Enhancing security using mobility-based anomaly detection in cellular mobile networks

TitleEnhancing security using mobility-based anomaly detection in cellular mobile networks
Publication TypeJournal Article
Year of Publication2006
AuthorsSun, B., F. Yu, K. Wu, Y. Xiao, and V. C. M. Leung
JournalVehicular Technology, IEEE Transactions on
Volume55
Pagination1385 -1396
Date Publishedjul.
ISSN0018-9545
Keywordscellular mobile networks, cellular radio, data compression, data compression techniques, Lempel-Ziv-based detection, Markov processes, Markov-based detection schemes, matrix algebra, mobility-based anomaly detection, online anomaly detection schemes, probability transition matrix, telecommunication security
Abstract

Location information is an important feature in users' profiles in cellular mobile networks. In this paper, by exploiting the location history traversed by a mobile user, two domain-independent online anomaly detection schemes are designed, namely the Lempel-Ziv (LZ)-based and Markov-based detection schemes. The authors focus on the identification of a group of especially harmful internal attackers-masqueraders. For both schemes, cell IDs traversed by each mobile user are extracted as the feature value. Specifically, the mobility pattern of each user is characterized by a high-order Markov model. The LZ-based detection scheme from the well-developed data compression techniques is derived. Moreover, the technique of exponentially weighted moving average is used to modify a user's normal profile dynamically. The user profile can characterize the normal behavior of each user accurately and is sensitive to abnormal changes. For the Markov-based detection scheme, a fixed-order Markov model is used to characterize the normal behavior. Based on the constructed probability transition matrix, the probability of the user's current activity is calculated. A threshold policy is then used in both schemes to determine whether a mobile device is potentially compromised or not. Simulation results are presented to show the effectiveness of the proposed schemes. Moreover, our results show that the LZ-based detection scheme performs better than the Markov-based detection scheme, especially for low-speed mobile users

URLhttp://dx.doi.org/10.1109/TVT.2006.874579
DOI10.1109/TVT.2006.874579

a place of mind, The University of British Columbia

Electrical and Computer Engineering
2332 Main Mall
Vancouver, BC Canada V6T 1Z4
Tel +1.604.822.2872
Fax +1.604.822.5949
Email:

Emergency Procedures | Accessibility | Contact UBC | © Copyright 2020 The University of British Columbia