C4.5: programs for machine learning
C4.5: programs for machine learning
On Relevance, Probabilistic Indexing and Information Retrieval
Journal of the ACM (JACM)
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
Vulnerability Analysis of MMS User Agents
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Improving Mobile Core Network Security with Honeynets
IEEE Security and Privacy
On attack causality in internet-connected cellular networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
GTP Security in 3G Core Network
NSWCTC '10 Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 01
Vulnerabilities and possible attacks against the GPRS backbone network
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
A taxonomy of cyber attacks on 3g networks
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Hi-index | 0.00 |
Since the emergence of 3G cellular IP networks, internet usage via 3G data services has become ubiquitous. Therefore such network is an important target for imposters who can disrupt the internet services by attacking the network core, thereby causing significant revenue losses to mobile operators. GPRS Tunneling Protocol GTP is the primary protocol used between the 3G core network nodes. In this paper, we present the design of a multi-layer framework to detect fuzzing attacks targeted to GTP control (GTP-C) packets. The framework analyzes each type of GTP-C packet separately for feature extraction, by implementing a Markov state space model at the Gn interface of the 3G core network. The Multi-layered architecture utilizes standard data mining algorithms for classification. Our analysis is based on real world network traffic collected at the Gn interface. The analysis results show that for only 5% fuzzing introduced in a packet with average size of 85 bytes, the framework detects fuzzing in GTP-C packets with 99.9% detection accuracy and 0.01% false alarm rate.