Authors:
Mihajlo Pavloski
;
Gökçe Görbil
and
Erol Gelenbe
Affiliation:
Imperial College, United Kingdom
Keyword(s):
Signalling Attacks, Detection, Mitigation, Denial of Service.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Network Security
;
Security in Distributed Systems
;
Wireless Network Security
Abstract:
The increase of the number of smart devices using mobile networks’ services is followed by the increase of
the number of security threats for mobile devices, generating new challenges for mobile network operators.
Signalling attacks and storms represent an emerging type of distributed denial of service (DDoS) attacks and
happen because of special malware installed on smart devices. These attacks are performed in the control plane
of the network, rather than the data plane, and their goal is to overload the Signalling servers which leads to
service degradation and even network failures. This paper proposes a detection and mitigation mechanism of
such attacks which is based on counting repetitive bandwidth allocations by mobile terminals and blocking
the misbehaving ones. The mechanism is implemented in our simulation environment for security in mobile
networks SECSIM. The detector is evaluated calculating the probabilities of false positive and false negative
detection and is characte
rised by very low negative impact on un-attacked terminals. Simulation results using
joint work of both detector and mitigator, are shown for: the number of allowed attacking bandwidth allocations,
end-to-end delay for normal users, wasted bandwidth and load on the Signalling server. Results suggest
that for some particular settings of the mechanism, the impact of the attack is successfully lowered, keeping
the network in stable condition and protecting the normal users from service degradations.
(More)