We are moving quickly towards a world where any device can connect to the Internet.
But there are plenty of opportunities for fraud.
The IoT Fraud Challenge
The rapidly growing IoT market is allowing CSP’s to secure steady cash flow with minimal added network infrastructure costs. But this expansion has exposed the telecommunication service providers to new fraud threats.
Embedded SIMs if left unattended for long periods, are susceptible to possible tampering. The large number of terminals makes them prone to DoS attacks, or being used to launch such attacks.
How do we solve this problem?
XINTEC’s iGenuity Fraud Management solution mitigates these risks. The solution has two modules: IoT Known Behaviour module and IoT Unknown Behaviour module. Both these modules are built on XINTEC’s industry proven analytics core and can instantly provide security against IoT threats.
IoT Known Behaviour Module
IoT devices often exhibit specific behaviours. These behaviours are encoded into profiles that encapsulate inter-device relationships, location, movement, and activity characteristics of the service.
XINTEC monitor devices against these profiles to ensure they behave according to expectations. Any abnormal behaviour associated with a device or group(s) of devices will trigger alarms.
How do we solve this problem?
An e-Bike fleet accept financial transactions and report their location every few minutes over a data connection. They operate within a limited area and only expect to achieve a reasonable maximum speed of 50km/h, for example. The embedded SIMs are fixed to a single e-Bike (meaning there is no change of the IMEI value) and communicate only with the operations support platform. The characteristics of the e-Bike fleet are encoded into a XINTEC profile.
The XINTEC platform monitors the activity of the bikes, raising alarms, e.g.:
• E-bike traveling above reasonable speed threshold indicating it may be carried in another vehicle
• E-Bike movement without associated financial transaction
• E-Bike failed to report location
• Data communication to unsupported APN
• Inappropriate use of communication service
IoT Unknown Behaviour Module
The second module learns from the behaviour of IMSI groups offering the same service. This module identifies anomalies in IMSI behaviour relative to its peers or anomalies of a group relative to other groups offering the same service.
The module uses advanced clustering algorithms. The module identifies outliers and cluster evolution. Outliers identify
individually compromised devices; monitoring cluster evolution helps identify mass compromises and quality issues.or being used to launch such attacks.
IoT Unknown Behaviour Module Example
The vehicles of a delivery fleet management service will exhibit groups of similar behaviour. According to the vehicle size, type, and base location the vehicles fall into clusters.
Each cluster might exhibit similar distance covered, number and length of stops, operating hours, etc. When an individual vehicle deviates from its cluster behaviour, perhaps it is rerouting to take on illicit cargo, taking more or longer stops, and adding distance.
This behaviour may be detected simply be monitoring deviations from individual normal behaviour, but clusters can identify when multiple drivers collude in these illicit operations as new clusters will evolve.