Jianhong Lin,Yangang Nie,Feng Mao,Peng Wang,Chunming Wu

2023-01-01

Abstract:In mobile communication, private user information such as phone numbers are likely to be stole by attackers. By exploiting this information, attackers can make malicious harassment calls to bring troubles to mobile customers, leading to significant impacts on the society. In this paper, we construct a temporal filtering method to address this problem. This method analyzes the 24-h behaviors of phone numbers. According to the analysis results, it uses neural networks to simulate the behaviors of malicious calls and that of various normal calls, including express delivery, takeaway delivery and so on. With such a model, it accurately identifies malicious calls. Our experiments indicate that compared to existing methods, our approach significantly improves the accuracy and coverage respectively.

Qing Yang,Xiaoliang Wang,Jing Zheng,Wenqi Ge,Ming Bai,Frank Jiang

DOI: https://doi.org/10.3837/tiis.2021.06.014

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

Jianhong Lin,Tianyu Chen,Peng Wang,Chunming Wu

DOI: https://doi.org/10.1109/imcec55388.2022.10019885

2022-01-01

Abstract:With the rapid development of 5G technology, the number of telecom network users is exploding, which brings great pressure to the governance of the whole network. Voice spam, such as fraud, harassment and other illegal voice calls, not only occupy communication resources, but also disturb people's daily life and social order. In light of this, considering different scenario elements, this paper proposes a governance framework that considers time, location and user attributes simultaneously to identify and intercept voice spam. Specifically, we firstly use decision tree algorithm to recognize and classify voice spam in telecom network. Then, based on the frequent itemset theory, the malicious phone IDs are further analyzed and revealed. The telephone numbers are divided into white list, grey list, personal blacklist and group blacklist. Through simulation analysis and practical application in Zhengzhou area, the framework proposed can accurately detect voice spam and timely remind users of potential risks, providing users with secure voice services.

Jianhong Lin,Peng Wang,Chunming Wu

DOI: https://doi.org/10.20532/cit.2022.1005459

2022-01-01

Abstract:With the development of economic globalization and modern information and communication technology, the situation of communication fraud is becoming more and more serious. How to identify fraudulent calls accurately and effectively has become an urgent task in current telecommunications operations. Affected by the sample set and the current state of the art, the current machine learning methods used to identify the imbalanced distribution dataset of positive and negative samples have low recognition accuracy. Therefore, in this paper, we propose a new hybrid model solution that uses feature construction, feature selection and imbalanced classes handling. A stacking model fusion algorithm composed of a two-layer stacking framework with several state-of-the-art machine learning classifiers is adopted. The results show that the risk user identification model based on mobile network communication behavior established by our stacking model fusion algorithm can accurately predict the category labels of telecom users and improve the risk of telecom users. The generalization performance of the identification is high, which provides a certain reference for the telecommunications industry to identify risk users based on mobile network communication behaviors.

Qianqian Zhao,Kai Chen,Tongxin Li,Yi Yang,XiaoFeng Wang

DOI: https://doi.org/10.1186/s42400-018-0008-5

2018-08-31

Abstract:Telecommunication fraud has continuously been causing severe financial loss to telecommunication customers in China for several years. Traditional approaches to detect telecommunication frauds usually rely on constructing a blacklist of fraud telephone numbers. However, attackers can simply evade such detection by changing their numbers, which is very easy to achieve through VoIP (Voice over IP). To solve this problem, we detect telecommunication frauds from the contents of a call instead of simply through the caller’s telephone number. Particularly, we collect descriptions of telecommunication fraud from news reports and social media. We use machine learning algorithms to analyze data and to select the high-quality descriptions from the data collected previously to construct datasets. Then we leverage natural language processing to extract features from the textual data. After that, we build rules to identify similar contents within the same call for further telecommunication fraud detection. To achieve online detection of telecommunication frauds, we develop an Android application which can be installed on a customer’s smartphone. When an incoming fraud call is answered, the application can dynamically analyze the contents of the call in order to identify frauds. Our results show that we can protect customers effectively.

computer science, information systems, interdisciplinary applications, software engineering

