Anomaly detection in cellular Machine-to-Machine communications

Communication networks are rapidly evolving with connectivity reaching far beyond cell-phones, computers and tablets. Novel applications are emerging based on the widespread presence of network-enabled sensors and actuators. Machine-to-Machine (M2M) devices such as power meters, medical sensors and asset tracking appliances provide a new dimension to telecommunication services. The majority of these novel systems require low bandwidth and base their communications and control protocols on the Short Messaging Service (SMS). SMS-based attacks pose a serious threat to M2M devices and the servers/users communicating with them. Researchers have demonstrated how to remotely control embedded devices and leverage them for malicious message floods. These attacks can potentially be masked by the massive amounts of legitimate text messages traveling the airwaves daily and providing data connectivity to these connected M2M appliances. In this paper we propose two algorithms for detecting anomalous SMS activities and attacks on aggregate, cluster and individual device levels. Once these algorithms detect an anomaly they automatically determine the cause of the anomaly. Effectiveness of the algorithms has been demonstrated on real life SMS communication traffic of M2M devices connected to the network of one of the main tier-1 providers in the US.