Title :
Detecting MS initiated signaling DDoS attacks in 3G/4G wireless networks
Author :
Gupta, Arpan ; Verma, T. ; Bali, Samer ; Kaul, S.
Author_Institution :
IIIT Delhi, New Delhi, India
Abstract :
The hierarchical architecture of present day cellular data networks implies that a large number of base stations depend on a small number of core network elements for essential services (including Internet connectivity). If a mobile botnet launches a distributed signaling attack on one or more core network elements (e.g., gateway), a large number of subscribers would experience service degradation. In this work, we propose a new detector that examines a subset of IP packets transmitted by a mobile station (MS) to determine its infection status. Service providers can install this detector anywhere in the data path, i.e., MS, Base Station (BS), gateway, etc., to detect and quarantine infected terminals. The proposed algorithm was trained using one week of IP packet traces generated by 62 different smartphones. Results indicate that this method can detect most types of signaling attacks with more than 0.9 detection probability and less than 0.1 false alarm probability.
Keywords :
3G mobile communication; 4G mobile communication; cellular radio; probability; 3G/4G wireless networks; IP packet traces; Internet connectivity; MS initiated signaling DDoS attacks; base stations; cellular data networks; core network elements; data path; detection probability; distributed signaling attack; false alarm probability; hierarchical architecture; infection status; mobile botnet; mobile station; service degradation; service providers; smartphones; Detectors; Entropy; IP networks; Internet; Logic gates; Mobile communication; Smart phones;
Conference_Titel :
Communication Systems and Networks (COMSNETS), 2013 Fifth International Conference on
Conference_Location :
Bangalore
Print_ISBN :
978-1-4673-5330-4
Electronic_ISBN :
978-1-4673-5329-8
DOI :
10.1109/COMSNETS.2013.6465568