Yuhong Li,Dongmei Hou,Aimin Pan,Zhiguo Gong

DOI: https://doi.org/10.1145/3132847.3132848

2017-01-01

Abstract:Malicious phone call is a plague, in which unscrupulous salesmen or criminals make to acquire money illegally from the victims. As a result, there has been broad interest in deveploing systems to make the end-users vigilant when receiving such phone calls. Typically, these systems justify the phone numbers either by the crowd-generated blacklist or exploiting the features via machine learning techniques. However, the former is frail due to the rare and lazy crowd, while the later suffers from the scarcity of effective features. In this work, we propose a solution named DeMalC to address those problems by applying the machine learning algorithmm on a novel set of discriminative features. These features consist of properties and behaviors that are powerful enough to characterize phone numbers from different perspectives. We extensively evaluated our solution, i.e., DeMalC, using massive call detail records. The experimental result shows the effectiveness of our extracted features. Capable of achieving 91.86% overall accuracy and 79.34% F1-score on the detection of malicious phone numbers, the DeMalC has been deployed online and demonstrated to be a competitive solution for detecting malicious calls.

Yang Yang,Yuhong Xu,Yizhou Sun,Yuxiao Dong,Fei Wu,Yueting Zhuang

DOI: https://doi.org/10.1109/tkde.2019.2924431

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:The rapid development of modern communication technologies—in particular, (mobile) phone communications—has largely facilitated human social interactions and information exchange. However, the emergence of telemarketing frauds can significantly dissipate individual fortune and social wealth, resulting in a potential slow down or damage to economics. In this work, we propose to spot telemarketing frauds, with an emphasis on unveiling the "precise fraud" phenomenon and the strategies that are used by fraudsters to precisely select targets. To study this problem, we employ a one-month complete dataset of telecommunication metadata in Shanghai with 54 million users and 698 million call logs. Through our study, we find that user's information might have been seriously leaked, and fraudsters have a preference over the target user's age and activity in mobile network. We further propose a novel semi-supervised learning framework to distinguish fraudsters from non-fraudsters. Experimental results on a real-world data show that our approach outperforms several state-of-the-art algorithms in accuracy of detecting fraudsters (e.g., $+0.278$<math>+0.278</math> in terms of F1 on average). We believe that our study can potentially inform policymaking for government and mobile service providers.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Zenghua Xia,Chang Liu,Neil Zhenqiang Gong,Qi Li,Yong Cui,Dawn Song

DOI: https://doi.org/10.1145/3292500.3330702

2019-01-01

Abstract:Malicious accounts are one of the biggest threats to the security and privacy of online social networks (OSNs). In this work, we study a new type of OSN, called privacy-centric mobile social network (PC-MSN), such as KakaoTalk and LINE, which has attracted billions of users recently. The design of PC-MSN is inspired to protect their users' privacy from strangers: (1) a stranger is not easy to send a friend request to a user who does not want to make friends with strangers; and (2) strangers cannot view a user's post. Such a design mitigates the security issue of malicious accounts. At the same time, it also brings the battleground between attackers and defenders to an earlier stage, i.e., making friendship, than the one studied in previous works. Also, previous defense proposals mostly rely on certain assumptions on the attacker, which may not be robust in the new PC-MSNs. As a result, previous malicious accounts detection approaches are less effective on a PC-MSN. To mitigate this issue, we study the patterns in friend requests to distinguish malicious accounts, and perform a systematic study over 1 million labeled data from WLink, a real PC-MSN with billions of users, to confirm our hypothesis. Based on the results, we propose dozens of new features and leverage machine learning to detect malicious accounts. We evaluate our method and compare it with existing methods, and the results show that our method achieves a precision of 99.5% and a recall of 98.4%, which significantly outperform previous state-of-the-art methods. Importantly, we qualitatively analyze the robustness of the designed features, and our evaluation shows that using only robust features can achieve the same level of performance as using all features. WLink has deployed our detection method. Our method can detect 0.59 million malicious accounts daily, which is 6 times higher than the previous deployment on WLink, with a precision of over 90%.

