Comparison of Supervised Machine Learning Algorithms on Detection of Signaling Dos Attack to The 3G (UMTS) Mobile Network-In The Case of Ethiotelecom
No Thumbnail Available
Date
2020-02
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Mobile communication technology evolves overtime by introducing new architectures, interfaces
and protocols, providing unified services with higher capacity of packet based data transmission.
This helps different organizations to facilitate their services using these networks. However, these
changes has also opened new vulnerabilities to the mobile networks including the vulnerability of
3G network to signaling DoS attack, which is considered as one of the most dangerous type of
attacks. It is a type of attack that overload mobile network elements by creating a significant
amount of signalling messages initiated by a wake up packet sent from an attacker device.
The existing rule based prevention mechanisms and programed tools failed to fully protect from
the type of attack considered here. Researchers propose an intrusion detection system (IDS) based
on cumulative sum method to detect 3G signalling DoS attack by testing the signalling rate of each
MS and triggers an alarm if it is above some fixed threshold. However, such a simple and fixed
for all thresholds could wrongly classify a heavy user as an attacker. Machine learning (ML)
techniques have a promising capability in such regard by avoiding the rigidity of traditional
configured and programmed tools by adapting their behavior based on their inputs. Many studies
have used ML approaches and compare different algorithms for the detection of diverse kinds of
DoS attacks towards the IP and cellular networks. Their result as well as nature of dataset used for
their study and methodology differ from one to the other. However, comparing different algorithms
for the detection of 3G signaling DoS attack based on realistic dataset were not considered.
The aim of this study is to compare the performance of three supervised ML algorithms towards
detecting the 3G signalling DoS attack. For this purpose, three ML algorithms together with four
performance metrics and data collected from the real et 3G production network were used. The
result shows that J48 record the best performance with an accuracy of 96.6% while Repeated
Incremental Pruning to Produce Error Reduction (RIPPER) deliver the second best performance
with 95.96% of accuracy. Multilayer Perceptron’s (MLP) performance was relatively lower with
82.39% of accuracy. All algorithms except MLP classify the provided dataset with an acceptable
period of time. Overall, the study shows ML techniques are effective in detecting 3G signalling
DoS attack.
Description
Keywords
Signalling DoS, Machine-learning, 3G Security, Mobile network vulnerabilities, Signalling DDoS, J48, RIPPER, MLP