Professional Documents
Culture Documents
White Paper
Issued by:
Abstract
The problem of SMS Spam and fraud is growing fast and is starting to jeopardize mobile messaging, a very lucrative market for wireless network operators. This fact is emphasized by different publications; some state SMS Spam is one of the biggest threats to the revenue potential of messaging services. This White Paper describes several fraud and spamming cases and what can be done against them.
May 2004
Page 2 of 18
Table of Contents
ABSTRACT ..............................................................................................................................2 TABLE OF CONTENTS ...........................................................................................................3 INTRODUCTION......................................................................................................................4 Motivation........................................................................................................................4 The Technology behind SMS..........................................................................................5 THE THREE CASES................................................................................................................6 SMS Spamming/Flooding Case ......................................................................................6
Impact on the network operator .......................................................................................... 6 How to avoid it..................................................................................................................... 7
About NexusNETVIEW Signaling Surveillance System................................................14 ABBREVIATIONS ..................................................................................................................16 ABOUT NEXUS TELECOM ...................................................................................................17
May 2004
Page 3 of 18
Introduction
Motivation
Network operators have a high interest in avoiding SMS Spam. Not only does SMS Spam by nature generate high traffic, potential flooding network elements or the whole network, but end-users are rather helpless in controlling the SMS Spam problem. Unlike e-mail, "spammed" end-users cannot take any counter-measures against the increasing number of unwanted SMS. Thus it is up to the network operator to help block unsolicited SMS. And if the operator cannot do so he has to expect churn. Another closely related issue to SMS Spam is SMS fraud, which has a direct impact on the revenue stream of the network operator.
May 2004
Page 4 of 18
May 2004
Page 5 of 18
May 2004
Page 6 of 18
SMS Flooding can temporarily overload parts of the wireless network and hinder delivery of other SMS. In rare cases, it can block other network components and cause outages.
How to avoid it
SMS Flooding can be detected by supervising SMS traffic and checking by source, and in rarer cases by destination, to determine it is above an expected level. If this is so, then the source address should be blocked. Another clear identification of SMS Spam and Flooding is the fact that the high load of traffic is generated by SMS with the same content. Therefore it is recommended to check not only for abnormal traffic profiles from a certain source or destination, but also for repetitive content.
May 2004
Page 7 of 18
How to avoid it
The first defense line is at the SS7 carrier, which should screen all direct SS7 links to determine that SCCP addresses match the connected operators. If the SCCP address does not match, the message is fake and has to be deleted. The second defense line is at the operator of the PLMN B. It can detect: Transaction address mismatch "Unusual" originating SCCP addresses Unknown IMSI messages ("unknown subscriber") Unexpected high number of messages from an often unknown source, possibly with the same content.
If this is the case then the source address should be blocked. The third defense line is at the operator of the PLMN A, which should match the SMS sent and the TCAP responses from the VLR. If there is a clear mismatch, it is known that somebody is misusing his identity, although the operator cannot influence the delivery of the faked SMS as it occurs.
May 2004
Page 9 of 18
May 2004
Page 10 of 18
How to avoid it
The MSISDN number should be checked to determine that it is a real one and the VLR location should be checked with entry in the HLR. If one or both are identified as wrong, the message should not be sent. For an independent monitoring system, SMS Spoofing is a typical fraud case. It checks for high usage MSISDN and creates an alarm if the usage is above a certain limit.
May 2004
Page 11 of 18
Solution Description
SMS Spam and Fraud Detection Application
The NexusNETVIEW Signaling Surveillance System meets all major technical and operational requirements in PSTN and GSM networks. Its Fraud Detection application is used to detect fraudulent behavior of end-users. It is designed for a very high numbers of calls. This is a solid base for the SMS Spam and Fraud Detection application, because this type of fraud requires the highest performance.
For Blocking SMS Spam & Fraud, the NexusNETVIEW monitors two points in the wireless network: International MAP gateway MAP interface
May 2004
Page 12 of 18
NexusNETVIEW detects different SMS SPAM and Fraud patterns and generates an on-line alarm to let the network act accordingly.
If detected, NexusNETVIEW generates an alarm with the information about the source address that should be blocked.
May 2004
Page 13 of 18
Performance and QoS Reporting according to ITU-T Q.752/E.422 for NMC and the quality department: o o o o o o Performance measurements for network planning and quality reporting On-line network health and status surveillance Threshold alarm management Alarm management via Q3 or SNMP interface (optional) Call tracing Protocol analysis
Destination and origin-oriented on-line traffic management Fraud detection Inter-carrier accounting Welcome SMS
Major strengths of the NexusNETVIEW Signaling Surveillance System: Highly scaleable, modular system architecture built up with standard system hardware and software components, standard networking interfaces and protocols. Ready for extended applications such as performance and QoS reporting according to the recommendations of the Telecommunication Management Forum. Compact high-performance probes with mass storage for up to 30 days full rollback on all raw data of the entire SS7 signaling traffic and call detail records (up to 60 days CDR storage optional).
May 2004
Page 14 of 18
X.700 Manager/Agent model for maximum performance over LAN/WAN and for X.733 alarm management via the optional Q3 alarm interface. SNMP integrations are also supported. Ready for future applications such as VoIP QoS testing, connectionless traffic accounting and billing, UMTS support and configuration management.
May 2004
Page 15 of 18
Abbreviations
BSS CDR GERAN GPRS GSM HLR IGP IMSI IP LAN MAP MSC/VLR MSIDN MSU NMC OSS PLMN PSTN QoS SCCP SMS SMS-C SNMP SS7 STP TCAP TCP/IP UMTS VoIP WAN Base Station Subsystem Call Data Record GSM EDGE Radio Access Network General Packet Radio Service Global System for Mobile Communication Home Location Register Interior Gateway Protocol International Mobile Subscriber Identity Internet Protocol Local Area Network Mobile Application Part Mobile Switching Center / Visitor Location Register Mobile Subscriber ISDN Number Message Signaling Unit Network Management Center Operations Support System Public Land Mobile Network Public Switched Telecom Network Quality of Service Signaling Connection Control Part Short Message Service SMS Center Simple Network Management Protocol Signaling System Number 7 Signaling Transfer Point Transaction Capability Application Part Transmission Control Protocol / Internet Protocol Universal Mobile Telecommunications System Voice over IP Wide Area Network
May 2004
Page 16 of 18
highly scalable and modular E2E solutions from Nexus Telecom maximize the service provider's competitive edge through excellent
ROI, quick and smooth launch of new services, and greatly increased end-customer satisfaction. Nexus Telecom is certified according to the ISO 9001 Quality and Management Standards.
May 2004
Page 17 of 18
Nexus Telecom AG, CH-8048 Zurich, Switzerland This document and all the information contained herein is subject to change without notice and should not be construed as a commitment by Nexus Telecom. Although we believe the contents of this document to be accurate, Nexus Telecom assumes no responsibility for any errors that may occur in this document.
Nexus Telecom, and all Nexus Logos are trademarks of Nexus Telecom AG. All other trademarks are acknowledged and are the property of their respective owners.
sales@nexustelecom.com help@nexustelecom.com
americas@nexustelecom.com support@nexustelecom.com
support@nexustelecom.com Switzerland