1、 International Telecommunication Union ITU-T Series XTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 12(03/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.1240 Supplement on overall aspects of countering mobile messaging spam ITU-T X-series Recommendations S
2、upplement 12 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS
3、 X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLIC
4、ATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecu
5、rity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchang
6、e X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. X series Su
7、pplement 12 (03/2012) i Supplement 12 to ITU-T X-series Recommendations ITU-T X.1240 Supplement on overall aspects of countering mobile messaging spam Summary Supplement 12 to ITU-T X-series Recommendations, in particular to Recommendation ITU-T X.1240, describes the basic concept and characteristic
8、s of mobile messaging spam. It also introduces and analyses current technologies on countering mobile messaging spam. In addition, this supplement proposes a general implementation framework for countering mobile messaging spam. The relative activities in different organizations are introduced in Ap
9、pendix I. History Edition Recommendation Approval Study Group 1.0 ITU-T X Suppl. 12 2012-03-02 17 Keywords MMS, mobile messaging spam, SMS, spam. ii X series Supplement 12 (03/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of tele
10、communications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing teleco
11、mmunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the pr
12、ocedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicate both a telec
13、ommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publication is achieved when all of these manda
14、tory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws atte
15、ntion to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others o
16、utside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implementers are cautioned that this may not represent the latest i
17、nformation and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. X series Supplement 12 (03/2012) iii Tabl
18、e of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this supplement . 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 Overview of mobile messaging spam . 3 6.1 Types 3 6.2 Characteristics 4 6.3 Delivery methods 4 7 Current technologies f
19、or countering mobile messaging spam 5 7.1 Blacklists/whitelists 5 7.2 Content-based filtering . 5 7.3 Spam reporting . 6 7.4 Traffic statistics 6 7.5 Analysis of call detail records 6 7.6 Greylisting 6 7.7 Duplicate content recognition . 6 7.8 Indication information recognition . 7 7.9 Analysis of m
20、essaging sending dispersion . 7 7.10 Limitation on the total amount of sent messages . 7 7.11 Security software 7 8 Analysis for countering mobile messaging spam . 8 8.1 Comparison . 8 8.2 Deployment framework 9 Appendix I Activities on countering mobile messaging spam . 11 I.1 Development of techni
21、cal specifications for countering mobile messaging spam 11 I.2 International activities on countering mobile messaging spam 15 I.3 Industry alliances and initiatives for countering mobile messaging spam . 15 Bibliography. 17 X series Supplement 12 (03/2012) 1 Supplement 12 to ITU-T X-series Recommen
22、dations ITU-T X.1240 Supplement on overall aspects of countering mobile messaging spam 1 Scope This supplement to Recommendation ITU-T X.1240 provides an overview of mobile messaging spam, including types, characteristics and delivery methods. Furthermore, this supplement analyses the current techno
23、logies on countering mobile messaging spam, and proposes an implementation framework for countering mobile messaging spam. The relevant activities in different standardization organizations and related organizations are introduced in Appendix I. This supplement only focuses on mobile messaging spam,
24、 including SMS spam and MMS spam. 2 References None. 3 Definitions 3.1 Terms defined elsewhere This supplement uses the following terms defined elsewhere: 3.1.1 mobile handset b-ITU-T K.49: Not fixed terminal equipment used for data or voice communication and connected to a fixed telecommunications
25、network via radio interface. 3.1.2 multimedia messaging service (MMS) b-ITU-T X.1231: Multimedia messaging service refers to a kind of messaging service after short message service which can transfer various multimedia messages including text, graphics, audio, video and so on through mobile network,
26、 wireless network or fixed network. 3.1.3 short message service (SMS) b-ITU-T X.1231: Short message service refers to a kind of message service, which allows mobile phones, telephones and other short message entities to transfer and receive text messages through a device-named service centre impleme
27、nting functions such as saving and delivering. 3.1.4 SMS spam b-ITU-T X.1242: Spam sent via SMS. 3.1.5 spam b-ITU-T X.1240: The meaning of the word “spam“ depends on each national perception of privacy and what constitutes spam from the national technological, economic, social and practical perspect
28、ives. In particular, its meaning evolves and broadens as technologies develop, providing novel opportunities for misuse of electronic communications. Although there is no globally agreed definition for spam, this term is commonly used to describe unsolicited electronic bulk communications over e-mai
29、l or mobile messaging for the purpose of marketing commercial products or services. 3.1.6 spammer b-ITU-T X.1240: An entity or a person creating and sending spam. 3.2 Terms defined in this supplement This supplement defines the following terms: 3.2.1 false positive: A result that is erroneously posi
30、tive when a situation is negative. 3.2.2 MMS spam: Spam sent via MMS. 2 X series Supplement 12 (03/2012) 3.2.3 mobile messaging spam: Unsolicited electronic communications over mobile messaging services, typically consisting of SMS spam and MMS spam. 4 Abbreviations and acronyms This supplement uses
