Short Message Service Fraud Mitigation Taxonomy: The Case of ethio telecom
No Thumbnail Available
Date
2018-11
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
AAU
Abstract
Telecommunication fraud is remaining challenging since the beginning of commercial
telecom service. There are various reasons that makes telecom fraud mitigation
inefficient. Some of them are; integration of new technologies without evaluating the
security hole, lack of knowledges on the fraud root causes, the changing behavior of
fraud and effective use of mitigation techniques. Short Message Service (SMS) is one of
the main and victim telecom services. A variety of technologies, services and actors are
involved on SMS ecosystem. This technology diversity makes the service vulnerable for
different type of messaging frauds.
In this study SMS fraud mitigation taxonomy is proposed to improve fraud mitigation
deployment method. The taxonomy is constructed from four main nodes namely
Technology (Which), Vulnerability (Where), Fraud (How) and Mitigation (What) as a
cause and effect way. These main nodes are also categorized in to three sub technological
layers which are network/protocol, service and actor. In addition to this classification the
mitigation techniques are characterized as technical and none technical.
The evaluation process is done first selecting 100,000 fraudulent short message records
from ethio telecom. Then taking appropriate mitigation techniques from Network
/protocol, Service and Actor layers. Finally, the selected records are examined by each
layer mitigation techniques based on the fraud scheme.
The layered evaluation result confirmed the proposed approach can mitigate 70% of the
fraud messages at network and protocol level, 57.2% at service level, and 84% at actor
level before any impact. So that overall efficiency of this taxonomy based layered
mitigation approach is recommended to use, instead of detecting the fraud after
impacting the service.
Description
Keywords
Taxonomy, SMS fraud, Mitigation techniques, Technology, Vulnerability