A chain reaction DoS attack on 3G networks: Analysis and defenses

Bo Zhao, Caixia Chi, Wei Gao, Sencun Zhu, Guohong Cao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Citations (Scopus)

Abstract

The IP Multimedia Subsystem (IMS) is being deployed in the Third Generation (3G) networks since it supports many kinds of multimedia services. However, the security of IMS networks has not been fully examined. This paper presents a novel DoS attack against IMS. By congesting the presence service, a core service of IMS, a malicious attack can cause chained automatic reaction of the system, thus blocking all the services of IMS. Because of the low-volume nature of this attack, an attacker only needs to control several clients to paralyze an IMS network supporting one million users. To address this DoS attack, we propose an online early defense mechanism, which aims to first detect the attack, then identify the malicious clients, and finally block them. We formulate this problem as a change-point detection problem, and solve it based on the non-parametric GRSh test. Through trace-driven experiments, we demonstrate that our defense mechanism can throttle this DoS attack within a short defense time window while generating few false alarms.

Original languageEnglish (US)
Title of host publicationIEEE INFOCOM 2009 - The 28th Conference on Computer Communications
Pages2455-2463
Number of pages9
DOIs
StatePublished - Oct 12 2009
Event28th Conference on Computer Communications, IEEE INFOCOM 2009 - Rio de Janeiro, Brazil
Duration: Apr 19 2009Apr 25 2009

Publication series

NameProceedings - IEEE INFOCOM
ISSN (Print)0743-166X

Other

Other28th Conference on Computer Communications, IEEE INFOCOM 2009
CountryBrazil
CityRio de Janeiro
Period4/19/094/25/09

Fingerprint

Electric network analysis
Multimedia services
Denial-of-service attack
Experiments

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this

Zhao, B., Chi, C., Gao, W., Zhu, S., & Cao, G. (2009). A chain reaction DoS attack on 3G networks: Analysis and defenses. In IEEE INFOCOM 2009 - The 28th Conference on Computer Communications (pp. 2455-2463). [5062173] (Proceedings - IEEE INFOCOM). https://doi.org/10.1109/INFCOM.2009.5062173
Zhao, Bo ; Chi, Caixia ; Gao, Wei ; Zhu, Sencun ; Cao, Guohong. / A chain reaction DoS attack on 3G networks : Analysis and defenses. IEEE INFOCOM 2009 - The 28th Conference on Computer Communications. 2009. pp. 2455-2463 (Proceedings - IEEE INFOCOM).
@inproceedings{a56c7b157a9a426687675839c5753e21,
title = "A chain reaction DoS attack on 3G networks: Analysis and defenses",
abstract = "The IP Multimedia Subsystem (IMS) is being deployed in the Third Generation (3G) networks since it supports many kinds of multimedia services. However, the security of IMS networks has not been fully examined. This paper presents a novel DoS attack against IMS. By congesting the presence service, a core service of IMS, a malicious attack can cause chained automatic reaction of the system, thus blocking all the services of IMS. Because of the low-volume nature of this attack, an attacker only needs to control several clients to paralyze an IMS network supporting one million users. To address this DoS attack, we propose an online early defense mechanism, which aims to first detect the attack, then identify the malicious clients, and finally block them. We formulate this problem as a change-point detection problem, and solve it based on the non-parametric GRSh test. Through trace-driven experiments, we demonstrate that our defense mechanism can throttle this DoS attack within a short defense time window while generating few false alarms.",
author = "Bo Zhao and Caixia Chi and Wei Gao and Sencun Zhu and Guohong Cao",
year = "2009",
month = "10",
day = "12",
doi = "10.1109/INFCOM.2009.5062173",
language = "English (US)",
isbn = "9781424435135",
series = "Proceedings - IEEE INFOCOM",
pages = "2455--2463",
booktitle = "IEEE INFOCOM 2009 - The 28th Conference on Computer Communications",

}

Zhao, B, Chi, C, Gao, W, Zhu, S & Cao, G 2009, A chain reaction DoS attack on 3G networks: Analysis and defenses. in IEEE INFOCOM 2009 - The 28th Conference on Computer Communications., 5062173, Proceedings - IEEE INFOCOM, pp. 2455-2463, 28th Conference on Computer Communications, IEEE INFOCOM 2009, Rio de Janeiro, Brazil, 4/19/09. https://doi.org/10.1109/INFCOM.2009.5062173

A chain reaction DoS attack on 3G networks : Analysis and defenses. / Zhao, Bo; Chi, Caixia; Gao, Wei; Zhu, Sencun; Cao, Guohong.

IEEE INFOCOM 2009 - The 28th Conference on Computer Communications. 2009. p. 2455-2463 5062173 (Proceedings - IEEE INFOCOM).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A chain reaction DoS attack on 3G networks

T2 - Analysis and defenses

AU - Zhao, Bo

AU - Chi, Caixia

AU - Gao, Wei

AU - Zhu, Sencun

AU - Cao, Guohong

PY - 2009/10/12

Y1 - 2009/10/12

N2 - The IP Multimedia Subsystem (IMS) is being deployed in the Third Generation (3G) networks since it supports many kinds of multimedia services. However, the security of IMS networks has not been fully examined. This paper presents a novel DoS attack against IMS. By congesting the presence service, a core service of IMS, a malicious attack can cause chained automatic reaction of the system, thus blocking all the services of IMS. Because of the low-volume nature of this attack, an attacker only needs to control several clients to paralyze an IMS network supporting one million users. To address this DoS attack, we propose an online early defense mechanism, which aims to first detect the attack, then identify the malicious clients, and finally block them. We formulate this problem as a change-point detection problem, and solve it based on the non-parametric GRSh test. Through trace-driven experiments, we demonstrate that our defense mechanism can throttle this DoS attack within a short defense time window while generating few false alarms.

AB - The IP Multimedia Subsystem (IMS) is being deployed in the Third Generation (3G) networks since it supports many kinds of multimedia services. However, the security of IMS networks has not been fully examined. This paper presents a novel DoS attack against IMS. By congesting the presence service, a core service of IMS, a malicious attack can cause chained automatic reaction of the system, thus blocking all the services of IMS. Because of the low-volume nature of this attack, an attacker only needs to control several clients to paralyze an IMS network supporting one million users. To address this DoS attack, we propose an online early defense mechanism, which aims to first detect the attack, then identify the malicious clients, and finally block them. We formulate this problem as a change-point detection problem, and solve it based on the non-parametric GRSh test. Through trace-driven experiments, we demonstrate that our defense mechanism can throttle this DoS attack within a short defense time window while generating few false alarms.

UR - http://www.scopus.com/inward/record.url?scp=70349686596&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349686596&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2009.5062173

DO - 10.1109/INFCOM.2009.5062173

M3 - Conference contribution

AN - SCOPUS:70349686596

SN - 9781424435135

T3 - Proceedings - IEEE INFOCOM

SP - 2455

EP - 2463

BT - IEEE INFOCOM 2009 - The 28th Conference on Computer Communications

ER -

Zhao B, Chi C, Gao W, Zhu S, Cao G. A chain reaction DoS attack on 3G networks: Analysis and defenses. In IEEE INFOCOM 2009 - The 28th Conference on Computer Communications. 2009. p. 2455-2463. 5062173. (Proceedings - IEEE INFOCOM). https://doi.org/10.1109/INFCOM.2009.5062173