针对LTE-A网络中的DDoS攻击流量检测模型
|
摘要
近年来, 4GLTE-A技术发展迅猛,移动设备的普及以及各种承载于4G网络的业务和应用已经成为我们日常不可或缺的部分。但网络攻击技术也不断的在发展,特别是近年来针对4G LTE-A网络的攻击技术的不断演进,已成为危害人们切身利益的关键问题。DDoS作为DoS攻击的一种,对网络带来了更大的危害,因此需要研究一种攻击检测模型。文章提出了一个针对LTE-A网络中的DDoS攻击流量检测模型,模型利用熵作为特征之一,并使用随机森林算法训练模型分类器,可将其部署在eNB上对流经该eNB的DDoS流量进行识别。通过验证,所提出的模型的检测准确率可达99.956%。
In recent years, 4G LTE-A technology has developed rapidly, and the popularity of mobile devices and various services based on 4G networks have become an indispensables part of our daily life. However, attack means is also constantly developing. The continuous evolution of attack means for 4G LTE-A networks in recent years has become a key issue that threatens our legal right. DDoS is a kind of denial of service attack, which brings more harm. Therefore, it is necessary to study an attack detection model. In this paper, a DDoS attack detection model for LTE-A network has been proposed. The model uses entropy as one of the features and uses random forest algorithm to train a classifier which can be equipped on an eNB to recognize the DDoS flow through the eNB. The experiment result shows that the detection accuracy of the proposed model can reach to 99.956%.
In recent years, 4G LTE-A technology has developed rapidly, and the popularity of mobile devices and various services based on 4G networks have become an indispensables part of our daily life. However, attack means is also constantly developing. The continuous evolution of attack means for 4G LTE-A networks in recent years has become a key issue that threatens our legal right. DDoS is a kind of denial of service attack, which brings more harm. Therefore, it is necessary to study an attack detection model. In this paper, a DDoS attack detection model for LTE-A network has been proposed. The model uses entropy as one of the features and uses random forest algorithm to train a classifier which can be equipped on an eNB to recognize the DDoS flow through the eNB. The experiment result shows that the detection accuracy of the proposed model can reach to 99.956%.
引文
[1]“LTE-Advanced,”Jeanette Wannstrom,http://www.3gpp.org/technologies/keywords-acronyms/97-lte-advanced,Jun.2013.
[2]“The State of LTE,”OpenSignal,https://opensignal.com/reports/2017/06/state-of-lte,Jun.2017.
[3]A.Sardana,and R.Joshi,“An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoSattacked networks,”Computer Communications,vol.32,no.12,pp.1384-1399,Jul.2009.
[4]“DISTRIBUTED DENIAL OF SERVICE(DDOS)WHAT DOESDDOS MEAN?”Incapsula,https://www.incapsula.com/ddos/denial-of-service.html.
[5]绿盟科技发布《2017上半年DDoS与Web应用攻击态势报告》,绿盟科技,http://blog.nsfocus.net/2017-mid-year-ddos-web-cybersecurity-threat-report/,Aug.2017.
[6]C Kolias,G Kambourakis,A Stavrou,and J Voas,“DDoS in the IoT:Mirai and other botnets,”Computer,vol.50,no.12,pp.80-84,Jul.2017.
[7]J.Henrydoss,and T.Boult,“Critical security review and study of DDoS attacks on LTE mobile network,”IEEE Asia Pacific Conference on Wireless and Mobile(APWiMob),pp.194-200,Oct.2014.
[8]L.Qiang,W.Zhou,B.Cui,and L.Na,“Security analysis of TAUprocedure in LTE network,”Ninth International Conference on P2P,Parallel,Grid,Cloud and Internet Computing(3PGCIC),pp.372-376,Nov.2014.
[9]R.Bassil,I.H.Elhajj,A.Chehab,and A.Kayssi,“Effects of signaling attacks on LTE networks,”Workshops of 27th International Conference on Advanced Information Networking and Applications(WAINA),pp.499-504,Mar.2013.
[10]R.Bassil,A.Chehab,I.Elhajj,and A.Kayssi,“Signaling oriented denial of service on LTE networks,”ACM international symposium on Mobility management and wireless access(MobiWac 2012),vol.8,no.4,pp.153-158,Oct.2012.
[11]M Khosroshahy,D Qiu,and MKM Ali,“Botnets in 4G cellular networks:Platforms to launch DDoS attacks against the air interface,”International Conference on Selected Topics in Mobile and Wireless NETWORKING(MoWNet'13),vol.143,no.6,pp.30-35,Sept.2013.
