Modernizing Telecom Security ML Powered Approach

This content originally appeared on DEV Community and was authored by Eliana Lam

Daniel Clement @ AWS Hong Kong Community Day 2025

Recent Trends and Challenges

Increase in Online Transactions

* Rising reliance on phones for transactions in regions like West Africa, China, and Hong Kong

* Estimated annual online transactions to reach one trillion by 2027

Rise in Payment Scams

* 1.5 billion dollars lost to fraud as of 2023

* 47% of fraud involves transactions (online, physical, voice)

Industry Responses

* Implementation of anti-fraud systems

* Enhanced two-factor authentications

* Behavioral analytical checks

* Risk engines to track patterns

Limitations of Pattern-Based Protection

* Provides only a certain level of protection

* Need for more comprehensive security measures

Tokenization and Detokenization

* Encrypting requests to secure transactions

* Decrypting upon receipt to ensure secure delivery

* Current practice in many financial companies

Fraud Detection and Prevention Challenges

Security Intelligence Gaps

* Telecom industries struggle to keep up with new fraud attacks

* Constant emergence of new backdoors in security systems

Balancing Security and User Experience

* Challenge of securing systems while ensuring legitimate traffic is not blocked

* Concern about how to maintain security without hindering customer experience

Monitoring and Detection Limitations

* Traditional allow/deny rules are insufficient against modern threats

* New attacks often bypass rule-based systems

AWS Tools for Enhanced Identification

* Utilization of AWS tools to identify and mitigate new threats

Traditional vs. Modern Security Methods

Traditional Methods

* Allow or deny rules

* Two-step authentication

* Network VLANs with set IP addresses

Limitations of Traditional Methods

* Ineffective against advanced AI and machine learning-driven attacks

* Create more loopholes in the system

Evolution of Deceptive Vectors

Modern Attack Techniques

* Focus on voice-based scams

* Social engineering to deceive users into transactions they didn’t initiate

Need for AI and Machine Learning

* Addressing the worry and need for advanced solutions

* Solution to counteract contemporary fraud methods

Historic Flaws with Contemporary Delivery Methods

SS7 Protocol

* Used in 2G, 3G, and 4G networks

* Designed to prevent interception of communication

* Signaling System No. 7 (SS7) is a globally recognized set of telecommunication protocols that provides the signaling and control for most of the world's public switched telephone network (PSTN) calls. It uses a separate, dedicated network to exchange the control information needed to set up, manage, and release voice calls and enable advanced services like SMS and caller ID. 

* SS7 was designed in the 1970s and 1980s as a closed

* This lack of security makes it vulnerable to exploits, allowing malicious actors with access to an SS7 network to: 

* Track Location: Pinpoint a user's location anywhere in the world by querying location databases.

* Intercept Communications: Eavesdrop on calls and read SMS messages, including sensitive information like two-factor authentication (2FA) codes for online banking and other services.

* Facilitate Fraud: Reroute calls, perform SIM swap attacks, or conduct other fraudulent activities.

* Launch Denial of Service (DoS) Attacks: Overload signaling channels, causing network disruptions. 

* 4G and 5G networks primarily use the more secure Diameter protocol for signaling, SS7 is still widely used to support global roaming, interconnect with legacy 2G/3G networks, and deliver SMS messages.

Ongoing Threats

* Despite the buildup of 4G and 5G, 2G and 3G networks are still in use

* Hackers exploit SS7 protocol flaws to intercept communications

* Continuous threat due to the reliance on older network technologies in some regions

Benefits of Using AI in Telecom Security

AI as an Enabler

* Trains machines to detect deceptive conversations

* Identifies "scammy" language in conversations

* Differentiates between legitimate and fraudulent interactions

Continuous Learning

* AI adapts to new attacks with new solutions

* Ensures up-to-date protection against evolving threats

Economic Implications

* Prevents revenue leakage and company bankruptcy

* Maintains customer trust as a valuable asset

* Ensures secure systems to retain customer confidence and investment

Solution Overview

Integration with Existing Systems

* Addresses both cloud-based and on-premises legacy systems

* Minimizes latency for 5G-based technologies

* Ensures compatibility with older network technologies

Flow of the Solution

* \[ 1 \] Call Initiation

* Calls made via radio waves, satellites, or IP addresses

* \[ 2 \] Routing

* Calls routed to towers

* \[ 3 \] Conversion

* Calls converted at a media converter before translation into the secure environment

Suspicious Voice Detection

* Transcriber captures suspicious voices during calls

* Custom Keyword Check:

* Keywords like "give me your pin" or "we need your bank details" are flagged

* Ensures secure handling of sensitive information within conversations

Detailed Solution Workflow

Preloaded Keywords

* System is preloaded with keywords indicative of potential fraud (e.g., "give me your pin")

* These keywords are the first point of call for identifying suspicious conversations

AWS Comprehend

* Analyzes the tone, haste, and sentiment of the conversation

* Identifies scammy language and unusual conversational patterns

AWS SageMaker

* Utilizes custom models for partial, real-time model training

* During a phone call, the system identifies suspicious patterns and sends a fraud alert to the user

* Users can choose to end the call if fraud is detected

Event Bridge and Lambda Functions

* Event Bridge signifies custom fraud logic

* Lambda functions handle different detection scenarios (neutral, non-neutral, fraudulent)

* Triggers user notifications based on detection outcomes

Retraining Bucket

* Conversations not initially checked are saved in an S3 bucket for retraining

* Enables unsupervised learning, allowing the system to learn from past conversations

System Visibility and Compliance

* Artifacts for compliance

* CloudWatch for log monitoring

* GuardDuty for identifying model behavior changes and security injections

* AWS Crawler for static analysis of configurations (automatically scans and discovers data in various sources like Amazon S3, DynamoDB, and relational databases to populate the central AWS Glue Data Catalog)

* AWS Config for key management

* Managing Personally Identifiable Information (PII)

Data Sensitivity and Encryption

* Ensures data remains secure, either on the telecom side or within the cloud

* Full cloud implementation available, with options for telecom users to choose their preferred method

Demo and Implementation Details

* Simple demonstration showing ongoing conversations and identification of suspicious patterns

* Real-time fraud detection and user alerts

Recorded Conversations

* Demonstration includes various voice recordings

* Distinction between non-phishing and phishing voice recordings

Terraform for Deployment

* Utilization of Terraform for infrastructure deployment

* Sample code provided for Lambda function deployment

Lambda Function

* SNS topic triggered by events

* Keywords for detection: "to reset your PIN", "confirm your account", "last four digits", "confirm your account number"

* Suspicious margin set at 0.5; 0.85 indicates fraud

Mitigation Framework

Policy as Code with AI

* Importance of defining policy as code, incorporating AI

* AI assists in understanding and updating complex code beyond human capability

Structured Code Deployment

* Treat code deployment as peer review with a proper structure

* Attach security risk implementations and unit tests

* Ensure protection through continuous model behavioral monitoring with AWS GuardDuty

Natural Language Processing (NLP)

* Addition of NLP to identify patterns and sentiments in telecommunications and radio waves

* Enhance detection of fraudulent, neutral, or safe communications

Global Fraud Prevention

Real-Time Risk Management

* Focus on preventing fraud in real-time on a global scale

* Ensure secure systems through continuous monitoring and adaptation

Conclusion

* Emphasis on proactive fraud prevention rather than reactive measures

This content originally appeared on DEV Community and was authored by Eliana Lam