Elements of information theory
Elements of information theory
Activity monitoring: noticing interesting changes in behavior
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Wireless and Mobile Network Architectures
Wireless and Mobile Network Architectures
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Measures of distributional similarity
ACL '99 Proceedings of the 37th annual meeting of the Association for Computational Linguistics on Computational Linguistics
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Mitigating attacks on open functionality in SMS-capable cellular networks
Proceedings of the 12th annual international conference on Mobile computing and networking
A study of the short message service of a nationwide cellular network
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Detecting energy-greedy anomalies and mobile malware variants
Proceedings of the 6th international conference on Mobile systems, applications, and services
Catching instant messaging worms with change-point detection techniques
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Mobi-watchdog: you can steal, but you can't run!
Proceedings of the second ACM conference on Wireless network security
ACM Computing Surveys (CSUR)
Design of SMS commanded-and-controlled and P2P-structured mobile botnets
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Learning mobile security with android security labware
Proceeding of the 44th ACM technical symposium on Computer science education
| Hi-index | 0.00 |
With more than one trillion mobile messages delivered worldwide every year, SMS has been a lucrative playground for various attacks and frauds such as spamming, phishing and spoofing. These SMS-based attacks pose serious security threats to both mobile users and cellular network operators, such as information stealing, overcharging, battery exhaustion, and network congestion. Against the backdrop that approaches to protecting SMS security are lagging behind, we propose a lightweight scheme called SMS-Watchdog that can detect anomalous SMS behaviors with high accuracy. Our key contributions are summarized as follows: (1) After analyzing an SMS trace collected within a five-month period, we conclude that for the majority of SMS users, there are window-based regularities regarding whom she sends messages to and how frequently she sends messages to each recipient. (2) With these regularities, we accordingly propose four detection schemes that build normal social behavior profiles for each SMS user and then use them to detect SMS anomalies in an online and streaming fashion. Each of these schemes stores only a few states (typically, at most 12 states) in memory for each SMS user, thereby imposing very low overhead for online anomaly detection. (3) We evaluate these four schemes and also two hybrid approaches with realistic SMS traces. The results show that the hybrid approaches can detect more than 92% of SMS-based attacks with false alarm rate 8.5%, or about two thirds of the attacks without any false alarm, depending on their parameter settings.