Svyazcom.SMS Firewall with Artificial Intelligence module: a new level of security

27 November 2020

Svayzcom is preparing to release a new version of the platform "Svyazcom.SMS Firewall", supplemented with an artificial intelligence module. It is developed by a team of mathematical scientists, using the full range of the latest technologies and scientific achievements. What is the mysterious "black box" that takes SMS traffic analysis to a whole new level, leaving competitive solutions far behind?

Artificial intelligence (AI) is a broad concept that covers various aspects of scientific and technical activity. AI includes both scientific theories and specific technological practices for creating programs that are close to human intelligence.

Machine learning (ML) is one of the AI sections. This is a separate class of algorithms, mathematical models that can "learn", i.e., change their parameters depending on the incoming data quality. The task of machine learning is to calculate the model parameters that will provide the highest accuracy of the problem solution. One of the most well-known ML methods is the neural network. But it is by no means the only one: our developers try different algorithms, testing the effectiveness of each one on a test set of data, and then choose the best option. Understanding the reasons for getting a particular result clearly, analysts can influence the algorithms’ work consciously. Thus, the AI module is rather a "transparent" box than a "black" one.

To identify fraudulent schemes, the method of topic modeling and text vectorisation is used. The approach is based on a matrix of semantic relationships between words and an estimate of the distance between the classified message vector and the model vector. The closer the two vectors are, the more likely the message is spam. When analyzing ordinary correspondence between people, all models show a far distance between vectors (see example 1).

If messages have a high similarity with a large number of different recipients without stable connections between them, this group is marked as spam with the sender at the main vertex of the graph (see example 2). The measure of text similarity within a graph is a number between 0 and 1. The closer the similarity value is to 0, the more diverse the texts are (the spam hypothesis is not confirmed). The closer the value is to 1, the more likely that message is a spam one.

Example 1.
A communication between 28 people, 19 of whom communicated actively, and 9 received text messages only. All topics are different, with a small degree of similarity (0.0756).

Example 2.
A mailing list for 209 numbers. The message similarity within the selected group is 0.99.

The key issue for an effective AI module operation is high-quality data for training. Errors or carelessness in preparing the training sample data will result in poor model quality. The maximum variety of message content options and a large number of messages from different senders of both legal and spam traffic will translate into high recognition accuracy.

It is important to note that the subscribers’ personal data used for training is hashed, but all relationships within the dialogs are preserved. After installing the platform in the operator's network, the access to confidential information is closed for everyone. The AI module can work without constant external control, keeping subscriber data inaccessible for developers and platform operators.

A system without an AI module filters traffic using regular expressions prepared by platform operators. In some cases, when spam traffic is detected, it is difficult to create a clear filter rule. However, the problem of selecting a regular expression can be solved using ML. The text analysis of the training spam message sample will result in unique messages marked as spam. All messages that are similar to them will also be classified as spam later, depending on the degree of similarity.

The AI module is also effective when detecting "gray" routes for sending messages that affect the operator's profit, for example, so-called SIM farms, using a large number of conventional SIM cards to send commercial A2P messages. Since the content of such messages is most often correct, and the senders’ numbers were not previously "highlighted", the standard selection of regular expressions may not help in detecting all the incidents. If you use text analysis only, you can block a lot of ordinary messages, for example, in which a user sends a code from an app to another. A combination of behavioral and topic analysis will be the most effective.

The AI module, which is trained on legal traffic, will do the following:

  • Based on behavioral analysis, it will determine whether the traffic is a mass mailing or a normal human communication.
  • It will detect matches in the transmitted messages content with what should go through the SMPP channel.

The AI module allows configuring traffic analysis flexibly. By default, all checks are performed in real time. However, the traffic can also be analyzed during the lowest network load hours (for example, at night the traffic over the past day is analyzed). Also, depending on the customer's needs, the AI module can respond to events in different ways: create new blocking rules independently or notify the operator of suspicious activities.

A human cannot compete with a machine in the speed of processing large amounts of information. Until recently, it seemed possible to solve the problem of detecting illegal traffic only with the help of dozens of analysts. Now, thanks to the AI module, traffic analysis is performed automatically, allowing the platform operators to respond to security threats to the signal network quickly, saving time and human resources.

The advantages of the system with the AI module are obvious:

  • The Telecom operators' analysts work at a qualitatively new level: the system selects suspicious traffic and reports it automatically.
  • "Gray" traffic is quickly converted to legal status, which increases the operator's profit.
  • The history of behavior dynamics and changes in the topic spectrum provides an opportunity for developing the system's intellectual functionality.

Svyazcom works continuously to improve the quality of its products, using the best achievements of modern science. The updated platform "Svyazcom.SMS Firewall" with the added AI module will be, without exaggeration, one of the most powerful means of protecting the operator's internal network. It will be available both for new customers and for those who enjoy our products already and are considering an update.