Recap Series
- Session 02: AWS Compliance with Terraform
- Session 03: Beginner to Builder: An Awesome Cloud Journey
- Session 04: Team-First Serverless Engineering with Laravel and Bref
- Session 05: Event Opening: AWS Community Day Hong Kong 2025
- Session 06: Agent-to-Agent: Building Interoperable AI on AWS
- Session 07: Utilize Another Telemetry Data for Faster Improvement with AI Agent
- Session 08: Graduating from Vibe Coding: Spec-Driven Development with Kiro
- Session 09: Automated Testing using MCP and AI Agents
- Session 10: Modernizing Telecom Security: ML Powered Approach
- Session 11: Rethinking GenAI Agent: RAG and MCP
- Session 12: Disaster and Emergency Response with TAK and AWS
- Session 13: Rethinking Serverless Application Workflows from a Testing Perspective
- Session 14: Practical AWS FinOps for Cloud Success
Recent Trends and Challenges
Increase in Online Transactions
- Rising reliance on phones for transactions in regions like West Africa, China, and Hong Kong
- Estimated annual online transactions to reach one trillion by 2027
Rise in Payment Scams
- 1.5 billion dollars lost to fraud as of 2023
- 47% of fraud involves transactions (online, physical, voice)
Industry Responses
- Implementation of anti-fraud systems
- Enhanced two-factor authentications
- Behavioral analytical checks
- Risk engines to track patterns
Limitations of Pattern-Based Protection
- Provides only a certain level of protection
- Need for more comprehensive security measures
Tokenization and Detokenization
- Encrypting requests to secure transactions
- Decrypting upon receipt to ensure secure delivery
- Current practice in many financial companies
Fraud Detection and Prevention Challenges
Security Intelligence Gaps
- Telecom industries struggle to keep up with new fraud attacks
- Constant emergence of new backdoors in security systems
Balancing Security and User Experience
- Challenge of securing systems while ensuring legitimate traffic is not blocked
- Concern about how to maintain security without hindering customer experience
Monitoring and Detection Limitations
- Traditional allow/deny rules are insufficient against modern threats
- New attacks often bypass rule-based systems
AWS Tools for Enhanced Identification
- Utilization of AWS tools to identify and mitigate new threats
Traditional vs. Modern Security Methods
Traditional Methods
- Allow or deny rules
- Two-step authentication
- Network VLANs with set IP addresses
Limitations of Traditional Methods
- Ineffective against advanced AI and machine learning-driven attacks
- Create more loopholes in the system
Evolution of Deceptive Vectors
Modern Attack Techniques
- Focus on voice-based scams
- Social engineering to deceive users into transactions they didn’t initiate
Need for AI and Machine Learning
- Addressing the worry and need for advanced solutions
- Solution to counteract contemporary fraud methods
Historic Flaws with Contemporary Delivery Methods
SS7 Protocol
- Used in 2G, 3G, and 4G networks
- Designed to prevent interception of communication
- Signaling System No. 7 (SS7) is a globally recognized set of telecommunication protocols that provides the signaling and control for most of the world's public switched telephone network (PSTN) calls. It uses a separate, dedicated network to exchange the control information needed to set up, manage, and release voice calls and enable advanced services like SMS and caller ID.
- SS7 was designed in the 1970s and 1980s as a closed
- This lack of security makes it vulnerable to exploits, allowing malicious actors with access to an SS7 network to:
- Track Location: Pinpoint a user's location anywhere in the world by querying location databases.
- Intercept Communications: Eavesdrop on calls and read SMS messages, including sensitive information like two-factor authentication (2FA) codes for online banking and other services.
- Facilitate Fraud: Reroute calls, perform SIM swap attacks, or conduct other fraudulent activities.
- Launch Denial of Service (DoS) Attacks: Overload signaling channels, causing network disruptions.
- 4G and 5G networks primarily use the more secure Diameter protocol for signaling, SS7 is still widely used to support global roaming, interconnect with legacy 2G/3G networks, and deliver SMS messages.
