Skip to main content
Springer Nature Link
Log in

SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5758))

Included in the following conference series:

  • 1843 Accesses

Abstract

With more than one trillion mobile messages delivered worldwide every year, SMS has been a lucrative playground for various attacks and frauds such as spamming, phishing and spoofing. These SMS-based attacks pose serious security threats to both mobile users and cellular network operators, such as information stealing, overcharging, battery exhaustion, and network congestion. Against the backdrop that approaches to protecting SMS security are lagging behind, we propose a lightweight scheme called SMS-Watchdog that can detect anomalous SMS behaviors with high accuracy. Our key contributions are summarized as follows: (1) After analyzing an SMS trace collected within a five-month period, we conclude that for the majority of SMS users, there are window-based regularities regarding whom she sends messages to and how frequently she sends messages to each recipient. (2) With these regularities, we accordingly propose four detection schemes that build normal social behavior profiles for each SMS user and then use them to detect SMS anomalies in an online and streaming fashion. Each of these schemes stores only a few states (typically, at most 12 states) in memory for each SMS user, thereby imposing very low overhead for online anomaly detection. (3) We evaluate these four schemes and also two hybrid approaches with realistic SMS traces. The results show that the hybrid approaches can detect more than 92% of SMS-based attacks with false alarm rate 8.5%, or about two thirds of the attacks without any false alarm, depending on their parameter settings.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceedings of MobiSys 2008 (2008)

    Google Scholar 

  2. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Survey (September 2009) (to appear)

    Google Scholar 

  3. Cover, T., Thomas, J.: Elements of Information Theory. John Wiley, Chichester (1991)

    Book  MATH  Google Scholar 

  4. http://www.redherring.com/Home/19081

  5. Davis, A.B., Goyal, S.K.: Knowledge-based management of cellular clone fraud. In: Proceedings of IEEE PIMRC 1992, Boston, MA, USA (1992)

    Google Scholar 

  6. Enck, W., Traynor, P., McDaniel, P., Porta, T.L.: Exploiting open functionality in SMS-capable cellular networks. In: Proceedings of CCS 2005 (2005)

    Google Scholar 

  7. Fawcett, T., Provost, F.: Activity monitoring: noticing interesting changes in behavior. In: Proceedings of ACM KDD 1999 (1999)

    Google Scholar 

  8. Hu, G., Venugopal, D.: A malware signature extraction and detection method applied to mobile networks. In: Proceedings of IPCCC 2007 (April 2007)

    Google Scholar 

  9. Kim, H., Smith, J., Shin, K.G.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceedings of MobiSys (2008)

    Google Scholar 

  10. Lee, L.: Measures of distributional similarity. In: Proceedings of the 37th Annual Meeting of the ACL (1999)

    Google Scholar 

  11. Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings of IEEE S&P (2001)

    Google Scholar 

  12. Lin, Y., Chlamtac, I.: Wireless and Mobile Network Architectures. John Wiley & Sons, Inc., Chichester (2001)

    Google Scholar 

  13. Meng, X., Zerfos, P., Samanta, V., Wong, S.H.Y., Lu, S.: Analysis of the reliability of a nationwide short message service. In: Proceedings of INFOCOM 2007 (2007)

    Google Scholar 

  14. Noble, C.C., Cook, D.J.: Graph-based anomaly detection. In: KDD 2003: Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining (2003)

    Google Scholar 

  15. http://www.vnunet.com/vnunet/news/2163586/sms-phishing-attack-seen-wild

  16. http://www.kval.com/news/local/17945949.html

  17. http://www.mobilemarketer.com/cms/opinion/columns/1610.html

  18. http://www.textually.org/textually/archives/2007/12/018482.htm

  19. http://www.openmindnetworks.com/SMSSpoofing.asp

  20. Stolfo, S.J., Hershkop, S., Hu, C., Li, W., Nimeskern, O., Wang, K.: Behavior-based modeling and its application to email analysis. ACM Transactions on Internet Technology 6(2), 187–221 (2006)

    Article  Google Scholar 

  21. Sun, B., Yu, F., Wu, K., Xiao, Y., Leung, V.C.M.: Enhancing security using mobility-based anomaly detection in cellular mobile networks. IEEE Trans. on Vehicular Technology 55(3) (2006)

    Google Scholar 

  22. http://searchcio-midmarket.techtarget.com/tip/0,289483,sid183_gci1310706,00.html

  23. Taniguchi, M., Haft, M., Hollmn, J., Tresp, V.: Fraud detection in communications networks using neural and probabilistic methods. In: Proceedings of the 1998 IEEE International Conference in Acoustics, Speech and Signal Processing (1998)

    Google Scholar 

  24. Traynor, P., Enck, W., McDaniel, P., Porta, T.L.: Mitigating attacks on open functionality in SMS-capable cellular networks. In: Proceedings of MobiCom 2006 (2006)

    Google Scholar 

  25. Yan, G., Eidenbenz, S., Sun, B.: Mobi-watchdog: you can steal, but you can’t run! In: Proceedings of ACM WiSec 2009, Zurich, Switzerland (2009)

    Google Scholar 

  26. Yan, G., Xiao, Z., Eidenbenz, S.: Catching instant messaging worms with change-point detection techniques. In: LEET 2008: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, Berkeley, CA, USA (2008)

    Google Scholar 

  27. Zerfos, P., Meng, X., Samanta, V., Wong, S.H.Y., Lu, S.: A study of the short message service of a nationwide cellular carrier. In: Proceedings of IMC 2006 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Sciences (CCS-3), Los Alamos National Laboratory, USA

    Guanhua Yan, Stephan Eidenbenz & Emanuele Galli

Authors
  1. Guanhua Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephan Eidenbenz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emanuele Galli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia-Antipolis Cedex, France

    Engin Kirda  & Davide Balzarotti  & 

  2. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yan, G., Eidenbenz, S., Galli, E. (2009). SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04342-0_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04341-3

  • Online ISBN: 978-3-642-04342-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation