On the Detection of Signaling DoS Attacks on 3G Wireless Networks

Lee, Patrick P. C.; Bu, Tian; Woo, Tai-Kuo

doi:10.1109/infcom.2007.153

Cited by 80 publications

(57 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We have presented the 3 Step Signaling DoS detection algorithm. First step is classifying the radio resource allocation/release of UEs by analyzing GTP-C control messages of each UE.…”

Section: Discussionmentioning

confidence: 99%

“…In his paper, he introduced various DoS attack model like paging, DCH (Dedicated Channel) allocation. Patrick proposed first the theme about Signaling DoS in 3G network [3]. He made the algorithm for detecting the Signaling DoS.…”

Section: Session-based Detection Of Signaling Dos On Lte Mobile Networkmentioning

confidence: 99%

“…Therefore, if malicious users trigger the allocation and release of the radio resources, it could make the network failure of the entities controlling radio resources. This is Signaling DoS [3]. (See Fig.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Session-Based Detection of Signaling DoS on LTE Mobile Networks

Jang¹,

Kim²,

Oh³

et al. 2014

JACN

View full text Add to dashboard Cite

Abstract-In recent years, global cellular network service is being changed rapidly to LTE. However, the fast introduction of LTE has been going with not enough research about security threat so it could have many kinds of vulnerability. Therefore, the research about security threat on 4G network is ongoing in many countries. Particularly, in the situation where domestic subscribers are increasing rapidly, the security threats which are hindering stability and usability could make a fatal effect on many users. 4G network should consider the feature of mobile network to keep 4G network stable. Because mobile network has limited radio resources, it releases the radio resource which is not used in selected time and reallocates when requesting the data transmission. Many signaling messages are transferred in the network entities to allocate or release the radio resource. In this paper, it will introduce the technology to detect signaling DoS traffic hindering the stability and usability of network entities managing the radio resources by huge signaling message from the repetitive wireless connection/release message.Index Terms-Denial of service, LTE, signaling DoS, virtual setup, 4G.

show abstract

“…We have presented the 3 Step Signaling DoS detection algorithm. First step is classifying the radio resource allocation/release of UEs by analyzing GTP-C control messages of each UE.…”

Section: Discussionmentioning

confidence: 99%

Section: Session-based Detection Of Signaling Dos On Lte Mobile Networkmentioning

confidence: 99%

See 1 more Smart Citation

Session-Based Detection of Signaling DoS on LTE Mobile Networks

Jang¹,

Kim²,

Oh³

et al. 2014

JACN

View full text Add to dashboard Cite

show abstract

“…Indeed, early work has identified different ways to attack the control plane of mobile networks, e.g. through paging [35], service requests [37] and radio resource control (RRC) [26,33]. Poorly designed mobile applications are perhaps one of the most common triggers of signaling overloads [6] that lead to performance degradation and even network outages [11,15].…”

Section: Signaling Stormsmentioning

confidence: 99%

Countering Mobile Signaling Storms with Counters

Gelenbe

Abdelrahman

2016

Internet of Things. IoT Infrastructures

View full text Add to dashboard Cite

Abstract. Mobile Networks are subject to signaling storms launched by misbehaving applications or malware, which result in bandwidth overload at the cell level and excessive signaling within the mobile operator, and may also deplete the battery power of mobile devices. This paper reviews the causes of signaling storms and proposes a novel technique for storm detection and mitigation. The approach is based on counting the number of successive signaling transitions that do not utilize allocated bandwidth, and temporarily blocking mobile devices that exceed a certain threshold to avoid overloading the network. Through a mathematical analysis, we derive the optimum value of the counter's threshold, which minimizes both the number of misbehaving mobiles and the signaling overload in the network. Simulation results are provided to illustrate the effectiveness of the proposed scheme.

show abstract

“…A general framework for anomaly detection was presented in [13] based on time-series analysis and change detection algorithms. While the goal of [13,45] is to identify large-scale events by aggregating and analyzing statistics from all hosts and mobile users, respectively, our approach aims to identify users that are contributing to a problem, namely signaling overload, rather than detect the problem itself. The work in [42] considered the detection of mobile-initiated signaling attacks via a supervised learning approach, which monitors transmissions that trigger a radio access bearer setup procedure, and extracts from the corresponding packets features relating to destination IP and port numbers, packet size and response-request ratio.…”

Section: Prior Work On Storm Detection and Mitigationmentioning

confidence: 99%

Detecting Network-Unfriendly Mobiles With the Random Neural Network

Abdelrahman

2016

Prob. Eng. Inf. Sci.

View full text Add to dashboard Cite

Mobile networks are universally used for personal communications, but also increasingly used in the Internet of Things and machine-to-machine applications in order to access and control critical services. However, they are particularly vulnerable to signaling storms, triggered by malfunctioning applications, malware or malicious behavior, which can cause disruption in the access to the infrastructure. Such storms differ from conventional denial of service attacks, since they overload the control plane rather than the data plane, rendering traditional detection techniques ineffective. Thus, in this paper we describe the manner in which storms happen and their causes, and propose a detection framework that utilizes traffic measurements and key performance indicators to identify in real-time misbehaving mobile devices. The detection algorithm is based on the random neural network which is a probabilistic computational model with efficient learning algorithms. Simulation results are provided to illustrate the effectiveness of the proposed scheme.

show abstract

On the Detection of Signaling DoS Attacks on 3G Wireless Networks

Cited by 80 publications

References 16 publications

Session-Based Detection of Signaling DoS on LTE Mobile Networks

Session-Based Detection of Signaling DoS on LTE Mobile Networks

Countering Mobile Signaling Storms with Counters

Detecting Network-Unfriendly Mobiles With the Random Neural Network

Contact Info

Product

Resources

About