Zitong Shen,Kangzhong Wang,Youqian Zhang,Grace Ngai,Eugene Y. Fu

2024-10-17

Abstract:Phone scams pose a significant threat to individuals and communities, causing substantial financial losses and emotional distress. Despite ongoing efforts to combat these scams, scammers continue to adapt and refine their tactics, making it imperative to explore innovative countermeasures. This research explores the potential of large language models (LLMs) to provide detection of fraudulent phone calls. By analyzing the conversational dynamics between scammers and victims, LLM-based detectors can identify potential scams as they occur, offering immediate protection to users. While such approaches demonstrate promising results, we also acknowledge the challenges of biased datasets, relatively low recall, and hallucinations that must be addressed for further advancement in this field

Cryptography and Security,Artificial Intelligence,Computers and Society

Dahai Yao,Hailong Sun,Xudong Liu

DOI: https://doi.org/10.1145/2875913.2875941

2015-01-01

Abstract:Android is undoubtedly becoming the most popular smartphone platform. The popularity of Android, unfortunately, has also made the devices become the target of malware. Most of existing malicious mobile apps feature stealthy operations such as collecting user privacy, sending premium SMS messages and making unauthorized http connections with no legal notice to the affected user. However, transmission of sensitive data cannot indicate malicious behavior because some benign applications also need sensitive data to improve the user experience. Existing malware detection approaches focus on static or dynamic analysis without crowd user contributions. In this paper, we propose a novel technique which combining crowd contributions with machine learning to detect malicious mobile apps. We model privacy transmission as user-determined and undetermined with the help of real user decisions based on crowdsourcing. We apply static analysis to extract application basic information such as permissions and suspicious API calls. Then we use dynamic instrumentation technique to trace real API calls at runtime and collect the crowd user decisions to the prompted sensitive data transmission. Finally, we employ several different learning-based algorithms, such as SVM, Bayesian Network, Decision Tree and KNN to detect malicious apps. Experiments with 100 real application samples show that our system was capable of detecting malicious mobile apps: our system can detect 85% to 97% of the malware with low false positive rate.

Dare Azeez Oyeyemi,Adebola K. Ojo

DOI: https://doi.org/10.9734/JAMCS/2023/v38i101832

2024-06-04

Abstract:In the modern era, mobile phones have become ubiquitous, and Short Message Service (SMS) has grown to become a multi-million-dollar service due to the widespread adoption of mobile devices and the millions of people who use SMS daily. However, SMS spam has also become a pervasive problem that endangers users' privacy and security through phishing and fraud. Despite numerous spam filtering techniques, there is still a need for a more effective solution to address this problem [1]. This research addresses the pervasive issue of SMS spam, which poses threats to users' privacy and security. Despite existing spam filtering techniques, the high false-positive rate persists as a challenge. The study introduces a novel approach utilizing Natural Language Processing (NLP) and machine learning models, particularly BERT (Bidirectional Encoder Representations from Transformers), for SMS spam detection and classification. Data preprocessing techniques, such as stop word removal and tokenization, are applied, along with feature extraction using BERT. Machine learning models, including SVM, Logistic Regression, Naive Bayes, Gradient Boosting, and Random Forest, are integrated with BERT for differentiating spam from ham messages. Evaluation results revealed that the Naïve Bayes classifier + BERT model achieves the highest accuracy at 97.31% with the fastest execution time of 0.3 seconds on the test dataset. This approach demonstrates a notable enhancement in spam detection efficiency and a low false-positive rate. The developed model presents a valuable solution to combat SMS spam, ensuring faster and more accurate detection. This model not only safeguards users' privacy but also assists network providers in effectively identifying and blocking SMS spam messages.

Computation and Language,Artificial Intelligence,Machine Learning

Rui Li,Yongzheng Zhang,Yupeng Tuo,Peng Chang

DOI: https://doi.org/10.1109/icise.2018.00016

2018-05-01

Abstract:Telecom fraud has been a worldwide problem with substantial annual revenue losses for many subscribers and service provider companies. To achieve effective and inexpensive detection for telecom fraud users, we propose an effective and applicable fraud user detection method based on user&#x27;s Call Detail Record (CDR). The proposed method consists of two modules, namely machine learning module and template detection module. In the machine learning module, a Support Vector Machine (SVM) algorithm based on supervised learning is used to classify users using summary characteristics. In the template detection module, a Finite State Machine (FSM) based on fraud user&#x27;s behavior is used to filter suspicious users, which generated in the machine learning module. After the two modules, fraud users can be detected. We implement our approach and evaluate it on a real-world dataset. The experiments show that the method can achieve high detection accuracy of 93.56%, which demonstrate that the proposed method has more excellent performance in comparison with the state-of-the-art approaches.

