TY - GEN
T1 - Understanding SMS spam in a large cellular network
T2 - 16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013
AU - Jiang, Nan
AU - Jin, Yu
AU - Skudlark, Ann
AU - Zhang, Zhi Li
PY - 2013/12/2
Y1 - 2013/12/2
N2 - In this paper, using a year (June 2011 to May 2012) of user reported SMS spam messages together with SMS network records collected from a large US based cellular carrier, we carry out a comprehensive study of SMS spamming. Our analysis shows various characteristics of SMS spamming activities, such as spamming rates, victim selection strategies and spatial clustering of spam numbers. Our analysis also reveals that spam numbers with similar content exhibit strong similarity in terms of their sending patterns, tenure, devices and geolocations. Using the insights we have learned from our analysis, we propose several novel spam defense solutions. For example, we devise a novel algorithm for detecting related spam numbers. The algorithm incorporates user spam reports and identifies additional (unreported) spam number candidates which exhibit similar sending patterns at the same network location of the reported spam number during the nearby time period. The algorithm yields a high accuracy of 99.4% on real network data. Moreover, 72% of these spam numbers are detected at least 10 hours before user reports.
AB - In this paper, using a year (June 2011 to May 2012) of user reported SMS spam messages together with SMS network records collected from a large US based cellular carrier, we carry out a comprehensive study of SMS spamming. Our analysis shows various characteristics of SMS spamming activities, such as spamming rates, victim selection strategies and spatial clustering of spam numbers. Our analysis also reveals that spam numbers with similar content exhibit strong similarity in terms of their sending patterns, tenure, devices and geolocations. Using the insights we have learned from our analysis, we propose several novel spam defense solutions. For example, we devise a novel algorithm for detecting related spam numbers. The algorithm incorporates user spam reports and identifies additional (unreported) spam number candidates which exhibit similar sending patterns at the same network location of the reported spam number during the nearby time period. The algorithm yields a high accuracy of 99.4% on real network data. Moreover, 72% of these spam numbers are detected at least 10 hours before user reports.
UR - http://www.scopus.com/inward/record.url?scp=84888313482&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84888313482&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-41284-4_17
DO - 10.1007/978-3-642-41284-4_17
M3 - Conference contribution
AN - SCOPUS:84888313482
SN - 9783642412837
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 328
EP - 347
BT - Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings
Y2 - 23 October 2013 through 25 October 2013
ER -