illustrated Dictionary , 2016 .

[13]  Jie Huang,et al.  A Bayesian Approach for Text Filter on 3G Network , 2010, 2010 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM).

[14]  Thomas F. La Porta,et al.  Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks , 2006, IEEE/ACM Transactions on Networking.

[15]  R. Yuste,et al.  Comparison Between Supervised and Unsupervised Classifications of Neuronal Cell Types: A Case Study , 2010, Developmental neurobiology.

[16]  Erol Gelenbe,et al.  Modeling and Analysis of RRC-Based Signalling Storms in 3G Networks , 2016, IEEE Transactions on Emerging Topics in Computing.

[17]  Danai Koutra,et al.  Net-Ray: Visualizing and Mining Billion-Scale Graphs , 2014, PAKDD.

[18]  Julie K. Petersen Telecommunications Illustrated Dictionary , 2002 .

[19]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[20]  Guanhua Yan,et al.  Sim-Watchdog: Leveraging Temporal Similarity for Anomaly Detection in Dynamic Graphs , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[21]  Akebo Yamakami,et al.  Contributions to the study of SMS spam filtering: new collection and results , 2011, DocEng '11.

[22]  Christos Faloutsos,et al.  It's who you know: graph mining using recursive structural features , 2011, KDD.

[23]  Vinayak S. Naik,et al.  SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering , 2011, HotMobile '11.

[24]  Roger Piqueras Jover,et al.  Anomaly detection in cellular Machine-to-Machine communications , 2013, 2013 IEEE International Conference on Communications (ICC).

[25]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[26]  Patrick D. McDaniel,et al.  Enterprise Security: A Community of Interest Based Approach , 2006, NDSS.

[27]  Christos Faloutsos,et al.  Metric forensics: a multi-level approach for mining volatile graphs , 2010, KDD.

[28]  Vangelis Th. Paschos,et al.  A Bottom-Up Method and Fast Algorithms for max independent set , 2010, SWAT.

[29]  Danai Koutra,et al.  Graph based anomaly detection and description: a survey , 2014, Data Mining and Knowledge Discovery.

[30]  Sarah Jane Delany,et al.  SMS spam filtering: Methods and data , 2012, Expert Syst. Appl..

[31]  Nicola Gobbo,et al.  A Denial of Service Attack to GSM Networks via Attach Procedure , 2013, CD-ARES Workshops.