Abstract
This paper presents an efficient on-line anomaly detection algorithm that can effectively identify a group of especially harmful internal attackers - masqueraders in cellular mobile networks. Our scheme is derived from a well-developed data compression technique. We use cell IDs traversed by a user as the feature value. Based on this, the mobility pattern of a user is characterized by a high order Markov model. Ziv-Lempel data compression algorithms are utilized to parse the data and store relevant statistical information in a mobility trie. Moreover, the technique of Exponentially Weighted Moving Average (EWMA) is used to efficiently update the mobility trie in order to modify the user's normal profile constantly. In this way, an up-to-date normal profile is maintained. The proposed normal profile can characterize the normal behavior of each user accurately and is sensitive to abnormal changes. A threshold scheme is then used to determine whether the mobile device is potentially compromised or not. Simulation results demonstrate that our proposed detection algorithm can achieve good performance in terms of false alarm rate and detection rate for users having regular itineraries.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.