Behavioural Profiling In Mobile Networks

Abstract

In the last 20 years mobile devices gained an important role in daily life and became must have items for everyone. As mobile devices give us the much needed flexibility and mobility, they also represent one major concern; security. As the information is transmitted from node to node via radio frequencies, an imposter can gain access into a mobile network without the need to gain physical access to firewalls and gateways. Also, as they are light and small, mobile devices are easily lost and often used without any PIN or password protection enabled. Hence, it is not difficult for someone even without any technical knowledge to gain access to such devices if they have been left behind or stolen. As traditional intrusion detection systems are not very effective against this kind of attack, there is a need of a different approach that can assist in the identification of a potential imposter. This thesis begins by assessing the security needs of the mobile devices, and establishes the perceived inadequacy of existing safeguards in this respect. Therefore this research considers using Behaviour-Based Mobile Intrusion Detection System (BeMIDS) that aims to assist the identification of anomalous user activity. This in return presents the two main characteristics needed to classify a legitimate user inside a mobile network: first with whom, when and what type of connection is established and then at where the mobile device is left open. After this the research proposes a novel approach that investigates the application of three machine learning algorithms to profile user behaviour in mobile networks.

In BeMIDS, historical user profiles are created and then compared with the real-time ones in order to detect unusual activity in mobile networks. If a user’s behaviour changes, this results in alerting the system as an anomalous activity. Specific examples of behaviours that BeMIDS appears to be particularly sensitive to include duration (of calls and of connection with cell towers), time of day (calls are made and cell towers are connected), and frequency of caller usage. In order to classify a legitimate user over a mobile network the thesis then validates this approach by implementing C4.5, RIPPER and SOM algorithms over MIT’s Reality Mining Dataset. The results support the proposed architecture and present accuracy rate as high as 96% for call logs and 94% for tower logs under training conditions.