Information Security and Computer Fraud, 2017, Vol. 5, No. 1, 1-8 Available online at http://pubs.sciepub.com/iscf/5/1/1 © Science and Education Publishing DOI:10.12691/iscf-5-1-1 Detecting and Tracking Pseudo Base Stations in GSM Signal Hijacking and Frauds: a Visualized Approach Yongxing Li 1 , Yang Heng 1 , Ankang Hao 1 , Tianxing Wang 1 , Xiaojie Liu 2 , Lan Huang 1,* 1 College of Computer Science, Yangtze University, Jingzhou, Hubei, China 2 Beijing Gehua CATV Network Co. Ltd., Beijing, China *Corresponding author: lanhuang@yangtzeu.edu.cn Abstract Pseudo base station (PBS), sometimes called fake base station, refers to cellular base stations that are employed for malicious and usually illegal purposes. Through the pitfalls of the GSM protocol, PSBs can hijack GSM signals of cellphones close by. Most PBSes are portable, for example hidden in vans or even carried in backpacks, and are deployed in densely populated regions. Then they can steal personal information from neighboring smartphones, or send intriguing messages to them that would ultimately lead to telecom frauds. In recent years, there has been a terrifying increase in the number of telecom frauds and the smartphones infected by viruses sent from PBSes. This urgently calls for methods and systems that can effectively identify and track PBSes. In this study, we designed and implemented a PBS detecting and tracking system, by conducting topic analysis of messages received by cellphones and analyzing their temporal and spatial distribution patterns. Using the system, we could perform a variety of exploratory analysis, including categorizing PBSes into either stationary or moving PBSes, discovering and visualizing their behavior patterns, and identifying districts that tend to suffer from a particular type of fraud messages. Keywords: Pseudo Base Station, telecom fraud, topic modeling, trajectory clustering, visualization Cite This Article: Yongxing Li, Yang Heng, Ankang Hao, Tianxing Wang, Xiaojie Liu, and Lan Huang, “Detecting and Tracking Pseudo Base Stations in GSM Signal Hijacking and Frauds: a Visualized Approach.” Information Security and Computer Fraud, vol. 5, no. 1 (2017): 1-8. doi: 10.12691/iscf-5-1-1. 1. Introduction "Congratulations! You have just won 500 dollars!". "You can redeem your credit card points from us!" "Need loans? No mortgage required!" It is increasingly common to receive such messages nowadays. People with good IT and risk awareness usually can make the right choice: delete or simply ignore such messages. Unfortunately, a considerable proportion of people, for example the elderly and university freshmen, who are reasonably new to the smartphone technology and society, and thus lack sufficient knowledge and experiences in telecom frauds, are likely to fall for these intriguing messages. Ultimately, some of them could become victims of this uprising kind of telecom crime and suffer both mentally and financially from great losses. Where did these messages come from? How did their senders know my cellphone number and my personal details? Victims usually ask such questions afterwards, because the scammer seems to know everything about the victim, and this is usually the critical part that eventually tricks the victims into dispelling all their doubts and falling into traps. Recent investigation revealed that pseudo base stations were the weapon being used to send such scam messages and illegally collect personal information. Pseudo base station (PBS), sometimes called fake [1] or malicious base station [2], or IMSI catcher [3], refers to cellular base stations that are employed for malicious and usually illegal purposes. Through the pitfalls of the GSM protocol, PSBs can hijack the GSM signals of cellphones in its neighboring area. Then they can steal personal information from neighboring smartphones, or send intriguing messages to neighboring cellphones that would ultimately lead to telecom frauds. To make things worse, most PBSes are portable and moving: for example fraudsters can hide PBSes in vans or carry them in backpacks and drive them around the city or just wander in densely populated regions. In recent years, the number of telecom frauds and the number of smartphones infected by viruses sent from PBSes have increased terribly. This urgently calls for methods and systems that can effectively identify and track PSBs. In this study, we designed and implemented a PBS detecting and tracking system, by conducting topic analysis of messages received by cellphones together and by analyzing their temporal and spatial patterns. Using the system, we could effectively perform a variety of exploratory analysis, including categorizing PBSes into either stationary or moving PBS, discovering and visualizing their behavior patterns, and identifying districts that tend to suffer from a particular type of fraud messages. The rest of this paper is organized as following. Next we review related work on PBS detection. Section 3