A Novel Graph-Based Descriptor for the Detection of Billing-Related Anomalies in Cellular Mobile Networks
Issue No. 11 - Nov. (2016 vol. 15)
Stavros Papadopoulos , Department of Electrical and Electronic Engineering, Imperial College London, London, United Kingdom
Anastasios Drosou , Information Technologies Institute, Centre for Research and Technology Hellas, PO Box 361, Thermi, Thessaloniki, Greece
Dimitrios Tzovaras , Information Technologies Institute, Centre for Research and Technology Hellas, PO Box 361, Thermi, Thessaloniki, Greece
Mobile devices are evolving and becoming increasingly popular over the last few years. This growth, however, has exposed mobile devices to a large number of security threats. Malware installed in smartphones can be used for a variety of malicious purposes, including stealing personal data, sending spam SMSs, and launching Denial of Service (DoS) attacks against core network components. Authentication and access-control-based techniques, employed by network operators fail to provide integral protection against malware threats. In order to solve this issue, the activity of each mobile device in the network must be taken into account, and combined with the activities of all the other devices. The communication activity in the mobile network has a source, a destination, and possibly communication weights (e.g., the number of calls between two mobile devices). This relational nature of the communication activity is naturally represented with graphs. This indicates that graphs can be utilized in order to provide better representations of the entire network activity, and lead to better detection results when compared to methods that consider the activity of each mobile device individually. Towards this end, this paper proposes a novel graph-based descriptor for the detection of anomalies in mobile networks, using billing-related information. The graph-based descriptor represents the total activity in the network. Smaller graphs are afterwards extracted from the graph-based descriptor, each one representing the activity of one mobile device (e.g., Calls or SMSs), while multiple features are calculated for each such graph. These features are subsequently used for the supervised classification on network events, and the identification of anomalous mobile devices. Experimental results and comparison of the proposed anomaly detection method to the existing work, show that the graph-based descriptor has superior performance in a variety of scenarios.
Feature extraction, Mobile computing, Mobile communication, Mobile handsets, Malware, Computer crime, Data mining
S. Papadopoulos, A. Drosou and D. Tzovaras, "A Novel Graph-Based Descriptor for the Detection of Billing-Related Anomalies in Cellular Mobile Networks," in IEEE Transactions on Mobile Computing, vol. 15, no. 11, pp. 2655-2668, 2016.