A chain reaction DoS attack on 3G networks: Analysis and defenses

Proceedings - IEEE INFOCOM

Volumn , Issue , 2009, Pages 2455-2463

  Zhao, Bo ^a   Chi, Caixia ^b   Gao, Wei ^a   Zhu, Sencun ^a   Cao, Guohong ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b LUCENT TECHNOLOGIES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

3G NETWORKS; CHAIN REACTION; CHANGE POINT DETECTION; DEFENSE MECHANISM; DOS ATTACKS; FALSE ALARMS; IP MULTIMEDIA SUBSYSTEMS; MALICIOUS ATTACK; NON-PARAMETRIC; PRESENCE SERVICE; THIRD-GENERATION (3G) NETWORKS; TIME WINDOWS;

COMPUTER CRIME; INTERNET; MULTIMEDIA SERVICES; MULTIMEDIA SYSTEMS; TELECOMMUNICATION EQUIPMENT;

INSULATING MATERIALS;

EID: 70349686596     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2009.5062173     Document Type: Conference Paper

References (30)

1. C. Urrutia-Valds, A. Mukhopadhyay, and M. El-Sayed, "Presence and availability with ims: Applications architecture, traffic analysis, and capacity impacts," Bell Labs Technical Journal, vol. 10(4), pp. 101-107, Mar 2006.
2. M. Poikselka, A. Niemi, H. Khartabil, and G. Mayer, The IMS IP Multimedia Concepts and Services. Wiley, March 2006.
3. J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, "SIP: Session initiation protocol. rfc 3261," IETF, June 2002.
4. R. Zhang and X. Wang, "Billing attacks on SIP-based VoIP systems," In Proceedings of the 1st USENIX Workshop on Offensive Technologies (WOOT 2007), 2007.
5. M.A. Girshick and H. Rubin, "A bayes approach to a quality control model," Ann. Math. Statist, vol. 23 1, pp. 114-125, 1952.
6. Z. Cao, C. Chi, and R. Hao, "User behavior modelling and traffic analysis of IMS presence servers," in GLOBECOM '08: Proceedings of the 2008 Global Telecommunications Conference, 2008.
7. B. E. Brodsky and B. S. Darkhovsky, Non-parametric methods in Change-Point Problems. Springer, 1993.
8. OPENSER, "The open sip express router (OpenSER)."
9. R. Gayraud and O. Jacques., "SIPp," 2008.
10. C. Shen, H. Schulzrinne, and E. Nahum, "Session initiation protocol (SIP) server overload control: Design and evaluation," in IPTComm'08: Proceedings of Principles, Systems and Applications of IP Telecommunications 2008, Heidelberg, Germany, 2008.
11. E. C. Noel and C. R. Johnson, "Initial simulation results that analyze SIP based VoIP networks under overload," in IPTComm'07: Proceedings of International Teletraffic Congress 2007, Ottawa, Canada, 2007, pp. 54C-64.
12. P. Traynor, W. Enck, P. McDaniel, and T. L. Porta, "Mitigating attacks on open functionality in SMS-capable cellular networks," in MobiCom '06: Proceedings of the 12th annual international conference on Mobile computing and networking. New York, NY, USA: ACM, 2006, pp. 182-193.
13. Z. Zhu, G. Cao, S. Zhu, S. Ranjany, and A. Nucciy, "A social network based patching scheme for worm containment in cellular networks," in Proceedings of IEEE INFOCOM, Rio de Janeiro, Brazil, April 2009.
14. 3GPP2, "IMS security framework," www.3gpp2.org/Public-html/ specs/S.R0086-A-v1.0-040614.pdf 2004.
15. 3GPP, "Feasibility study on IMS security extensions 3GPP TR 33.802," 3GPP, vol. V0.1.0, 2005.
16. E. E. Anderlind, D. W. Faucher, E. H. Grosse, D. N. Heer, A. R. McGee, D.P. Strand, and R.J.T. Jr., "IMS security," Bell Labs Technical Journal, vol. 11(1), pp. 37-58, 2006.
17. FORTINET, "Exploring ims network security for next generation network (NGN) carriers," www.fortinet.com/doc/whitepaper/IMS-Security- Carriers.html 2007.
18. HUAWEI, "Solution-building E2E IMS network security," www.huawei.com/publications/view.do?id=1144&cid=1802&pid=61 2006.
19. A. B. Roach, "Session initiation protocol (SIP)-specific event notification. rfc 3265," IETF, June 2002.
20. J. Rosenberg, "A presence event package for the session initiation protocol (SIP). rfc 3856," IETF, August 2004.
21. A. B. Roach, B. Campbell, and J. Rosenberg, "A session initiation protocol (SIP) event notification extension for resource lists. rfc 4662," IETF, August 2006.
22. A. Kuzmanovic and E. W. Knightly, "Low-rate TCP-targeted denial of service attacks and counter strategies," in IEEE/ACM Transactions on Networking (TON), vol. 14, August 2006.
23. P. P. Lee, T. Bu, and T. Woo, "On the detection of signaling DoS attacks on 3G wireless networks," in Proceedings of IEEE INFOCOM, Anchorage, Alaska, May 2007.
24. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, "Fast portscan detection using sequential hypothesis testing," in IEEE Symposium on Security and Privacy 2004, Oakland, CA, May 2004.
25. "Change-point monitoring for the detection of DoS attacks," IEEE Trans. Dependable Secur. Comput., vol. 1, no. 4, pp. 193-208, 2004, member-Haining Wang and Member-Danlu Zhang and Fellow-Kang G. Shin.
26. H. Zang and J. C. Bolot, "Mining call and mobility data to improve paging efficiency in cellular networks," in MobiCom '07: Proceedings of the 13th annual ACM international conference on Mobile computing and networking. New York, NY, USA: ACM, 2007, pp. 123-134.
27. A. Hussain, J. Heidemann, and C. Papadopoulos, "A framework for classifying denial of service attacks," in SIGCOMM '03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications. New York, NY, USA: ACM, 2003, pp. 99-110.
28. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Network support for IP traceback," vol. 9, no. 3, JUNE 2001.
29. S. Bellovin, "ICMP traceback messages. ietf internet draft," Feb 2003.
30. A. Yaar, A. Perrig, and D. Song, "Pi: A path identification mechanism to defend against DDoS attacks," in SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy. Washington, DC, USA: IEEE Computer Society, 2003, p. 93.