A Framework for Detecting Malformed SMS Attack

Malformed messages in different protocols pose a serious threat because they are used to remotely launch malicious activity. Furthermore, they are capable of crashing servers and end points, sometimes with a single message. Recently, it was shown that a malformed SMS can crash a mobile phone or gain unfettered access to it. In spite of this, little research has been done to protect mobile phones against malformed SMS messages. In this paper, we propose an SMS malformed message detection framework that extracts novel syntactical features from SMS messages at the access layer of a smart phone. Our framework operates in four steps: (1) it analyzes the syntax of the SMS protocol, (2) extracts syntactical features from SMS messages and represents them in a suffix tree, (3) uses well-known feature selection schemes to remove the redundancy in the features’ set, and (4) uses standard distance measures to raise the final alarm. The benefit of our framework is that it is lightweight-requiring less processing and memory resources-and provides a high detection rate and small false alarm rate. We evaluated our system on a real-world SMS dataset consisting of more than 5000 benign and malformed SMS messages. The results of our experiments demonstrated that our framework achieves a detection rate of more than 99% with a false alarm rate of less than 0.005%. Last, but not least, its processing and memory requirements are relatively small; as a result, it can be easily deployed on resource-constrained smart phones or mobile devices.