Aidong Xu,Lin Chen,Xiaoyun Kuang,Huahui Lv,Hang Yang,Yixin Jiang,Bo Li

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00021

2020-01-01

Abstract:In recent years, malicious programs seriously threaten the security of information system. Because of its particularity, complexity and vulnerability, power information system is difficult to detect and kill by traditional anti-virus software. To solve the above problems, this paper proposes a malicious behavior detection method based on deep learning, which can identify malicious programs and attack types according to the activities of malicious programs and malicious software behaviors. In this paper, a hybrid deep learning structure based on convolutional neural network (CNN) and long-and-short term memory (LSTM) network is proposed. The call sequence of API is combined with other statistical features. The vector information obtained is input into LSTM unit through convolution, and the classification results are obtained through the above model. Compared with the existing methods, this method significantly improves the preparation rate and execution efficiency.

Zengwen Yuan,Yuanjie Li,Chunyi Peng,Songwu Lu,Haotian Deng,Zhaowei Tan,Taqi Raza

DOI: https://doi.org/10.1109/ICCCN.2018.8487371

2018-01-01

Abstract:In this paper, we present our recent work in progress on 4G mobile network analysis. In order to provide an in-depth study on the closed network operations, we advocate a novel approach via two-level, device-centric machine learning that can open up the system behaviors and facilitate fine-grained analysis . We describe our proposed approach, and use the latency analysis on two popular mobile apps (Web browsing and Instant Messaging) to illustrate how our scheme works. We further preliminary results and discuss the open issues.

Guojun Chu,Jingyu Wang,Qi Qi,Haifeng Sun,Shimin Tao,Hao Yang,Jianxin Liao,Zhu Han

DOI: https://doi.org/10.1109/tdsc.2022.3228797

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Fraud detection in telecom network is a crucial problem that threatens users&#x27; privacy and property security. In recent years, fraudsters adopt more advanced camouflage strategies to avoid being detected by traditional algorithms. To deal with these new types of fraud, it is necessary to analyze the integrated spatial-temporal features, which are rarely involved in existing literature. In this paper, we propose a novel fraud detection model based on the intertwined spatial-temporal patterns of user behaviors. Specifically, we first introduce the extension of statistical and interactive features to dynamic call patterns, and build a probabilistic model to simulate users&#x27; call behaviors. Then the sequential patterns reflecting users&#x27; own behaviors are obtained by the mixture Hidden Markov Models, and the structural patterns reflecting the collaboration between users in the telecom network are obtained by the attention-based Graph-SAGE model. Finally, our model outputs a fraud score for each user to detect potential fraudsters. We conduct extensive experiments on a real-world telecom dataset. The experimental results demonstrate that our intertwined spatial-temporal call patterns can effectively represent user behavior and improve the accuracy of fraud detection compared with state-of-the-art methods. The results also validate the efficiency and the interpretability of our model.

computer science, information systems, software engineering, hardware & architecture

Daniele Ucci,Roberto Perdisci,Jaewoo Lee,Mustaque Ahamad

DOI: https://doi.org/10.1145/3427228.3427239

2020-06-17

Abstract:Spam phone calls have been rapidly growing from nuisance to an increasingly effective scam delivery tool. To counter this increasingly successful attack vector, a number of commercial smartphone apps that promise to block spam phone calls have appeared on app stores, and are now used by hundreds of thousands or even millions of users. However, following a business model similar to some online social network services, these apps often collect call records or other potentially sensitive information from users' phones with little or no formal privacy guarantees. In this paper, we study whether it is possible to build a practical collaborative phone blacklisting system that makes use of local differential privacy (LDP) mechanisms to provide clear privacy guarantees. We analyze the challenges and trade-offs related to using LDP, evaluate our LDP-based system on real-world user-reported call records collected by the FTC, and show that it is possible to learn a phone blacklist using a reasonable overall privacy budget and at the same time preserve users' privacy while maintaining utility for the learned blacklist.

