Nowadays when mobile malicious software is increasingly rampant, traditional security protection measures can detect and prevent discovered malicious software online, but it is lack of efficient analysis methods for unknown malicious software.

1. Establish an information security analysis system for total analysis of the core network data of mobile operators.
2. Collect and analyze key log data from operator’s mobile core network, and help mobile operators to analyze and find out clues of malicious software from mass data through pattern recognition algorithm.

1. The peak value of data volume of the whole network is millions of bars per second, with more than several millions of incremental data per hour.
2. The information security system performs real-time information security scanning of such huge data, finds out the problematic records, and conducts real-time interception processing.
3. The amount of malicious software intercepted is several times greater than that in the past, which greatly improves security.
4. The R&D staff can release the burden and focus on core business.

Expose a secret of the largest big data project in China

What kind of data size can deserve the name of big data? One million? One hundred million? Ten billion? No one can give a definitive answer to those questions, and of course it's not just large size can help to define big data. But it is indisputable that the larger the data size, the higher the demand for technology in terms of analysis and computation. China Mobile project is arguably believed as one of projects with the largest data size in Chinese business sector.

With the popularity of smart phones, mobile malicious software becomes increasingly rampant. According to the latest data from Baidu security lab, the total number of malicious software and high-risk software in the android platform exceeded 2 million in the third quarter of 2014, creating a new high on record. Such malicious software that may cause disclosure of user privacy, information loss, equipment damage, loss of telephone expenses and many other problems brought great harm to customer interests as well as the adversest effect to network operations of telecommunications operators at the same time. The traditional security protection measures can detect and prevent identified malicious software online, but it is lack of efficient analysis methods for unknown malicious software.

China Mobile has considered it necessary to establish an information security analysis system for gross analysis of the core network data. The real problem for China Mobile, however, was that the peak value of data volume of the whole network was millions of bars per second, with several millions of incremental data per hour. The system to be built should conduct real-time information security scanning of these mass data, identify problematic records to carry out real-time interception.

As the most important technology provider and a well-known service provider for one-stop big data analysis platform in China, Yonghong Tech has participated in construction of this system. Yonghong has used big data platform independently researched and developed by itself to collect and analyze key log data from operator’s mobile core network, so as to facilitate mobile operators to analyze and detect traces of malicious software from mass data through pattern recognition algorithm.

The technical principle of Yonghong Tech is to build (multiple joints and computing) big data mart and agile BI system on hundreds of servers to support analysis and calculation of huge data needed by this system. In aspect of architecture, it covers: [server cluster consisting of 5 sub-clusters which are respectively:

1. Cluster of front-end processor: used to receive log data from various provinces all over the country.

2. Cluster of stream computing: used to scan data and put matching log data into the database.

3. Database cluster: it is used to accumulate and make judgment on matching data to finally generate suspected data, put it into MPP cluster and report it to headquarter.

4. MPP cluster: used to store suspected data for data analysis and data mining.

5. Management cluster: used for cluster monitoring, configuration management, BI front end, etc.

Figure 1: popular terminal flow and user analysis