Comparison of Supervised Machine Learning Algorithms on Detection of Signaling Dos Attack to The 3G (UMTS) Mobile Network-In The Case of Ethiotelecom

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Mobile communication technology evolves overtime by introducing new architectures, interfaces and protocols, providing unified services with higher capacity of packet based data transmission. This helps different organizations to facilitate their services using these networks. However, these changes has also opened new vulnerabilities to the mobile networks including the vulnerability of 3G network to signaling DoS attack, which is considered as one of the most dangerous type of attacks. It is a type of attack that overload mobile network elements by creating a significant amount of signalling messages initiated by a wake up packet sent from an attacker device. The existing rule based prevention mechanisms and programed tools failed to fully protect from the type of attack considered here. Researchers propose an intrusion detection system (IDS) based on cumulative sum method to detect 3G signalling DoS attack by testing the signalling rate of each MS and triggers an alarm if it is above some fixed threshold. However, such a simple and fixed for all thresholds could wrongly classify a heavy user as an attacker. Machine learning (ML) techniques have a promising capability in such regard by avoiding the rigidity of traditional configured and programmed tools by adapting their behavior based on their inputs. Many studies have used ML approaches and compare different algorithms for the detection of diverse kinds of DoS attacks towards the IP and cellular networks. Their result as well as nature of dataset used for their study and methodology differ from one to the other. However, comparing different algorithms for the detection of 3G signaling DoS attack based on realistic dataset were not considered. The aim of this study is to compare the performance of three supervised ML algorithms towards detecting the 3G signalling DoS attack. For this purpose, three ML algorithms together with four performance metrics and data collected from the real et 3G production network were used. The result shows that J48 record the best performance with an accuracy of 96.6% while Repeated Incremental Pruning to Produce Error Reduction (RIPPER) deliver the second best performance with 95.96% of accuracy. Multilayer Perceptron’s (MLP) performance was relatively lower with 82.39% of accuracy. All algorithms except MLP classify the provided dataset with an acceptable period of time. Overall, the study shows ML techniques are effective in detecting 3G signalling DoS attack.



Signalling DoS, Machine-learning, 3G Security, Mobile network vulnerabilities, Signalling DDoS, J48, RIPPER, MLP