Cryptography and Security

Weijun Zhu,Joel J. P. C. Rodrigues,Jianwei Niu,Qinglei Zhou,Yafei Li,Mingliang Xu,Bohu Huang

DOI: https://doi.org/10.1016/j.cogsys.2018.10.018

IF: 4.541

2019-01-01

Cognitive Systems Research

Abstract:A GSMem malware can attack a computer connected physically with no network. However, none of the existing techniques can detect GSMem attacks, up to now. To address this problem, this paper puts forward a new method based on Machine Learning (ML), including Logistic Regression (LR), Random Forest (RF), Support Vector Machine (SVM), Boosted Tree (BT), Back-Propagation Neural Networks (BPNN) and Naive Bayes Classifier (NBC). At first, we use a large quantity of data in terms of frequencies and amplitudes of some electromagnetic waves to train our models. And then, we use the obtained models to predict that whether a GSMem attack occurs or not, according to a given frequency and amplitude. In a word, the GSMem intrusion detection problem is induced to a ML binary classification one, while the former problem is pending and the latter one has been solved. As a result, the former problem can be solved in principle in this way. The simulated experiments show that the new method is potential to detect a GSMem attack, with low False Positive Rates (FPR) and low False Negative Rates (FNR).

Xingrui Wang

DOI: https://doi.org/10.18282/jnt.v2i2.1103

2020-08-25

Journal of Networking and Telecommunications

Abstract:With the rapid development of smart phones and communication technology, the frequency of communication between the public and society through telecommunication equipment is increasing. At the same time, some lawless elements often cheat the public through telecommunication equipment, which brings irreparable economic losses to the society and the masses to a certain extent. In view of the above problems, this article takes the source of telecommunication fraud as the breakthrough point, analyzes the existing telecommunication fraud processing technology and points out its shortcomings, and then proposes a method of telephone fraud analysis based on big data technology. This technology fills the defects of the existing telecommunication interception technology and provides a new idea for effectively avoiding telecommunication fraud in the future.

English Else

Hongbing Yan,Yan Xiong,Wenchao Huang,Jianmeng Huang,Zhaoyi Meng

DOI: https://doi.org/10.1109/BIGCOM.2018.00023

2018-01-01

Abstract:Android devices have increased rapidly in recent years. Because sensitive data of users can bring huge profits, there are so many malicious Android applications (apps) which aim at users' sensitive data in Android markets. Malicious apps may collect sensitive data of users, such as phone number, location, contact information, and send them to advertisers or attackers. To prevent malicious apps from stealing user information, a simple solution is not to grant corresponding permissions to apps. But if we don't give corresponding permissions, the apps may exit directly. This affect the normal use of apps. In order to solve the above problems, we design a system which uses machine-learning technology to detect malicious behaviours. Our system is based on the observation that apps in the same category usually use sensitive data in the same or similar way. The system implements automatic detection of malicious behaviours. The true positive rate of our system can be over 90% and the false positive rate can be below 8%.

T. Anitha,S. Aanjankumar,S. Poonkuntran,Anand Nayyar

DOI: https://doi.org/10.1007/s00521-023-08818-0

2023-07-20

Neural Computing and Applications

Abstract:This paper aims to propose a new technique for identifying and categorizing malevolent Internet traffic within the context of security for smart devices. Given the rising usage of smart devices, including mobile phones, wearables, smart transportation-based devices, and the Internet of Things, concerns regarding their security are increasing. The need to develop effective security measures arises from the potential for attackers to compromise user data. In this study, we introduce an innovative approach that combines deep learning techniques, specifically convolutional neural networks (CNN), with long short-term memory (LSTM) for the purpose of detecting and categorizing malevolent Internet traffic. The objective of the proposed technique is to address the challenges related to time estimation by focusing on level prediction, resulting in a substantial reduction in prediction time for the identification of malevolent traffic. We utilize bidirectional long short-term memory–CNN (BI-LSTM–CNN) to identify malevolent communication and provide support for voice input. Experimental outcomes illustrate the effectiveness of our proposed technique in terms of precision, accuracy, F1 factor, false acceptance rate (FAR), false positive rate (FPR), and detection rate. In comparison with existing methods for detecting malevolent traffic, our approach achieves a 99.62% traffic detection rate, 99.98% accuracy, and 0.01% FAR, whereas the accuracy, detection rate of malevolent traffic, and FAR of existing methods are 99.88%, 97.32%, and 4.31%, respectively. These outcomes emphasize the superior performance and analysis of our technique, rendering it a valuable contribution to the realm of smart device security. In summary, this paper proposes a novel BI-LSTM–CNN technique for detecting malevolent traffic in smart devices. The proposed methodology tackles time estimation challenges and exhibits superior performance when compared to existing techniques.

computer science, artificial intelligence