Detecting Telephone Subscribers with Abnormal Behaviour Through Network Properties Analysis
Abstract
Abstract. The use of telephone subscriber networks for fraud, sales of goods and services, and spam leads to annual financial losses of billions of dollars worldwide. The problem was studied back in 1996 and is still relevant today, despite many methods of counteraction and protection. Traditional methods, such as blocking lists and call frequency monitoring, are often ineffective against spammers who bypass these systems by changing their behaviour patterns. Objective. The purpose of the work is to study the use of subscriber network properties, such as clustering coefficients, centrality, and average shortest path length, as criteria for identifying subscribers with abnormal behaviour in a dynamic telephone network. Research methods. Modeling and numerical experiment. Results. The study shows that the global clustering coefficient is a sensitive measure for detecting the presence of spammers in the network. Its value decreases significantly when spammers appear. When classifying subscribers into normal and spammer using the Random Forest model, the most important properties are the local clustering coefficient, average shortest path length, degree and centrality of the subscriber in the network. According to the telephone network modeling data, it was found that with a measurement window size of 4 days, the classifier accuracy (F1 score) and the accuracy of detecting spammers (TPR) reached values of 80%. Conclusions. Using the network characteristics of subscribers has a positive effect on the accuracy of detecting subscribers with abnormal behaviour, but it takes time for spammers and normal subscribers to become distinguishable by network characteristics.
Downloads
References
/References
N. Davey, S. Field, R. Frank, P. Barson, and G. McAskey, “The detection of fraud in mobile phone networks”, Neural Network World, vol. 6, no. 4, pp. 477–484, 1996.
H. Li et al., “A Machine Learning Approach To Prevent Malicious Calls Over Telephony Networks”, in 2018 IEEE Symposium on Security and Privacy (SP), May 2018, pp. 53–69. DOI: 10.1109/SP.2018.00034. (Last accessed: 15.11.2024).
“FCC fines illegal robocalling company a record-breaking $300 MILLION after it made more than five billion calls to more than 500M phone numbers in a three-month span | Daily Mail Online.” Accessed: Aug. 16, 2024. URL: https://www.dailymail.co.uk/news/article-12371697/FCC-fines-illegal-robocalling-company-record-breaking-300-MILLION-five-billion-calls-500M-phone-numbers-three-month-span.html (Last accessed: 15.11.2024).
N. Jiang et al., “Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis”, in Proceedings of the 10th international conference on Mobile systems, applications, and services, Low Wood Bay Lake District UK: ACM, Jun. 2012, pp. 253–266. DOI: 10.1145/2307636.2307660. (Last accessed: 15.11.2024).
H. Tu, A. Doupe, Z. Zhao, and G.-J. Ahn, “SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam”, in 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA: IEEE, May 2016, pp. 320–338. DOI: 10.1109/SP.2016.27. (Last accessed: 15.11.2024).
P. Patankar, G. Nam, G. Kesidis, and C. R. Das, “Exploring Anti-Spam Models in Large Scale VoIP Systems”, in 28th IEEE International Conference on Distributed Computing Systems (ICDCS 2008), 17-20 June 2008, Beijing, China, IEEE Computer Society, 2008, pp. 85–92. DOI: 10.1109/ICDCS.2008.71. (Last accessed: 15.11.2024).
F. Wang, Y. Mo, and B. Huang, “P2P-AVS: P2P Based Cooperative VoIP Spam Filtering”, in Proceedings of the 2007 IEEE Wireless Communications and Networking Conference, USA: IEEE Computer Society, 2007, pp. 3547–3552. DOI: 10.1109/WCNC.2007.650. (Last accessed: 15.11.2024).
N. Jiang, Y. Jin, A. Skudlark, and Z.-L. Zhang, “Greystar: fast and accurate detection of SMS spam numbers in large cellular networks using grey phone space”, in Proceedings of the 22nd USENIX Conference on Security, in SEC’13. USA: USENIX Association, 2013, pp. 1–16. DOI: 10.5555/2534766.2534768. (Last accessed: 15.11.2024).
A. Leontjeva, M. Goldszmidt, Y. Xie, F. Yu, and M. Abadi, “Early security classification of skype users via machine learning”, in Proceedings of the 2013 ACM workshop on Artificial intelligence and security, Berlin Germany: ACM, Nov. 2013, pp. 35–44. DOI: 10.1145/2517312.2517322. (Last accessed: 15.11.2024).
Y. Rebahi, D. Sisalem, and T. Magedanz, “SIP Spam Detection”, in International Conference on Digital Telecommunications (ICDT’06), Cote d’Azur, France: IEEE, 2006, pp. 68–68. DOI: 10.1109/ICDT.2006.69. (Last accessed: 15.11.2024).
