Enhancing Mobile Banking Service Availability Using Machine Learning
No Thumbnail Available
Date
2018-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
One of the main obstacles for adoption of mobile banking is that of security concern.
This concern is becoming a reality in the case of mobile core inter-node protocol,
Signaling System number 7 (SS7). SS7 was developed with the assumption of trusted
network within and among operators. With growing number of value-added service
providers and roaming partners connecting to operators, the trusted network is no
longer a closed network. Attackers continue to exploit vulnerabilities of SS7 network to
conduct attacks that compromise confidentiality, integrity and availability of mobile
banking users and mobile network operators. In Ethiopia, Short Message Service (SMS)
and Unstructured Supplementary Service Data (USSD) are mainly used for mobile
banking. These services are both vulnerable to availability attacks.
This thesis is an effort to detect SMS availability attacks on Mobile Application Part
(MAP) layer of SS7. To mitigate these attacks, machine learning techniques using real
SMS traffic data from ethio telecom is used for adaptive detection of abnormal SMS. A
novel approach of using aggregation of Message Origination (MO) error codes is proposed
for class feature extraction. A combination of expert judgments, literature reviews and
information gain are used for optimal feature selection. As a result, it is recommended
to use origination, destination, and mobile switching center address and write time as
optimal features. To solve the problem of attack message detection, PART, Random
Forest and J48 algorithms are compared. It is found that J48 has a superior performance
with an accuracy of 98.6465% and model build time of 3.71 seconds.
Description
Keywords
Mobile Banking, SS7, DoS, DDoS, Availability, Machine Learning, SMS, USSD