31、 the following abbreviations and acronyms: CBCS Categorization-Based Content Screening CDR Call Detail Record CI Contextual Information CSCS Client Side Content Screening FMD Filtered Messages Database GSM Global System for Mobile communications HMM Hidden Markov Models HPLMN Home Public Land Mobile
32、 Network ID Identity IMR Identification, Marking and Reacting IMS IP Multimedia Subsystem MAP Mobile Application Part MMS Multimedia Messaging Service MMSC Multimedia Messaging Service Centre MT-SMs Mobile Terminated-Short Messages NB Naive Bayes Algorithm OPH Open Proxy Handshake OSBF-Lua Orthogona
33、l Sparse Bigrams with confidence Factor PLMN Public Land Mobile Network PS Packet Switched PUCI Protection against Unsolicited Communication for IMS SCIDM Secure Content IDentification Mechanism SCM Service Control Module SIM Subscriber Identity Module SMS Short Message Service SMSC Short Message Se
34、rvice Centre SPIT SPam over Internet Telephony SS Supplementary Services SSFM SMS Spam Filtering Module SVM Support Vector Machine TCAP Transaction Capabilities Application Part UC Unsolicited Communication X series Supplement 12 (03/2012) 3 UC-OPH Unsolicited Communication - Open Proxy Handshake UC
35、S supervised Classifier System URD User-specified Rules Database URL Uniform Resource Locator USIM Universal Subscriber Identity Module USMM User Service Management Module VPLMN Visited Public Land Mobile Network WAP Wireless Application Protocol 5 Conventions None. 6 Overview of mobile messaging sp
36、am 6.1 Types Mobile messaging spam is unsolicited electronic communications over mobile messaging services. Spam messages mainly include the following content: advertising information: advertisement of products or services, especially discount information, etc. fraud information: lottery winning fra
37、ud, bank card fraud, fake identity fraud, etc. Based on the different carriers of unsolicited messages, mobile messaging spam could be classified into SMS spam and MMS spam. SMS spam is spread widely throughout the world. Unsolicited spam included in short messages can seriously disturb peoples dail
38、y life by wasting their time and influencing their state of mind. With the low cost of bulk sending and the increasing number of SMS users, SMS spam has constituted the major mobile messaging spam. Service providers often cannot charge for SMS spam. In a postpaid environment, the users or customers
39、may renege on payment. Furthermore, this bulk spam consumes an enormous amount of storage space and computing resources for mobile networks, which may affect the service quality of legitimate users. However, bulk transmission does not necessarily imply spam; for example, circulating an announcement
40、within a company may also display similar features to those of SMS spam. Because MMS is sent in the packet switched (PS) data channel of mobile networks, it is easier to be used for spreading malware. Therefore, it seems to be a more serious problem. The scale of MMS spam is not as large as SMS spam
41、, due to the costly price and limitations of the delivery methods. Even if the price for the individual multimedia message is much higher than that for the short message service, bulk sending pricing will tremendously reduce the cost for spam distributors. Furthermore, the rate of spam return is hig
42、her for MMS than for SMS spam. Currently, there are more counter measures against SMS spam available to users and operators. Therefore, many spammers prefer to use MMS spam in some situations. 4 X series Supplement 12 (03/2012) 6.2 Characteristics In order to counter mobile messaging spam effectivel
43、y and efficiently, the characteristics of mobile messaging spam need to be analysed and summarized. Such an analysis could be taken into consideration in the development of the relative technologies and policy decisions in view of countering mobile messaging spam. Some of the most common characteris
44、tics are as follows: Spam messages can be as long as possible in order to transmit the maximum amount of information. Spam messages use some random characters dynamically inserted into the text of the message in order to avoid the identification of single bulk transmission, and to avoid spam keyword
45、 recognition filters. There is usually a phone number or a hyperlink for contact information. This phone number and hyperlink may not belong to the presumed advertiser. A spam message does not necessarily mean that there is no interest in receiving it. The decision should be made by the recipients.
46、Spammers may send messages to a large proportion of a mobile phone number segment in a short time. Most spammers do not retry a failed message delivery. Spammers and recipients are usually unknown to each other, and there is no voice conversation between them. Besides, the responses to a spam messag
47、e are not as frequent as to a normal message. Spammers seldom incur any other charges (such as voice call) other than the messaging charge. Spam messages with the same content may be originated from different mobile phone numbers. 6.3 Delivery methods There are two common bulk delivery methods of mo
48、bile messaging that can be used for mobile messaging spam: Using spam tools to send bulk messages: spammers acquire subscriber identity cards (such as SIM, USIM, etc.), usually with a discount package for sending mobile messages, and they plug the cards into the spam tools that are controlled by com
49、puter software. Spammers can then send bulk messages by activating those spam tools. Generally, each computer has the ability to control more than one spam tool at the same time, and enable the bulk sending of spam messages. Bulk spam message sending is usually at a low price. With this method, the sending number will be shown in the recipients mobile handset as a normal mobile phone number, and the recipients cannot recognize whether it is spam or not before they read it. Most