N. Miramirkhani, O. Starov, and N. Nikiforakis, “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams”, in Proceedings 2017 Network and Distributed System Security Symposium, San Diego, CA: Internet Society, 2017. DOI: 10.14722/ndss.2017.23163. (Last accessed: 15.11.2024).
S. Subudhi and S. Panigrahi, “Use of Possibilistic Fuzzy C-means Clustering for Telecom Fraud Detection”, in Computational Intelligence in Data Mining, vol. 556, H. S. Behera and D. P. Mohapatra, Eds., in Advances in Intelligent Systems and Computing, vol. 556. , Singapore: Springer Singapore, 2017, pp. 633–641. DOI: 10.1007/978-981-10-3874-7_60. (Last accessed: 15.11.2024).
S. Subudhi and S. Panigrahi, “Quarter-Sphere Support Vector Machine for Fraud Detection in Mobile Telecommunication Networks”, Procedia Computer Science, vol. 48, pp. 353–359, 2015, DOI: 10.1016/j.procs.2015.04.193. (Last accessed: 15.11.2024).
R. Zhang and A. Gurtov, “Collaborative Reputation-based Voice Spam Filtering”, in 2009 20th International Workshop on Database and Expert Systems Application, Linz, Austria: IEEE, 2009, pp. 33–37. DOI: 10.1109/DEXA.2009.95. (Last accessed: 15.11.2024).
D. Ucci, R. Perdisci, J. Lee, and M. Ahamad, “Building a Collaborative Phone Blacklisting System with Local Differential Privacy”, Jun. 16, 2020, arXiv: arXiv:2006.09287. URL: http://arxiv.org/abs/2006.09287 (Last accessed: 15.11.2024).
J. Daka and M. Nyirenda, “Smart Mobile Telecommunication Network Fraud Detection System Using Call Traffic Pattern Analysis and Artificial Neural Network”, vol. 12, pp. 43–50, Apr. 2023, DOI: 10.5923/j.ajis.20221202.01. (Last accessed: 15.11.2024).
Q. Zhao, K. Chen, T. Li, Y. Yang, and X. Wang, “Detecting telecommunication fraud by understanding the contents of a call”, Cybersecur, vol. 1, no. 1, p. 8, Dec. 2018, DOI: 10.1186/s42400-018-0008-5. (Last accessed: 15.11.2024).
Department of Computer Science and Engineering, Obafemi Awolowo University, Ile-Ife, Nigeria, B. O. Akinyemi, O. H. Odukoya, M. L. Sanni, G. Sewagnon, and G. A. Aderounmu, “Performance Evaluation of Machine Learning based Robocalls Detection Models in Telephony Networks” IJCNIS, vol. 14, no. 6, pp. 37–53, Dec. 2022, DOI: 10.5815/ijcnis.2022.06.04. (Last accessed: 15.11.2024).
M. Fire, G. Katz, and Y. Elovici, “Strangers intrusion detection-detecting spammers and fake profiles in social networks based on topology anomalies”, Human journal, vol. 1, no. 1, pp. 26–39, 2012.
C. Chaparro and W. Eberle, “Detecting Anomalies in Mobile Telecommunication Networks Using a Graph Based Approach”. URL: https://cdn.aaai.org/ocs/10377/10377-46053-1-PB.pdf. (Last accessed: 15.11.2024).
X. Hu, H. Chen, H. Chen, X. Li, J. Zhang, and S. Liu, “Mining Mobile Network Fraudsters with Augmented Graph Neural Networks”, Entropy, vol. 25, no. 1, p. 150, Jan. 2023, DOI: 10.3390/e25010150. (Last accessed: 15.11.2024).
S. Ji, J. Li, Q. Yuan, and J. Lu, “Multi-Range Gated Graph Neural Network for Telecommunication Fraud Detection”, in 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, United Kingdom: IEEE, Jul. 2020, pp. 1–6. DOI: 10.1109/IJCNN48605.2020.9207589. (Last accessed: 15.11.2024).
V. Danilevskiy and V. Yanovsky, “Statistical properties of telephone communication network”, arXiv preprint arXiv:2004.03172, 2020. (Last accessed: 15.11.2024).
S. Brin and L. Page, “The anatomy of a large-scale hypertextual Web search engine”, Computer Networks and ISDN Systems, vol. 30, no. 1, pp. 107–117, 1998, DOI: https://doi.org/10.1016/S0169-7552(98)00110-X. (Last accessed: 15.11.2024).
M. Newman, Networks, vol. 1. Oxford University Press, 2018. DOI: 10.1093/oso/9780198805090.001.0001. (Last accessed: 15.11.2024).
D. J. Watts and S. H. Strogatz, “Collective dynamics of ‘small-world’ networks”, Nature, vol. 393, no. 6684, pp. 440–442, Jun. 1998, DOI: 10.1038/30918. (Last accessed: 15.11.2024).
