Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers

Research Article

A Detection Mechanism for SMS Flooding Attacks in Cellular Networks

Download
876 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-36883-7_6,
        author={Eun Kim and Patrick McDaniel and Thomas Porta},
        title={A Detection Mechanism for SMS Flooding Attacks in Cellular Networks},
        proceedings={Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2013},
        month={2},
        keywords={SMS flooding attack DDoS attack flash crowd anomaly detection modeling cellular network},
        doi={10.1007/978-3-642-36883-7_6}
    }
    
  • Eun Kim
    Patrick McDaniel
    Thomas Porta
    Year: 2013
    A Detection Mechanism for SMS Flooding Attacks in Cellular Networks
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-36883-7_6
Eun Kim1,*, Patrick McDaniel1, Thomas Porta1
  • 1: Pennsylvania State University
*Contact email: ekkim@cse.psu.edu

Abstract

In recent years, cellular networks have been reported to be susceptible targets for Distributed Denial of Service (DDoS) attacks due to their limited resources. One potential powerful DDoS attack in cellular networks is a SMS flooding attack. Previous research has demonstrated that SMS-capable cellular networks are vulnerable to a SMS flooding attack in which a sufficient rate of SMS messages is sent to saturate the control channels in target areas. We propose a novel detection algorithm which identifies a SMS flooding attack based on the reply rate to messages sent by a handset. We further propose a mitigation technique to reduce the blocking rate caused by the attack. Our simulation results show that the false positive and false negative rates of our detection algorithm are low even when the attack traffic is blended with flash crowd traffic and/or the attack traffic mimics flash crowd traffic, and that the blocking rate is successfully reduced through the mitigation technique.