Counter based Detection and Mitigation of Signalling Attacks

Mihajlo Pavloski, Gökçe Görbil, Erol Gelenbe

2015

Abstract

The increase of the number of smart devices using mobile networks’ services is followed by the increase of the number of security threats for mobile devices, generating new challenges for mobile network operators. Signalling attacks and storms represent an emerging type of distributed denial of service (DDoS) attacks and happen because of special malware installed on smart devices. These attacks are performed in the control plane of the network, rather than the data plane, and their goal is to overload the Signalling servers which leads to service degradation and even network failures. This paper proposes a detection and mitigation mechanism of such attacks which is based on counting repetitive bandwidth allocations by mobile terminals and blocking the misbehaving ones. The mechanism is implemented in our simulation environment for security in mobile networks SECSIM. The detector is evaluated calculating the probabilities of false positive and false negative detection and is characterised by very low negative impact on un-attacked terminals. Simulation results using joint work of both detector and mitigator, are shown for: the number of allowed attacking bandwidth allocations, end-to-end delay for normal users, wasted bandwidth and load on the Signalling server. Results suggest that for some particular settings of the mechanism, the impact of the attack is successfully lowered, keeping the network in stable condition and protecting the normal users from service degradations.

References

  1. Abdelrahman, O. H. and Gelenbe, E. (2014). Signalling storms in 3G mobile networks. In Proceedings of IEEE International Conference on Communications (ICC'14), Communication and Information Systems Security Symposium, pages 1017-1022, Sydney, Australia.
  2. Cisco (2015). Cisco visual networking index: Global mobile data traffic forecast update, 2014-2019. White Paper.
  3. Filippoupolitis, A., Hey, L., Loukas, G., Gelenbe, E., and Timotheou, S. (2008). Emergency response simulation using wireless sensor networks. In Proceedings of the 1st international conference on Ambient media and systems, page 21. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).
  4. Gabriel, C. (2012). DoCoMo demands Google's help with signalling storm.
  5. Gelenbe, E., Abdelrahman, O. H., and Görbil, G. (2014). Time-outs and counters against storms.
  6. Gelenbe, E., Gellman, M., and Loukas, G. (2004). Defending networks against denial of service attacks. In Carapezza, E., editor, Proceedings of the Conference on Optics/Photonics in Security and Defence (SPIE), Unmanned/Unattended Sensors and Sensor Networks, volume 5611, pages 233-243, London, UK.
  7. Gelenbe, E., Görbil, G., Tzovaras, D., Liebergeld, S., Garcia, D., Baltatu, M., and Lyberopoulos, G. L. (2013b). Security for smart mobile networks: The NEMESYS approach. In 2013 International Conference on Privacy and Security in Mobile Systems, PRISMS 2013, Atlantic City, NJ, USA, June 24-27, 2013, pages 1-8. IEEE.
  8. Gelenbe, E. and Loukas, G. (2007). A self-aware approach to denial of service defence. Computer Networks, 51(5):1299-1314.
  9. Gelenbe, E. and Morfopoulou, C. (2011). A framework for energy-aware routing in packet networks. The Computer Journal, 54(6):850-859.
  10. Gorbil, G., Abdelrahman, O. H., and Gelenbe, E. (2014). Storms in mobile networks. In Proceedings of the 9th ACM Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet'14), pages 119-126.
  11. Gorbil, G., Abdelrahman, O. H., Pavloski, M., and Gelenbe, E. (2015). Modeling and analysis of RRC-based signaling storms in 3G networks. IEEE Transactions on Emerging Topics in Computing, Special Issue on Emerging Topics in Cyber Security, PP(99):1-14.
  12. Gupta, M., Jha, S., Koc, A., and Vannithamby, R. (2013). Energy impact of emerging mobile internet applications on lte networks: issues and solutions. Communications Magazine, IEEE, 51(2):90-97.
Download


Paper Citation


in Harvard Style

Pavloski M., Görbil G. and Gelenbe E. (2015). Counter based Detection and Mitigation of Signalling Attacks . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 413-418. DOI: 10.5220/0005573504130418


in Bibtex Style

@conference{secrypt15,
author={Mihajlo Pavloski and Gökçe Görbil and Erol Gelenbe},
title={Counter based Detection and Mitigation of Signalling Attacks},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={413-418},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005573504130418},
isbn={978-989-758-117-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Counter based Detection and Mitigation of Signalling Attacks
SN - 978-989-758-117-5
AU - Pavloski M.
AU - Görbil G.
AU - Gelenbe E.
PY - 2015
SP - 413
EP - 418
DO - 10.5220/0005573504130418