M. Danilevskyi, V. Yanovsky, and O. Matsiy, “Modeling and Analysis of a Dynamic Network of Telephone Subscribers Considering the Degree of Connectivity by Means of Contact Lists (Unpublished article)”, Bulletin of V.N. Karazin Kharkiv National University, series «Mathematical modeling. Information technology. Automated control systems».
C. Azarm, E. Acar, and M. van Zeelt, “On the Potential of Network-Based Features for Fraud Detection”, Feb. 19, 2024, arXiv: arXiv:2402.09495. URL: http://arxiv.org/abs/2402.09495 (Last accessed: 15.11.2024).
N. Davey, S. Field, R. Frank, P. Barson, and G. McAskey, “The detection of fraud in mobile phone networks”, Neural Network World, vol. 6, no. 4, pp. 477–484, 1996.
H. Li et al., “A Machine Learning Approach To Prevent Malicious Calls Over Telephony Networks”, in 2018 IEEE Symposium on Security and Privacy (SP), May 2018, pp. 53–69. DOI: 10.1109/SP.2018.00034. (Last accessed: 15.11.2024).
“FCC fines illegal robocalling company a record-breaking $300 MILLION after it made more than five billion calls to more than 500M phone numbers in a three-month span | Daily Mail Online.” Accessed: Aug. 16, 2024. URL: https://www.dailymail.co.uk/news/article-12371697/FCC-fines-illegal-robocalling-company-record-breaking-300-MILLION-five-billion-calls-500M-phone-numbers-three-month-span.html (Last accessed: 15.11.2024).
N. Jiang et al., “Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis”, in Proceedings of the 10th international conference on Mobile systems, applications, and services, Low Wood Bay Lake District UK: ACM, Jun. 2012, pp. 253–266. DOI: 10.1145/2307636.2307660. (Last accessed: 15.11.2024).
H. Tu, A. Doupe, Z. Zhao, and G.-J. Ahn, “SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam”, in 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA: IEEE, May 2016, pp. 320–338. DOI: 10.1109/SP.2016.27. (Last accessed: 15.11.2024).
P. Patankar, G. Nam, G. Kesidis, and C. R. Das, “Exploring Anti-Spam Models in Large Scale VoIP Systems”, in 28th IEEE International Conference on Distributed Computing Systems (ICDCS 2008), 17-20 June 2008, Beijing, China, IEEE Computer Society, 2008, pp. 85–92. DOI: 10.1109/ICDCS.2008.71. (Last accessed: 15.11.2024).
F. Wang, Y. Mo, and B. Huang, “P2P-AVS: P2P Based Cooperative VoIP Spam Filtering”, in Proceedings of the 2007 IEEE Wireless Communications and Networking Conference, USA: IEEE Computer Society, 2007, pp. 3547–3552. DOI: 10.1109/WCNC.2007.650. (Last accessed: 15.11.2024).
N. Jiang, Y. Jin, A. Skudlark, and Z.-L. Zhang, “Greystar: fast and accurate detection of SMS spam numbers in large cellular networks using grey phone space”, in Proceedings of the 22nd USENIX Conference on Security, in SEC’13. USA: USENIX Association, 2013, pp. 1–16. DOI: 10.5555/2534766.2534768. (Last accessed: 15.11.2024).
A. Leontjeva, M. Goldszmidt, Y. Xie, F. Yu, and M. Abadi, “Early security classification of skype users via machine learning”, in Proceedings of the 2013 ACM workshop on Artificial intelligence and security, Berlin Germany: ACM, Nov. 2013, pp. 35–44. DOI: 10.1145/2517312.2517322. (Last accessed: 15.11.2024).
Y. Rebahi, D. Sisalem, and T. Magedanz, “SIP Spam Detection”, in International Conference on Digital Telecommunications (ICDT’06), Cote d’Azur, France: IEEE, 2006, pp. 68–68. DOI: 10.1109/ICDT.2006.69. (Last accessed: 15.11.2024).
N. Miramirkhani, O. Starov, and N. Nikiforakis, “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams”, in Proceedings 2017 Network and Distributed System Security Symposium, San Diego, CA: Internet Society, 2017. DOI: 10.14722/ndss.2017.23163. (Last accessed: 15.11.2024).
S. Subudhi and S. Panigrahi, “Use of Possibilistic Fuzzy C-means Clustering for Telecom Fraud Detection”, in Computational Intelligence in Data Mining, vol. 556, H. S. Behera and D. P. Mohapatra, Eds., in Advances in Intelligent Systems and Computing, vol. 556. , Singapore: Springer Singapore, 2017, pp. 633–641. DOI: 10.1007/978-981-10-3874-7_60. (Last accessed: 15.11.2024).
