Anomaly detection in cellular Machine-to-Machine communications

Communication networks are rapidly evolving with connectivity reaching far beyond cell-phones, computers and tablets. Novel applications are emerging based on the widespread presence of network-enabled sensors and actuators. Machine-to-Machine (M2M) devices such as power meters, medical sensors and asset tracking appliances provide a new dimension to telecommunication services. The majority of these novel systems require low bandwidth and base their communications and control protocols on the Short Messaging Service (SMS). SMS-based attacks pose a serious threat to M2M devices and the servers/users communicating with them. Researchers have demonstrated how to remotely control embedded devices and leverage them for malicious message floods. These attacks can potentially be masked by the massive amounts of legitimate text messages traveling the airwaves daily and providing data connectivity to these connected M2M appliances. In this paper we propose two algorithms for detecting anomalous SMS activities and attacks on aggregate, cluster and individual device levels. Once these algorithms detect an anomaly they automatically determine the cause of the anomaly. Effectiveness of the algorithms has been demonstrated on real life SMS communication traffic of M2M devices connected to the network of one of the main tier-1 providers in the US.

[1]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[2]  Chen Hongsong,et al.  Security and trust research in M2M system , 2011, Proceedings of 2011 IEEE International Conference on Vehicular Electronics and Safety.

[3]  Roger Piqueras Jover,et al.  How an SMS-based malware infection will get throttled by the wireless link , 2012, 2012 IEEE International Conference on Communications (ICC).

[4]  Antonio F. Gómez-Skarmeta,et al.  An Architecture Based on Internet of Things to Support Mobility and Security in Medical Environments , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[5]  S. Uryasev,et al.  Drawdown Measure in Portfolio Optimization , 2003 .

[6]  Jaydip Sen,et al.  Embedded security for Internet of Things , 2011, 2011 2nd National Conference on Emerging Trends and Applications in Computer Science.

[7]  Michael Starsinic System architecture challenges in the home M2M network , 2010, 2010 IEEE Long Island Systems, Applications and Technology Conference.

[8]  More than 50 billion connected devices , 2011 .

[9]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.

[10]  I. Jolliffe Principal Component Analysis , 2002 .

[11]  Sachin Agarwal,et al.  Operator-based over-the-air M2M wireless sensor network security , 2010, 2010 14th International Conference on Intelligence in Next Generation Networks.