Abstract
In the last couple of years , both the number of smart devices using mobile networks’ services, and the number of security threats for mobile devices have increased rapidly. This growth generates new challenges for mobile network operators. One of the recent challenges is fighting the signaling attacks and storms, that represent a type of distributed denial of service (DDoS) attacks, which overload the signaling plane of the networks, and threat networks’ stability. This paper proposes a detection mechanism for such attacks. A cost function is defined using the low bandwidth usage characteristic and is calculated in a exponential weighted moving average manner to enable real-time detection of attack intervals. The detector is implemented in a simulation environment in a 3G UMTS network and evaluated using metrics of interest such as: detection delay and probability of false positive and false negative detections. Finally, a simple attack mitigation technique is used together with the detector in a network under attack and manages to reduce the signaling load and end-to-end delay to the level of an unattacked network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mobile Cyber Threats. Joint Report. http://securelist.com/analysis/publications/66978/mobile-cyber-threats-a-joint-study-by-kaspersky-lab-and-interpol/ (Oct 2014)
Cisco visual networking index: Global mobile data traffic forecast update, 2014–2019. White Paper. http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white_paper_c11-520862.pdf (Feb 2015)
Abdelrahman, O.H., Gelenbe, E.: Signalling storms in 3G mobile networks. In: Proceedings of IEEE International Conference on Communications (ICC’14), Communication and Information Systems Security Symposium, pp. 1017–1022. Sydney, Australia. http://dx.doi.org/10.1109/ICC.2014.6883453 (2014)
Gelenbe, E., Loukas, G.: A self-aware approach to denial of service defence. Comput. Netw. 51(5), 1299–1314 (2007). http://dx.doi.org/10.1016/j.comnet.2006.09.009
Gabriel, C.: DoCoMo demands Google’s help with signalling storm. http://www.rethink-wireless.com/2012/01/30/docomo-demands-googles-signalling-storm.htm (Jun 2012)
Gelenbe, E., Gellman, M., Loukas, G.: Defending networks against denial of service attacks. In: Carapezza, E. (ed.) Proceedings of the Conference on Optics/Photonics in Security and Defence (SPIE), Unmanned/Unattended Sensors and Sensor Networks, vol. 5611, pp. 233–243. London, UK (October 2004)
Gelenbe, E., Abdelrahman, O.H.: Time-outs and counters against storms (Aug 2014), unpublished
Gelenbe, E., Görbil, G., Tzovaras, D., Liebergeld, S., Garcia, D., Baltatu, M., Lyberopoulos, G.L.: NEMESYS: enhanced network security for seamless service provisioning in the smart mobile ecosystem. In: Gelenbe, E., Lent, R. (eds.) Information Sciences and Systems 2013—Proceedings of the 28th International Symposium on Computer and Information Sciences, ISCIS 2013, Paris, France, October 28–29, 2013. Lecture Notes in Electrical Engineering, vol. 264, pp. 369–378. Springer, New york. http://dx.doi.org/10.1007/978-3-319-01604-7_36 (2013)
Gelenbe, E., Görbil, G., Tzovaras, D., Liebergeld, S., Garcia, D., Baltatu, M., Lyberopoulos, G.L.: Security for smart mobile networks: The NEMESYS approach. In: 2013 International Conference on Privacy and Security in Mobile Systems, PRISMS 2013, Atlantic City, NJ, USA, June 24–27, 2013. pp. 1–8. IEEE (2013). http://dx.doi.org/10.1109/PRISMS.2013.6927181
Gelenbe, E., Loukas, G.: A self-aware approach to denial of service defence. Comput. Netw. 51(5), 1299–1314 (2007)
Gorbil, G., Abdelrahman, O.H., Gelenbe, E.: Storms in mobile networks. In: Proceedings of the 9th ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14). pp. 119–126. http://dx.doi.org/10.1145/2642687.2642688 (Sep 2014)
Gorbil, G., Abdelrahman, O.H., Pavloski, M., Gelenbe, E.: Modeling and analysis of RRC-based signaling storms in 3G networks. IEEE Trans. Emerg. Top. Comput. Spec. Issue Emerg. Top. Cyber Secur. PP(99), 1–14 (2015). http://dx.doi.org/10.1109/TETC.2015.2389662
Mulliner, C., Seifert, J.P.: Rise of the iBots: owning a telco network. In: Proceedings of 5th International Conference on Malicious and Unwanted Software (MALWARE’10). pp. 71–80 (Oct 2010)
Pavloski, M., Gelenbe, E.: Mitigating for signalling attacks in UMTS networks. In: Czachrski, T., Gelenbe, E., Lent, R. (eds.) Information Sciences and Systems 2014, pp. 159–165. Springer International Publishing, New York. http://dx.doi.org/10.1007/978-3-319-09465-6_17 (2014)
Ramachandran, S.: Web metrics: Size and number of resources. https://developers.google.com/speed/articles/web-metrics (May 2010)
Varga, A., Hornig, R.: An overview of the OMNeT++ simulation environment. In: Proc. 1st Inter. Conf. on Simulation Tools and Techniques for Communications, Networks and Systems W’shops (Simutools’08). pp. 60:1–60:10 (Mar 2008)
Acknowledgments
This work is part of the EU FP7 project NEMESYS (Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem), under grant agreement no.317888 within the FP7-ICT-2011.1.4 Trustworthy ICT domain.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Pavloski, M., Görbil, G., Gelenbe, E. (2016). Bandwidth Usage—Based Detection of Signaling Attacks. In: Abdelrahman, O., Gelenbe, E., Gorbil, G., Lent, R. (eds) Information Sciences and Systems 2015. Lecture Notes in Electrical Engineering, vol 363. Springer, Cham. https://doi.org/10.1007/978-3-319-22635-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-22635-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22634-7
Online ISBN: 978-3-319-22635-4
eBook Packages: EngineeringEngineering (R0)