Bandwidth usage—based detection of signaling attacks

Abstract

In the last couple of years, both the number of smart devices using mobile networks’ services, and the number of security threats for mobile devices have increased rapidly. This growth generates new challenges for mobile network operators. One of the recent challenges is fighting the signaling attacks and storms, that represent a type of distributed denial of service (DDoS) attacks, which overload the signaling plane of the networks, and threat networks’ stability. This paper proposes a detection mechanism for such attacks. A cost function is defined using the low bandwidth usage characteristic and is calculated in a exponential weighted moving average manner to enable real-time detection of attack intervals. The detector is implemented in a simulation environment in a 3G UMTS network and evaluated using metrics of interest such as: detection delay and probability of false positive and false negative detections. Finally, a simple attack mitigation technique is used together with the detector in a network under attack and manages to reduce the signaling load and end-to-end delay to the level of an unattacked network.