After three years working on harnessing the power of edge computing and federated machine learning, AIDA project has come to an end with many and significative outcomes in the fields of data processing, scalability, and privacy protection:

• 8 software tool
• 42 scientific publications:
  • 3 with PT partners and CMU
  • 3 with Mobileum
• 2 use cases:
  • Bot net detection
  • Anomalous Behavior Detection 

This is what our coordinator has to say about the work developed in the last years and the main contributions from the AIDA project:

“Unlike previous evolution’s, 5G re-thinks and re-architects how the network is built and managed, by introducing emerging use cases urllc(Ultra Reliable Low Latency Communications), mmtc (massive Machine Type Communications) , embb ( enhanced Mobile Broadband) and business models, affecting not only consumers but also enterprises and industries. In 5G, most subscribers will not be consumers as before, the bulk of 5G will consist in IoT devices with quite different behaviors from human subscribers. In fact, even in terms of IoT and depending on the use case, IoT devices can actually have totally different behaviors (e.g: a Smartmeter and a connected car).

Furthermore, the capabilities to support the divergent use cases in 5G, can only be accomplished in a flexible and efficient architecture, with the agility of modular network functions which can be quickly deployed and scaled on demand. 

Taken together, 5G networks bring significant changes to fraud management, namely by introducing new use cases and consequently new attack vectors and type of stakeholders involved in fraud, as well as massive volumes of information that require a distributed approach to process them.

The main contribution of the AIDA Project is to address the changes in the current threat model for 5G, explicitly proposing (I) a distributed edge computing Federated ML architecture on the 5G Edge, using decentralized data to train ML models, supporting the processing of massive volumes of information in real time; (II) linear, scalable, ranked out, parameter free methods that are able to identify abnormal behavior in smart fraud context where artificial intelligence is used to perpetrated fraud and avoid detection; (III) Visualization of Million-Scale Call Graphs, with meaningful and explainable visualizations extracts to assist analysts in spotting fraudsters and suspicious behavior.

AIDA represents the effort of the industry with a consortium of academic partners from multiple areas with the goal of providing a solution that enables us to face the challenges of 5G fraud and distributed platform components, achiving greater levels of scalability, by leveraging the increasing edge computing capacity made available by the IoT, and the imminent large-scale deployment of 5G cellular technology.”

— Pedro Fidalgo, Mobileum

AIDA’s partners travelled to Porto, Portugal, where they participated in the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), from June 27-29. Their participation was an opportunity to present the project’s results since it reached its concluding phase. For the last three years, the AIDA’s partners produced 8 software tools, 42 scientific publications (3 with PT partners and CMU and 3 with Mobileum), and 2 use cases (Bot net detection and International Revenue Share Fraud).

Earlier this month, two researchers from INESC TEC, one partner of the AIDA project, presented a poster at this year EuroSys Conference, in Rome, with the title “Emission-Aware Federated Learning: A Case Study on Transportation and Carbon Footprint”. The poster is focused on the addition of Federated Learning”, which enables the promotion of sustainable and personalised travel behaviours while preserving data privacy.

As written in the poster, the main goal of the research “is to preserve the privacy of users data while increasing awareness on their carbon footprint”. 

EuroSys Conference is one of the most important events related to systems software research and development.

On March 29, eight PhD students got together to share and discuss the work they have been developing within the AIDA project. This event was an excellent networking opportunity for the students to meet each other and to get to know other investigation topics.

There were presentations in three main areas related to the project outputs: Distributed Systems, Security, and Deep Learning and Anomaly Detection.

The meeting was moderated by Pedro Fidalgo, from Mobileum, and had the participation of Luís Ferreira, from INESC TEC, José Flora, Iury Araújo, Mariana Cunha and Jessica Castro, from University of Coimbra, and Minji Yoon, Saranya Vijayakumar and Jeremy Lee, from Carnegie Mellon University.

If we, as data scientists, receive a dataset from a reliable source, we should go ahead with the analysis (classification, clustering, deep learning, etc), right?

Well, yes, that’s what most of us (myself included) often do, especially if there is a tight deadline. However, this could be dangerous. Let me describe some rude awakenings I suffered over the past decades, as well as remind you some fast and easy preventive measures.

Two decades ago, we got access to a public dataset of cross-roads in California, that is, about 10,000 points in two dimensions ( (x,y)  pairs). We plotted it to include it in the spatial-indexing paper we wanted to submit – the plot looked mostly empty, with a lot of points in the shape of California, at the bottom-left corner (see Figure [fig:ca](a)).

Why so much empty space?

The answer was that there was a single point somewhere in Baltimore (Atlantic coast), thousands of miles away from California. Clearly a typo – maybe the coordinates had the wrong sign or so. Since it was just one point, we deleted it.

 (a) Q: why is the CA dataset at the bottom left and the rest, empty?

 (b) A: because of a tiny stray point in Baltimore…

E2 Medical data – many ‘centenarians’

Written by CMU

INESC TEC, one of AIDA’s partners, presented AIDA to the Doctoral Program in Computer Science (MAP-I)’S first year students. This visit, which took place on December 6, 2022, happened during a visit to the High-Assurance Software Laboratory from INESC TEC at the University of Minho.

This was an opportunity to present the work carried out by the AIDA project and get to know a good example of international collaboration between industry and academia.

