Visual Analytics for Enhancing Supervised Attack Attribution in Mobile Networks

Researchers have recently uncovered numerous anomalies that affect 3G/4G networks, caused either by hardware failures, or by Denial of Service (DoS) attacks against core network components. Detection and attribution of these anomalies are of major importance for the mobile operators. In this respect, this paper presents a lightweight application, which aims at analyzing signalling activity in the mobile network. The proposed approach combines the advantages of anomaly detection and visualization, in order to efficiently enable the analyst to detect and to attribute anomalies. Specifically, an outlier based anomaly detection technique is applied onto hourly statistics of multiple traffic variables, collected from one HLR (Home Location Register). The calculated anomaly scores are afterwards visualized utilizing stacked graphs, in order to allow the analyst to have an overview of the signaling activity and detect time windows of significant change in their behavior. Afterwards, the analyst can perform root cause analysis of suspicious time periods, utilizing graph representations, which illustrate the high level topology of the mobile network and the cumulative signaling activity of each network component. Experimental demonstration on synthetically generated anomalies illustrates the efficiency of the proposed approach.