A data mining framework for securing 3g core network from GTP fuzzing attacks

Authors:
Faraz Ahmed;M. Zubair Rafique;Muhammad Abulaish
Affiliations:
Center of Excellence in Information Assurance (CoEIA), King Saud University (KSU), Riyadh, Saudi Arabia;Center of Excellence in Information Assurance (CoEIA), King Saud University (KSU), Riyadh, Saudi Arabia;Center of Excellence in Information Assurance (CoEIA), King Saud University (KSU), Riyadh, Saudi Arabia
Venue:
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Year:
2011

Citing 10
Cited 0

C4.5: programs for machine learning

C4.5: programs for machine learning
On Relevance, Probabilistic Indexing and Information Retrieval

Journal of the ACM (JACM)
Exploiting open functionality in SMS-capable cellular networks

Proceedings of the 12th ACM conference on Computer and communications security
Vulnerability Analysis of MMS User Agents

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Improving Mobile Core Network Security with Honeynets

IEEE Security and Privacy
On attack causality in internet-connected cellular networks

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
On cellular botnets: measuring the impact of malicious devices on a cellular network core

Proceedings of the 16th ACM conference on Computer and communications security
GTP Security in 3G Core Network

NSWCTC '10 Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 01
Vulnerabilities and possible attacks against the GPRS backbone network

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
A taxonomy of cyber attacks on 3g networks

ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since the emergence of 3G cellular IP networks, internet usage via 3G data services has become ubiquitous. Therefore such network is an important target for imposters who can disrupt the internet services by attacking the network core, thereby causing significant revenue losses to mobile operators. GPRS Tunneling Protocol GTP is the primary protocol used between the 3G core network nodes. In this paper, we present the design of a multi-layer framework to detect fuzzing attacks targeted to GTP control (GTP-C) packets. The framework analyzes each type of GTP-C packet separately for feature extraction, by implementing a Markov state space model at the Gn interface of the 3G core network. The Multi-layered architecture utilizes standard data mining algorithms for classification. Our analysis is based on real world network traffic collected at the Gn interface. The analysis results show that for only 5% fuzzing introduced in a packet with average size of 85 bytes, the framework detects fuzzing in GTP-C packets with 99.9% detection accuracy and 0.01% false alarm rate.