Abstract
Researchers have recently uncovered numerous anomalies that affect 3G/4G networks, caused either by hardware failures, or by Denial of Service (DoS) attacks against core network components. Detection and attribution of these anomalies are of major importance for the mobile operators. In this respect, this paper presents a lightweight application, which aims at analyzing signaling activity in the mobile network. The proposed approach combines the advantages of anomaly detection and visualization, in order to efficiently enable the analyst to detect and to attribute anomalies. Specifically, an outlier-based anomaly detection technique is applied onto hourly statistics of multiple traffic variables, collected from one Home Location Register (HLR). The calculated anomaly scores are afterward visualized utilizing stacked graphs, in order to allow the analyst to have an overview of the signaling activity and detect time windows of significant change in their behavior. Afterward, the analyst can perform root cause analysis of suspicious time periods, utilizing graph representations, which illustrate the high-level topology of the mobile network and the cumulative signaling activity of each network component. Experimental demonstration on synthetically generated anomalies illustrates the efficiency of the proposed approach.
This work has been partially supported by the European Commission through project FP7-ICT-317888-NEMESYS funded by the 7th framework program. The opinions expressed in this paper are those of the authors and do not necessarily reflect the views of the European Commission.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
G. Kambourakis, C. Kolias, S. Gritzalis, J.H. Park, DoS attacks exploiting signaling in UMTS and IMS. Comput. Commun. 34(3), 226–235 (2011)
P.P.C. Lee, T. Bu, T. Woo, On the detection of signaling DoS attacks on 3G wireless networks, in: INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, pp. 1289–1297, 2007.
P.P.C. Lee, T. Bu, T. Woo, On the detection of signaling DoS attacks on 3G/WiMax wireless networks. Comput. Netw. 53(15), 2601–2616 (2009)
A. D’Alconzo, A. Coluccia, F. Ricciato, P. Romirer-Maierhofer, A distribution-based approach to anomaly detection and application to 3G mobile traffic, in: Global Telecommunications Conference, GLOBECOM 2009. IEEE, pp. 1–8, 2009.
A. Coluccia, A. DAlconzo, F. Ricciato, Distribution-based anomaly detection in network traffic, in: Data Traffic Monitoring and Analysis, Springer, pp. 202–216, 2013.
H. Shiravi, A. Shiravi, A.A. Ghorbani, A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph. 1(1), 1–19 (2011)
M. Lad, D. Massey, L. Zhang, Visualizing internet routing changes. IEEE Trans. Vis. Comput. Graph. 12(6), 1450–1460 (2006)
L. Shi, Q. Liao, Y. He, R. Li, A. Striegel, Z. Su, SAVE: Sensor anomaly visualization engine, in: IEEE Conference on Visual Analytics Science and Technology (VAST), IEEE, pp. 201–210, 2011.
G. Andrienko, N. Andrienko, P. Bak, D. Keim, S. Kisilevich, S. Wrobel, A conceptual framework and taxonomy of techniques for analyzing movement. J. Vis. Lang. Comput. 22(3), 213–232 (2011)
H. Janetzko, F. Stoffel, S. Mittelstädt, D.A. Keim, Anomaly detection for visual analytics of power consumption data. Comput. Graph. 38, 27–37 (2014)
V. Chandola, A. Banerjee, V. Kumar, Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)
M.M. Breunig, H.-P. Kriegel, R.T. Ng, J. Sander, LOF: identifying density-based local outliers, in: ACM Sigmod Record, vol. 29, pp. 93–104, ACM, 2000.
B. Shneiderman, The eyes have it: a task by data type taxonomy for information visualizations, in: Proceedings of the 1996 IEEE Symposium on Visual Languages, VL ’96, 1996.
N. Gobbo, A. Merlo, M. Migliardi, A denial of service attack to GSM networks via attach procedure, in: Security Engineering and Intelligence Informatics, Springer, pp. 361–376, 2013.
P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, T. La Porta, On cellular botnets: measuring the impact of malicious devices on a cellular network core, in: Proceedings of the 16th ACM conference on Computer and communications security, pp. 223–234, ACM, 2009.
N. Jiang, Y. Jin, A. Skudlark, Z.-L. Zhang, Understanding sms spam in a large cellular network: characteristics, strategies and defenses, in: Research in Attacks, Intrusions, and Defenses, Springer, pp. 328–347, 2013.
T.A. Almeida, J.M.G. Hidalgo, A. Yamakami, Contributions to the study of sms spam filtering: new collection and results, in:textitProceedings of the 11th ACM Symposium on Document Engineering, pp. 259–262, ACM, 2011.
3GPP, Study on Core Network Overload (CNO) Solutions, TS 23.843, 3rd Generation Partnership Project (3GPP), 12 2013.
S.J. Delany, M. Buckley, D. Greene, Sms spam filtering: methods and data. Expert Syst. Appl. 39(10), 9899–9908 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Papadopoulos, S., Mavroudis, V., Drosou, A., Tzovaras, D. (2014). Visual Analytics for Enhancing Supervised Attack Attribution in Mobile Networks. In: Czachórski, T., Gelenbe, E., Lent, R. (eds) Information Sciences and Systems 2014. Springer, Cham. https://doi.org/10.1007/978-3-319-09465-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-09465-6_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09464-9
Online ISBN: 978-3-319-09465-6
eBook Packages: Computer ScienceComputer Science (R0)