It is important to mention that the initiative was also an opportunity to share the project’s vision and expected outcomes, while promoting the project’s activities and benefits.

One of the goals of the AIDA Project is to investigate and identify new ways to help Analysts find Anomalous Behavior (of any kind) in large and complex pools of data. We hope this can ultimately lead to significant improvements in the detection of fraudulent activity occurring on Telecom Networks, especially in the light of new technologies like 5G already expanding on the market. Moreover, we now see over more sophisticated, complex and robust methods being used for committing fraud on Telecomm Networks but also increasingly expanding to the world of Communication Service Providers and the Internet. 

In essence our goal is to create and develop new tools that can provide new ways to help the Data Analyst and Data Scientist better understand and make sense of information originated from huge and dynamic pools of data such as that originating from Telecom Operator’s traffic activity. This type of data displays very particular characteristics as it is based upon human interactions prone to exhibiting strong and established patterns  and Data Visualization functionalities when designing and building these new tools. 

We believe this can ultimately lead to better results at detecting Anomalous Behavior and uncover suspicious activity that would otherwise have remained undetected, which in turn can potentially stand as the basis for developing the next generation of commercial products and solutions aimed at tackling Anomalous Behavior in Telecom Operators’ traffic activity and other related scenarios. 

Case Building and Smart Fraud

One of the ideas behind this approach was to establish a strong focus on facilitating the opening and development of new cases by the end user (usually the Analyst). Case Building is a crucial part for the Analyst to manage his investigation work in order to allow the Analyst to follow a logical sequential analytical process, where there is the possibility to deep dive on data of interest as well as the opening and creation of new cases with ease. Current solutions such as those used at Mobileum include smart monitoring features that sense when there is an unusual activity exhibited by the Operator traffic data. When a suspicious event occurs, the application can set a temporary alert on that specific agent, attempting to keep fraud losses to an absolute minimum without interrupting legitimate activity. This approach functions more as a broad analysis that can detect alterations to the normal flow patterns of traffic data. Therefore, usually only the more obvious and evident anomalous activity can be detected through such methods, which leads to a lot of illegal activity passing under the radar of these solutions. The Analyst here usually does not have the ability to perform a sequential deep dive on the data and to reflect at multiple perspectives sequentially layered in a manner that can facilitate the workflow of the user.

This is made more difficult with the increase of Smart Fraud where fraudsters are increasingly developing more sophisticated, efficient and complex ways to commit Fraud be it for increasing success rates or to adapt to the adoption of anti-fraud mechanisms by the Telecom industry.

The advent of AI and the ever more sophistication, creativity and expertise of Fraudsters are major factors for this. New methods used by Fraudsters focus on attempting to mimic “normal” non-fraudulent behavior that can increase the chances of avoiding detection, through several ways. For example, regarding call traffic activity we have seen approximations on call duration, frequency and even ensuring that verified contacts are also included in the fraud committing process.

We believe the work carried out in the AIDA Project will significantly contribute to new solutions that increase the accuracy in detecting Anomalous Behavior. We provide a brief overview on some of the work conducted so far in the next section.

Graph and Node Analysis in Anomaly Detection

One of the goals of this work was to provide Analysts with new ways to analyze Telecom traffic activity that can lead to the detection of anomalous behavior that is not detected using classic methods. In that line we have introduced Graph Analysis to our research together with powerful statistical and feature exploration focused on providing powerful and insightful Data Visualization tools and techniques that can strongly help Analysts analyzing traffic data. One of the methods of choice to explore in such research is the study of Anomalous Behavior and suspicious activity using graphic objects such as time evolving graphs. Graphs are very powerful for analyzing human interactions and therefore make exceptional candidates for studying and analyzing anomalous behavior from Telecommunication Networks’ traffic activity. Here, individual agents (people) are represented by nodes of the graph and the links between them represent connection events established by those nodes. We are interested to understand the patterns that occur in this type of data, like who-calls-whom, who-sends-money-to-whom the focus was on the unsupervised cases, where there are no labels.

Our work so far with Anomalous Behavior has led us to use these approaches and techniques in the study of Fraud occurring in Telecom Networks. We have been developing new analytical solutions that we have been testing with a real-life dataset originating from an existing Telecom Operator. Together with the help of high expertise in this business domain, we were able to detect significant anomalous behavior in novel and potent ways which positively reinforces the potential and value of this application. More specifically we were able to identify new cases with high potential for Bypass Fraud. Furthermore, we present a case that was later confirmed by the Telecom Operator as a newly confirmed Bypass Fraud case that had not been previously identified. A recent solution we have recently published is depicted in figure 1.

Pedro Fidalgo, from our coordinator partner Mobileum, participated in the roundtable “Adaptive, automated, and autonomic computing” at this year’s CMU Portugal Summit, which happened under the motto “New Frontiers in tech”. 

During the conference, the AIDA project had a meeting with the CMU Portugal External Review Committee, an advisory board charged with assessing the project’s performance and making recommendations.   

Paula Raissa Silva, from INESC TEC, also participated in the conference with a paper entitled “Federated Anomaly Detection over Distributed Data Streams”.

The conference aimed at bringing experts to present research progress in various areas, such as Health, Cybersecurity, Forests, Artificial Intelligence, Language Technologies, Machine Learning, among others. The CMU Portugal Summit 2022 took place in Lisbon, on November 9 and 10.