Random Packet Inspection Scheme for Network Intrusion Prevention in LTE Core Networks

In Long-Term Evolution (LTE), the security threat posed by malicious users can be reduced by using the traffic detection function (TDF) in the policy and charging control (PCC) system to inspect the packets passing through the Packet Data Network Gateway. However, as the volume of global cellular data traffic continues to grow, it becomes impossible for the TDF to inspect all of the packets. Consequently, more efficient Intrusion Detection Systems (IDSs) are required. Accordingly, the present study proposes a random packet inspection scheme in which the inspection rate is dynamically adjusted based on the perceived intrusion period of the session. An analytical model is proposed to evaluate the effect of the inspection rate on the intrusion detection rate, inspection cost, and detection latency. The validity of the proposed model is demonstrated through numerical simulations. It is shown that the model provides an effective means of setting the inspection rate in such a way as to maximize the intrusion detection rate, while simultaneously achieving a satisfactory tradeoff between the inspection cost and the detection latency.

[1]  Victor C. Valgenti,et al.  Protecting Run-Time Filters for Network Intrusion Detection Systems , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[2]  Yi-Bing Lin,et al.  Cost Analysis of Short Message Retransmissions , 2010, IEEE Transactions on Mobile Computing.

[3]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[4]  Sok-Ian Sou Mobile Data Offloading With Policy and Charging Control in 3GPP Core Network , 2013, IEEE Transactions on Vehicular Technology.

[5]  Victor C. Valgenti,et al.  Simulating content in traffic for benchmarking intrusion detection systems , 2011, SimuTools.

[6]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[7]  Sok-Ian Sou,et al.  Modeling application-based charging management with traffic detection function in 3GPP , 2015, Comput. Networks.

[8]  Alla Goldner 3GPP traffic detection functionality , 2012, 2012 IEEE International Conference on Communications (ICC).

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Sok-Ian Sou,et al.  SPR proxy mechanism for 3GPP Policy and Charging Control System , 2011, Comput. Networks.

[11]  Evangelos P. Markatos,et al.  Improving the accuracy of network intrusion detection systems under load using selective packet discarding , 2010, EUROSEC '10.

[12]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[13]  John W. Lockwood,et al.  A framework for rule processing in reconfigurable network systems , 2005, 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'05).

[14]  Wenke Lee,et al.  The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers , 2013, NDSS.

[15]  Jay Klein Digging Deeper Into Deep Packet Inspection ( DPI ) , .

[16]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Ali A. Ghorbani,et al.  Real-time signature-based detection approach for SMS botnet , 2015, 2015 13th Annual Conference on Privacy, Security and Trust (PST).

[18]  Eduardo Rocha,et al.  A Survey of Payload-Based Traffic Classification Approaches , 2014, IEEE Communications Surveys & Tutorials.

[19]  Niccolo Cascarano,et al.  Optimizing Deep Packet Inspection for High-Speed Traffic Analysis , 2011, Journal of Network and Systems Management.

[20]  Milton L. Mueller,et al.  Deep packet inspection and bandwidth management: Battles over BitTorrent in Canada and the United States , 2012 .

[21]  Herbert Bos,et al.  SafeCard: A Gigabit IPS on the Network Card , 2006, RAID.

[22]  Sheldon M. Ross,et al.  Introduction to probability models , 1975 .

[23]  Mustaque Ahamad,et al.  Packet scheduling for deep packet inspection on multi-core architectures , 2010, 2010 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[24]  Leonard Kleinrock,et al.  Queueing Systems: Volume I-Theory , 1975 .

[25]  Yongdae Kim,et al.  Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations , 2015, CCS.

[26]  Hong Zhao,et al.  Security Issues and Solutions in 3G Core Network , 2011, J. Networks.