Abstract
In recent years, cellular networks have been reported to be susceptible targets for Distributed Denial of Service (DDoS) attacks due to their limited resources. One potential powerful DDoS attack in cellular networks is a SMS flooding attack. Previous research has demonstrated that SMS-capable cellular networks are vulnerable to a SMS flooding attack in which a sufficient rate of SMS messages is sent to saturate the control channels in target areas. We propose a novel detection algorithm which identifies a SMS flooding attack based on the reply rate to messages sent by a handset. We further propose a mitigation technique to reduce the blocking rate caused by the attack. Our simulation results show that the false positive and false negative rates of our detection algorithm are low even when the attack traffic is blended with flash crowd traffic and/or the attack traffic mimics flash crowd traffic, and that the blocking rate is successfully reduced through the mitigation technique.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ITU, The world in 2010: Ict facts and figures, ITU. Tech. Rep. (2010), www.itu.int/ITU-D/ict/material/FactsFigures2010.pdf
Nielsen: State of the media (January 2011), http://blog.nielsen.com/nielsenwire/wp-content/uploads/2011/01/nielsen-media-fact-sheet-jan-11.pdf
Kyriazakos, S., Karetsos, G., Kechagias, C., Karabalis, C., Vlahodimitropoulos, A.: Signalling channel modelling for congestion management in cellular networks. In: IEEE VTS 54th Vehicular Technology Conference on VTC 2001 Fall, vol. 4, pp. 2712–2715. IEEE (2002)
Sms over ss7, National Communications System. Tech. Rep. (2003)
Agarwal, N., Chandran-Wadia, L., Apte, V.: Capacity analysis of the GSM short message service. In: National Conference on Communications (2004)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, pp. 293–304. ACM (2002)
Meng, X., Zerfos, P., Samanta, V., Wong, S., Lu, S.: Analysis of the reliability of a nationwide short message service. In: 26th IEEE International Conference on Computer Communications, INFOCOM 2007, pp. 1811–1819. IEEE (2007)
Cellular News. An estimated 43 billion text messages were sent globally on new years eve. (January 2008), http://www.cellular-news.com/story/28496.php
Cellular News. Congestion causes text message slowdown (January 2008), http://www.cellular-news.com/story/28391.php
Enck, W., Traynor, P., McDaniel, P., La Porta, T.: Exploiting open functionality in SMS-capable cellular networks. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 393–404. ACM (2005)
Traynor, P., Enck, W., McDaniel, P., La Porta, T.: Mitigating attacks on open functionality in SMS-capable cellular networks. IEEE/ACM Transactions on Networking 17(1), 40–53 (2009)
Yan, G., Eidenbenz, S., Galli, E.: SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 202–223. Springer, Heidelberg (2009)
Le, Q., Zhanikeev, M., Tanaka, Y.: Methods of Distinguishing Flash Crowds from Spoofed DoS Attacks. In: 3rd EuroNGI Conference on Next Generation Internet Networks, pp. 167–173. IEEE (2007)
Marnerides, A., Pezaros, D., Hutchison, D.: Flash crowd detection within the realms of an internet service provider (isp). In: The 9th Annual Postgraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (2008)
Li, K., Zhou, W., Li, P., Hai, J., Liu, J.: Distinguishing DDoS attacks from flash crowds using probability metrics. In: 2009 Third International Conference on Network and System Security, pp. 9–17. IEEE (2009)
Wu, Y., Zhou, C., Xiao, J., Kurths, J., Schellnhuber, H.: Evidence for a bimodal distribution in human communication. Proceedings of the National Academy of Sciences (2010)
3GPP, TS 23.040, Technical Realization of the Short Message Service (SMS); Release 9. v9.3.0 (2010)
3GPP, TS 24.011, Point-to-Point (PP) Short Message Service (SMS) support on mobile radio interface; Release 9. v9.0.1 (2010)
Zerfos, P., Meng, X., Wong, S., Samanta, V., Lu, S.: A study of the short message service of a nationwide cellular network. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 263–268. ACM (2006)
Fonash, P., McGregor, P.: National Security/Emergency Preparedness Wireless Priority Service. In: Proc. 8th Int’l. Conf. Intelligence in Next Generation Networks
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Computing Surveys (CSUR) 41(3), 15 (2009)
Demers, A., Keshav, S., Shenker, S.: Analysis and simulation of a fair queueing algorithm. In: Symposium Proceedings on Communications Architectures & Protocols, pp. 1–12. ACM (1989)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kim, E.K., McDaniel, P., La Porta, T. (2013). A Detection Mechanism for SMS Flooding Attacks in Cellular Networks. In: Keromytis, A.D., Di Pietro, R. (eds) Security and Privacy in Communication Networks. SecureComm 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36883-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-36883-7_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36882-0
Online ISBN: 978-3-642-36883-7
eBook Packages: Computer ScienceComputer Science (R0)