Performance Evaluation of Supervised Machine Learning Algorithms to Detect IP Spoofing Attack: The Case of Ethio telecom LTE Network
No Thumbnail Available
Date
2020-02-23
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The mobile communication system revolutionized the way people communicate, entertain, doing their business
and educate. This results in the need and demand for mobile and Internet users to increasing every
day. Ethio telecom is a discoverer market in Eastern Africa with 66.8 million mobile connections as of
August 2018. According to Growth and Transformation Plan 2 (GTP2) of the Federal Democratic Republic
of Ethiopia (FDRE), the total mobile subscriber is expected to reach 103 million and the mobile broadband
share will be estimated to 35 million subscribers by 2020. Based on the company marketing report, 85.9%
of the revenue is generating from mobile services.
GPRS Tunneling Protocol (GTP) is the pivotal protocol used in Long Term Evolution (LTE) to assign the
Internet Protocol (IP) addresses to mobile terminals and manages the data communication path in a mobile
data network. IP spoofing attack is one of the most significant attacks in the IP based communication
system and it is used as a stepping stone for most of the attacks. Ethio telecom deployed LTE since 2014,
in 2018 there were 300,000 subscribers. This technology is starting to attract the intention of users as well
as the company and it is expected to be the next mobile communication technology. Dong W. Kang et al.
conducted a detection approach of IP spoofing attacks in a 3G network and several studies are conducted
in machine learning-based network anomalies detection methodologies. However, to the best of researches
knowledge, there is no specific research that is conducted on machine learning-based IP spoofing attack
detection on the LTE network.
This study analyzes a machine learning-based IP spoofing attack detection system. Three supervised machinelearning
classifiers namely: Logistic Regression (LR), K- Nearest Neighbor (KNN) and Gaussian Nave
Bayes (GNB) are evaluated.The evaluation is based on best-suited metrics such as; sensitivity, specificity,
precision, False Positive Rate (FPR) and computational time rather than stick on generic metrics like accuracy.
Even though GNB scores the heights sensitivity of 99.93%, considering the other metrics KNN is
reasonably considered as the best classifier with a sensitivity of 99.89%, a specificity of 99.96%, precision
of 99.93%, FPR of 0.03% and accuracy of 99.94%. However, in most cases of a real situation, KNN is not
preferred for practical implementation, since KNN is computationally intensive. As a result, considering
computational time metrics as key metric for practical implementation, LR is reasonably recommended as
the best classifier with a sensitivity of 99.82%, specificity of 87.56%, precision of 79.87%, FPR of 12.43%,
accuracy of 91.62%, training and testing time of 0.506sec and 0.005sec respectively.
Description
Keywords
LTE, GTP, IP Spoofing, Security, Threats, Attacks, Machine Learning, LR, KNN, GNB