AWS Community Day Hong Kong 2025 Recap

Modernizing Telecom Security: ML Powered Approach

Recap Series

Recent Trends and Challenges

Increase in Online Transactions

  • Rising reliance on phones for transactions in regions like West Africa, China, and Hong Kong
  • Estimated annual online transactions to reach one trillion by 2027

Rise in Payment Scams

  • 1.5 billion dollars lost to fraud as of 2023
  • 47% of fraud involves transactions (online, physical, voice)

Industry Responses

  • Implementation of anti-fraud systems
  • Enhanced two-factor authentications
  • Behavioral analytical checks
  • Risk engines to track patterns

Limitations of Pattern-Based Protection

  • Provides only a certain level of protection
  • Need for more comprehensive security measures

Tokenization and Detokenization

  • Encrypting requests to secure transactions
  • Decrypting upon receipt to ensure secure delivery
  • Current practice in many financial companies

Fraud Detection and Prevention Challenges

Security Intelligence Gaps

  • Telecom industries struggle to keep up with new fraud attacks
  • Constant emergence of new backdoors in security systems

Balancing Security and User Experience

  • Challenge of securing systems while ensuring legitimate traffic is not blocked
  • Concern about how to maintain security without hindering customer experience

Monitoring and Detection Limitations

  • Traditional allow/deny rules are insufficient against modern threats
  • New attacks often bypass rule-based systems

AWS Tools for Enhanced Identification

  • Utilization of AWS tools to identify and mitigate new threats

Traditional vs. Modern Security Methods

Traditional Methods

  • Allow or deny rules
  • Two-step authentication
  • Network VLANs with set IP addresses

Limitations of Traditional Methods

  • Ineffective against advanced AI and machine learning-driven attacks
  • Create more loopholes in the system

Evolution of Deceptive Vectors

Modern Attack Techniques

  • Focus on voice-based scams
  • Social engineering to deceive users into transactions they didn’t initiate

Need for AI and Machine Learning

  • Addressing the worry and need for advanced solutions
  • Solution to counteract contemporary fraud methods

Historic Flaws with Contemporary Delivery Methods

SS7 Protocol

  • Used in 2G, 3G, and 4G networks
  • Designed to prevent interception of communication
  • Signaling System No. 7 (SS7) is a globally recognized set of telecommunication protocols that provides the signaling and control for most of the world's public switched telephone network (PSTN) calls. It uses a separate, dedicated network to exchange the control information needed to set up, manage, and release voice calls and enable advanced services like SMS and caller ID.
  • SS7 was designed in the 1970s and 1980s as a closed
  • This lack of security makes it vulnerable to exploits, allowing malicious actors with access to an SS7 network to:
  • Track Location: Pinpoint a user's location anywhere in the world by querying location databases.
  • Intercept Communications: Eavesdrop on calls and read SMS messages, including sensitive information like two-factor authentication (2FA) codes for online banking and other services.
  • Facilitate Fraud: Reroute calls, perform SIM swap attacks, or conduct other fraudulent activities.
  • Launch Denial of Service (DoS) Attacks: Overload signaling channels, causing network disruptions.
  • 4G and 5G networks primarily use the more secure Diameter protocol for signaling, SS7 is still widely used to support global roaming, interconnect with legacy 2G/3G networks, and deliver SMS messages.

Ongoing Threats

  • Despite the buildup of 4G and 5G, 2G and 3G networks are still in use
  • Hackers exploit SS7 protocol flaws to intercept communications
  • Continuous threat due to the reliance on older network technologies in some regions

Benefits of Using AI in Telecom Security

AI as an Enabler

  • Trains machines to detect deceptive conversations
  • Identifies "scammy" language in conversations
  • Differentiates between legitimate and fraudulent interactions

Continuous Learning

  • AI adapts to new attacks with new solutions
  • Ensures up-to-date protection against evolving threats

Economic Implications

  • Prevents revenue leakage and company bankruptcy
  • Maintains customer trust as a valuable asset
  • Ensures secure systems to retain customer confidence and investment

Solution Overview

Integration with Existing Systems

  • Addresses both cloud-based and on-premises legacy systems
  • Minimizes latency for 5G-based technologies
  • Ensures compatibility with older network technologies

Flow of the Solution

  • [ 1 ] Call Initiation
  • Calls made via radio waves, satellites, or IP addresses
  • [ 2 ] Routing
  • Calls routed to towers
  • [ 3 ] Conversion
  • Calls converted at a media converter before translation into the secure environment

Suspicious Voice Detection

  • Transcriber captures suspicious voices during calls
  • Custom Keyword Check:
  • Keywords like "give me your pin" or "we need your bank details" are flagged
  • Ensures secure handling of sensitive information within conversations

Detailed Solution Workflow

Preloaded Keywords

  • System is preloaded with keywords indicative of potential fraud (e.g., "give me your pin")
  • These keywords are the first point of call for identifying suspicious conversations

AWS Comprehend

  • Analyzes the tone, haste, and sentiment of the conversation
  • Identifies scammy language and unusual conversational patterns

AWS SageMaker

  • Utilizes custom models for partial, real-time model training
  • During a phone call, the system identifies suspicious patterns and sends a fraud alert to the user
  • Users can choose to end the call if fraud is detected

Event Bridge and Lambda Functions

  • Event Bridge signifies custom fraud logic
  • Lambda functions handle different detection scenarios (neutral, non-neutral, fraudulent)
  • Triggers user notifications based on detection outcomes

Retraining Bucket

  • Conversations not initially checked are saved in an S3 bucket for retraining
  • Enables unsupervised learning, allowing the system to learn from past conversations

System Visibility and Compliance

  • Artifacts for compliance
  • CloudWatch for log monitoring
  • GuardDuty for identifying model behavior changes and security injections
  • AWS Crawler for static analysis of configurations (automatically scans and discovers data in various sources like Amazon S3, DynamoDB, and relational databases to populate the central AWS Glue Data Catalog)
  • AWS Config for key management
  • Managing Personally Identifiable Information (PII)

Data Sensitivity and Encryption

  • Ensures data remains secure, either on the telecom side or within the cloud
  • Full cloud implementation available, with options for telecom users to choose their preferred method

Demo and Implementation Details

  • Simple demonstration showing ongoing conversations and identification of suspicious patterns
  • Real-time fraud detection and user alerts

Recorded Conversations

  • Demonstration includes various voice recordings
  • Distinction between non-phishing and phishing voice recordings

Terraform for Deployment

  • Utilization of Terraform for infrastructure deployment
  • Sample code provided for Lambda function deployment

Lambda Function

  • SNS topic triggered by events
  • Keywords for detection: "to reset your PIN", "confirm your account", "last four digits", "confirm your account number"
  • Suspicious margin set at 0.5; 0.85 indicates fraud

Mitigation Framework

Policy as Code with AI

  • Importance of defining policy as code, incorporating AI
  • AI assists in understanding and updating complex code beyond human capability

Structured Code Deployment

  • Treat code deployment as peer review with a proper structure
  • Attach security risk implementations and unit tests
  • Ensure protection through continuous model behavioral monitoring with AWS GuardDuty

Natural Language Processing (NLP)

  • Addition of NLP to identify patterns and sentiments in telecommunications and radio waves
  • Enhance detection of fraudulent, neutral, or safe communications

Global Fraud Prevention

Real-Time Risk Management

  • Focus on preventing fraud in real-time on a global scale
  • Ensure secure systems through continuous monitoring and adaptation

Conclusion

  • Emphasis on proactive fraud prevention rather than reactive measures