Ongoing Threats
- Despite the buildup of 4G and 5G, 2G and 3G networks are still in use
- Hackers exploit SS7 protocol flaws to intercept communications
- Continuous threat due to the reliance on older network technologies in some regions
Benefits of Using AI in Telecom Security
AI as an Enabler
- Trains machines to detect deceptive conversations
- Identifies "scammy" language in conversations
- Differentiates between legitimate and fraudulent interactions
Continuous Learning
- AI adapts to new attacks with new solutions
- Ensures up-to-date protection against evolving threats
Economic Implications
- Prevents revenue leakage and company bankruptcy
- Maintains customer trust as a valuable asset
- Ensures secure systems to retain customer confidence and investment
Solution Overview
Integration with Existing Systems
- Addresses both cloud-based and on-premises legacy systems
- Minimizes latency for 5G-based technologies
- Ensures compatibility with older network technologies
Flow of the Solution
- [ 1 ] Call Initiation
- Calls made via radio waves, satellites, or IP addresses
- [ 2 ] Routing
- Calls routed to towers
- [ 3 ] Conversion
- Calls converted at a media converter before translation into the secure environment
Suspicious Voice Detection
- Transcriber captures suspicious voices during calls
- Custom Keyword Check:
- Keywords like "give me your pin" or "we need your bank details" are flagged
- Ensures secure handling of sensitive information within conversations
Detailed Solution Workflow
Preloaded Keywords
- System is preloaded with keywords indicative of potential fraud (e.g., "give me your pin")
- These keywords are the first point of call for identifying suspicious conversations
AWS Comprehend
- Analyzes the tone, haste, and sentiment of the conversation
- Identifies scammy language and unusual conversational patterns
AWS SageMaker
- Utilizes custom models for partial, real-time model training
- During a phone call, the system identifies suspicious patterns and sends a fraud alert to the user
- Users can choose to end the call if fraud is detected
Event Bridge and Lambda Functions
- Event Bridge signifies custom fraud logic
- Lambda functions handle different detection scenarios (neutral, non-neutral, fraudulent)
- Triggers user notifications based on detection outcomes
Retraining Bucket
- Conversations not initially checked are saved in an S3 bucket for retraining
- Enables unsupervised learning, allowing the system to learn from past conversations
System Visibility and Compliance
- Artifacts for compliance
- CloudWatch for log monitoring
- GuardDuty for identifying model behavior changes and security injections
- AWS Crawler for static analysis of configurations (automatically scans and discovers data in various sources like Amazon S3, DynamoDB, and relational databases to populate the central AWS Glue Data Catalog)
- AWS Config for key management
- Managing Personally Identifiable Information (PII)
Data Sensitivity and Encryption
- Ensures data remains secure, either on the telecom side or within the cloud
- Full cloud implementation available, with options for telecom users to choose their preferred method
Demo and Implementation Details
- Simple demonstration showing ongoing conversations and identification of suspicious patterns
- Real-time fraud detection and user alerts
Recorded Conversations
- Demonstration includes various voice recordings
- Distinction between non-phishing and phishing voice recordings
Terraform for Deployment
- Utilization of Terraform for infrastructure deployment
- Sample code provided for Lambda function deployment
Lambda Function
- SNS topic triggered by events
- Keywords for detection: "to reset your PIN", "confirm your account", "last four digits", "confirm your account number"
- Suspicious margin set at 0.5; 0.85 indicates fraud
Mitigation Framework
Policy as Code with AI
- Importance of defining policy as code, incorporating AI
- AI assists in understanding and updating complex code beyond human capability
Structured Code Deployment
- Treat code deployment as peer review with a proper structure
- Attach security risk implementations and unit tests
- Ensure protection through continuous model behavioral monitoring with AWS GuardDuty
Natural Language Processing (NLP)
- Addition of NLP to identify patterns and sentiments in telecommunications and radio waves
- Enhance detection of fraudulent, neutral, or safe communications
Global Fraud Prevention
Real-Time Risk Management
- Focus on preventing fraud in real-time on a global scale
- Ensure secure systems through continuous monitoring and adaptation
Conclusion
- Emphasis on proactive fraud prevention rather than reactive measures
