Abstract
Since the emergence of 3G cellular IP networks, internet usage via 3G data services has become ubiquitous. Therefore such network is an important target for imposters who can disrupt the internet services by attacking the network core, thereby causing significant revenue losses to mobile operators. GPRS Tunneling Protocol GTP is the primary protocol used between the 3G core network nodes. In this paper, we present the design of a multi-layer framework to detect fuzzing attacks targeted to GTP control (GTP-C) packets. The framework analyzes each type of GTP-C packet separately for feature extraction, by implementing a Markov state space model at the G n interface of the 3G core network. The Multi-layered architecture utilizes standard data mining algorithms for classification. Our analysis is based on real world network traffic collected at the G n interface. The analysis results show that for only 5% fuzzing introduced in a packet with average size of 85 bytes, the framework detects fuzzing in GTP-C packets with 99.9% detection accuracy and 0.01% false alarm rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Odlyzko, A.: Internet traffic growth: Sources and implications. In: Proc. SPIE, Citeseer, vol. 5247, pp. 1–15 (2003)
Peng, X., Yingyou, W., Dazhe, Z., Hong, Z.: GTP Security in 3G Core Network. In: 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 15–19. IEEE (2010)
Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 223–234. ACM (2009)
Whitehouse, O.: GPRS wireless security: not ready for prime time. In: GSM Association Security Group Meeting, Berlin (2002)
3GPP: Security Threats and Requirements. TS 21.133 (V 4.1.00)
Dimitriadis, C.: Improving mobile core network security with honeynets. IEEE Security & Privacy, 40–47 (2007)
Xenakis, C., Merakos, L.: Vulnerabilities and Possible Attacks Against the GPRS Backbone Network. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 262–272. Springer, Heidelberg (2006)
Whitehouse, O., Murphy, G.: Attacks and counter measures in 2.5 G and 3G cellular IP networks. Atstake Inc. (March 2004)
Mulliner, C., Vigna, G.: Vulnerability analysis of MMS user agents. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 77–88 (2006)
Racic, R., Ma, D., Chen, H.: Exploiting mms vulnerabilities to stealthily exhaust mobile phone’s battery. IEEE SecureComm (2006)
Enck, W., Traynor, P., McDaniel, P., La Porta, T.: Exploiting open functionality in SMS-capable cellular networks. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, p. 404. ACM (2005)
Kotapati, K., Liu, P., Sun, Y., LaPorta, T.F.: A Taxonomy of Cyber Attacks on 3G Networks. In: Kantor, P., Muresan, G., Roberts, F., Zeng, D.D., Wang, F.-Y., Chen, H., Merkle, R.C. (eds.) ISI 2005. LNCS, vol. 3495, pp. 631–633. Springer, Heidelberg (2005)
Traynor, P., McDaniel, P., La Porta, T.F., et al.: On attack causality in internet-connected cellular networks. In: USENIX Security Symposium, SECURITY (2007)
Sanders, G.: GPRS networks. John Wiley & Sons Inc. (2003)
Madsen, T., Schwefel, P., Hansen, M., Bogh, J., Prasad, R.: On Traffic Modelling in GPRS Networks, pp. 1785–1789 (2005)
Quinlan, J.: C4. 5: programs for machine learning. Morgan Kaufmann (1993)
Maron, M., Kuhns, J.: On relevance, probabilistic indexing and information retrieval. Journal of the ACM (JACM) 7(3), 216–244 (1960)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ahmed, F., Rafique, M.Z., Abulaish, M. (2011). A Data Mining Framework for Securing 3G Core Network from GTP Fuzzing Attacks. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2011. Lecture Notes in Computer Science, vol 7093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25560-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-25560-1_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25559-5
Online ISBN: 978-3-642-25560-1
eBook Packages: Computer ScienceComputer Science (R0)