Abstract
Malformed messages in different protocols pose a serious threat because they are used to remotely launch malicious activity. Furthermore, they are capable of crashing servers and end points, sometimes with a single message. Recently, it was shown that a malformed SMS can crash a mobile phone or gain unfettered access to it. In spite of this, little research has been done to protect mobile phones against malformed SMS messages. In this paper, we propose an SMS malformed message detection framework that extracts novel syntactical features from SMS messages at the access layer of a smart phone. Our framework operates in four steps: (1) it analyzes the syntax of the SMS protocol, (2) extracts syntactical features from SMS messages and represents them in a suffix tree, (3) uses well-known feature selection schemes to remove the redundancy in the features’ set, and (4) uses standard distance measures to raise the final alarm. The benefit of our framework is that it is lightweight-requiring less processing and memory resources-and provides a high detection rate and small false alarm rate. We evaluated our system on a real-world SMS dataset consisting of more than 5000 benign and malformed SMS messages. The results of our experiments demonstrated that our framework achieves a detection rate of more than 99% with a false alarm rate of less than 0.005%. Last, but not least, its processing and memory requirements are relatively small; as a result, it can be easily deployed on resource-constrained smart phones or mobile devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bocan, V.: Developments in DOS research and mitigating technologies. Periodica Politehnica, Transactions on Automatic Control and Computer Science 49, 63 (2004)
Engel, T.: Remote Short Message Service (SMS) Denial of Service - Curse Of Silence (2008), http://berlin.ccc.de/tobias/cursesms.txt
Mulliner, C., et al.: Fuzzing the Phone in your Phone. In: Briefings of the Black Hat, Las Vegas, USA, Black Hat (2009)
Mulliner, C., et al.: Injecting SMS Messages into Smart Phones for Security Analysis. In: Proc. of the 3rd USENIX WOOT 2009, Montreal, Canada (2009)
Roesch, M.: Snort-lightweight intrusion detection for networks. In: Proc. of the 13th USENIX Conference on System Administration, Seattle, Washington, pp. 229–238 (1999)
Rieck, K., Wahl, S., Laskov, P., Domschitz, P., Müller, K.-R.: A self-learning system for detection of anomalous SIP messages. In: Schulzrinne, H., State, R., Niccolini, S. (eds.) IPTComm 2008. LNCS, vol. 5310, pp. 90–106. Springer, Heidelberg (2008)
Abdelnur, H.J., et al.: KiF: a stateful SIP fuzzer. In: Proc. IPTComm 2007, pp. 47–56. ACM, New York (2007)
Düssel, P., Gehl, C., Laskov, P., Rieck, K.: Incorporation of application layer protocol syntax into anomaly detection. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 188–202. Springer, Heidelberg (2008)
Cheng, J., et al.: Smartsiren: virus detection and alert for smartphones. In: Proc. of the 5th International Conference on Mobile Systems, Applications and Services, pp. 258–271. ACM, New York (2007)
GSM-ETSI: 03.40. Technical realization of the Short Message Service (SMS) (1998)
Amini, P.: Sulley, Pure Python fully automated and unattended fuzzing framework
Ukkonen, E.: On-line construction of suffix trees. Algorithmica 14(3), 249–260 (1995)
Yang, Y., et al.: A comparative study on feature selection in text categorization. In: Proc. of International Conference on Machine Learning, pp. 412–420. Morgan Kaufmann Publishers Inc., Nashville (1997)
Moh’d, A., Mesleh, A.: Chi Square Feature Extraction Based Svms Arabic Language Text Categorization System. Journal of Computer Science 3(6), 430–435 (2007)
Gao, D., Reiter, M.K., Song, D.: Behavioral distance measurement using hidden markov models. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 19–40. Springer, Heidelberg (2006)
Rieck, K., et al.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology 2(4), 243–256 (2007)
Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)
Cover, T., et al.: Elements of information theory. John Wiley & Sons Inc., Chichester (2006)
Fawcett, T.: ROC graphs: Notes and practical considerations for researchers. Machine Learning 31 (2004)
Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks: The International Journal of Computer and Telecommunications Networking 31, 2435–2463 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rafique, M.Z., Khan, M.K., Alghathbar, K., Farooq, M. (2011). A Framework for Detecting Malformed SMS Attack. In: Park, J.J., Lopez, J., Yeo, SS., Shon, T., Taniar, D. (eds) Secure and Trust Computing, Data Management and Applications. STA 2011. Communications in Computer and Information Science, vol 186. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22339-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-22339-6_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22338-9
Online ISBN: 978-3-642-22339-6
eBook Packages: Computer ScienceComputer Science (R0)