S. Subudhi and S. Panigrahi, “Quarter-Sphere Support Vector Machine for Fraud Detection in Mobile Telecommunication Networks”, Procedia Computer Science, vol. 48, pp. 353–359, 2015, DOI: 10.1016/j.procs.2015.04.193. (Last accessed: 15.11.2024).
R. Zhang and A. Gurtov, “Collaborative Reputation-based Voice Spam Filtering”, in 2009 20th International Workshop on Database and Expert Systems Application, Linz, Austria: IEEE, 2009, pp. 33–37. DOI: 10.1109/DEXA.2009.95. (Last accessed: 15.11.2024).
D. Ucci, R. Perdisci, J. Lee, and M. Ahamad, “Building a Collaborative Phone Blacklisting System with Local Differential Privacy”, Jun. 16, 2020, arXiv: arXiv:2006.09287. URL: http://arxiv.org/abs/2006.09287 (Last accessed: 15.11.2024).
J. Daka and M. Nyirenda, “Smart Mobile Telecommunication Network Fraud Detection System Using Call Traffic Pattern Analysis and Artificial Neural Network”, vol. 12, pp. 43–50, Apr. 2023, DOI: 10.5923/j.ajis.20221202.01. (Last accessed: 15.11.2024).
Q. Zhao, K. Chen, T. Li, Y. Yang, and X. Wang, “Detecting telecommunication fraud by understanding the contents of a call”, Cybersecur, vol. 1, no. 1, p. 8, Dec. 2018, DOI: 10.1186/s42400-018-0008-5. (Last accessed: 15.11.2024).
Department of Computer Science and Engineering, Obafemi Awolowo University, Ile-Ife, Nigeria, B. O. Akinyemi, O. H. Odukoya, M. L. Sanni, G. Sewagnon, and G. A. Aderounmu, “Performance Evaluation of Machine Learning based Robocalls Detection Models in Telephony Networks” IJCNIS, vol. 14, no. 6, pp. 37–53, Dec. 2022, DOI: 10.5815/ijcnis.2022.06.04. (Last accessed: 15.11.2024).
M. Fire, G. Katz, and Y. Elovici, “Strangers intrusion detection-detecting spammers and fake profiles in social networks based on topology anomalies”, Human journal, vol. 1, no. 1, pp. 26–39, 2012.
C. Chaparro and W. Eberle, “Detecting Anomalies in Mobile Telecommunication Networks Using a Graph Based Approach”. URL: https://cdn.aaai.org/ocs/10377/10377-46053-1-PB.pdf. (Last accessed: 15.11.2024).
X. Hu, H. Chen, H. Chen, X. Li, J. Zhang, and S. Liu, “Mining Mobile Network Fraudsters with Augmented Graph Neural Networks”, Entropy, vol. 25, no. 1, p. 150, Jan. 2023, DOI: 10.3390/e25010150. (Last accessed: 15.11.2024).
S. Ji, J. Li, Q. Yuan, and J. Lu, “Multi-Range Gated Graph Neural Network for Telecommunication Fraud Detection”, in 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, United Kingdom: IEEE, Jul. 2020, pp. 1–6. DOI: 10.1109/IJCNN48605.2020.9207589. (Last accessed: 15.11.2024).
V. Danilevskiy and V. Yanovsky, “Statistical properties of telephone communication network”, arXiv preprint arXiv:2004.03172, 2020. (Last accessed: 15.11.2024).
S. Brin and L. Page, “The anatomy of a large-scale hypertextual Web search engine”, Computer Networks and ISDN Systems, vol. 30, no. 1, pp. 107–117, 1998, DOI: https://doi.org/10.1016/S0169-7552(98)00110-X. (Last accessed: 15.11.2024).
M. Newman, Networks, vol. 1. Oxford University Press, 2018. DOI: 10.1093/oso/9780198805090.001.0001. (Last accessed: 15.11.2024).
D. J. Watts and S. H. Strogatz, “Collective dynamics of ‘small-world’ networks”, Nature, vol. 393, no. 6684, pp. 440–442, Jun. 1998, DOI: 10.1038/30918. (Last accessed: 15.11.2024).
M. Danilevskyi, V. Yanovsky, and O. Matsiy, “Modeling and Analysis of a Dynamic Network of Telephone Subscribers Considering the Degree of Connectivity by Means of Contact Lists (Unpublished article)”, Bulletin of V.N. Karazin Kharkiv National University, series «Mathematical modeling. Information technology. Automated control systems».
C. Azarm, E. Acar, and M. van Zeelt, “On the Potential of Network-Based Features for Fraud Detection”, Feb. 19, 2024, arXiv: arXiv:2402.09495. URL: http://arxiv.org/abs/2402.09495 (Last accessed: 15.11.2024).