[12]L He,Z Yan,M Atiquzzaman.“LTE/LTE-A Network Security Data Collection and Analysis for Security Measurement:A Survey,”IEEE Access,vol.6,pp.4220-4242,Jan.2018.
[13]R Doshi,N Apthorpe,and N Feamster.“Machine Learning DDoSDetection for Consumer Internet of Things Devices,”arXiv preprint arXiv:1804.04159,Apr.2018.
[14]C Livadas,R Walsh,D Lapsley,and WT Strayer,“Using machine learning technliques to identify botnet traffic,”IEEE Conference on Local Computer Networks(LCN),pp.967-974,Nov.2006.
[15]A Feizollah,NB Anuar,R Salleh,F Amalina,RR Ma'arof,and SShamshirband,“A study of machine learning classifiers for anomaly-based mobile botnet detection,”Malaysian Journal of Computer Science,vol.26,no.4,pp.251-265,Dec.2013.
[16]JH Jun,H Oh,and SH Kim,“DDoS flooding attack detection through a step-by-step investigation,”Networked Embedded Systems for Enterprise Applications(NESEA),pp.1-5,Dec.2011.
[17]L Feinstein,D Schnackenberg,R Balupari,and D Kindred,“Statistical approaches to DDoS attack detection and response,”IEEEXplore,vol.1,pp.303-314,Apr.2003.
[18]S Yu,W Zhou,R Doss,and W Jia“Traceback of DDoS attacks using entropy variations,”IEEE Transactions on Parallel and Distributed Systems(TPDS),vol.22,no.3,pp.412-425,Mar 2011.
[19]K Kumar,RC Joshi,and K Singh.“A distributed approach using entropy to detect DDoS attacks in ISP domain,”International Conference on Signal Processing(ICSPIS),pp.331-337,Nov.2007.
[20]A Lakhina,M Crovella,and C Diot,“Mining anomalies using traffic feature distributions,”In ACM SIGCOMM Computer Communication Review(ACM),vol.35,no.4,pp.217-228,Oct.2005.
[21]X Ma,and Y Chen,“DDos detection method based on chaos analysis of network traffic entropy,”IEEE Communications Letters,vol.18,no.1,pp.114-117,Dec.2014.
[22]J′er?me Franc?ois,Issam Aib,and Raouf Boutaba.“Firecol:a collaborative protection network for the detection of flooding ddos attacks,”IEEE/ACM Transactions on Networking(TON),vol.20,no.6,pp.1828-1841,Dec.2012.
[23]Y Tao and S Yu,“DDos attack detection at local area networks using information theoretical metrics,”In Trust,Security and Privacy in Computing and Communications(TrustCom),pp.233-240,2013.
[24]A.Kesavan,“Three Types of DDoS Attacks,”ThousandEyes Blog,https://blog.thousandeyes.com/three-types-ddos-attacks/,Nov.2016.
[25]R Balian,“Entropy,a Protean concept,”PoincaréSeminar,Progress in Mathematical Physics,pp.119-144,Nov.2004.
[26]T Hastie,R Tibshirani,JH Friedman,and J Franklin,“The Elements of Statistical Learning(2nd ed.),”Springer.ISBN,vol.27,no.2,pp.587-588,2008.
[27]“[Machine Learning&Algorithm]随机森林(Random Forest),”Poll,http://www.cnblogs.com/maybe2030/p/4585705.html,Jun.015.
[28]Breiman L.“Classification and regression trees,”Routledge,2017.
[29]“Scapy”,Philippe Biondi and the Scapy community,https://scapy.net/,2018.
[30]C Kolias,G Kambourakis,A Stavrou,and J Voas,“DDoS in the IoT:Mirai and other botnets,”Computer,vol.50,no.7,pp.80-84,Jul.2017.
[31]SA Arunmozhi,and Y Venkataramani.“DDoS Attack and Defense Scheme in Wireless Ad hoc Networks,”arXiv preprint arXiv:1106.1287,vol.3,no.3,Jun 2011.
[32]P Sharma,N Sharma,R Singh,“A Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network,”International Journal of Computer Applications,vol.41,no.21,pp.7-14,Mar.2012.
[33]C Balarengadurai,and S Saraswathi,“Comparative analysis of detection of DDoS attacks in IEEE 802.15.4 low rate wireless personal area network”.Procedia engineering,vol.38,no.1,pp.3855-3863,Jun.2012.
[34]D Rupprecht,K Kohls,T Holz,and C P?pper,“Breaking LTE on Layer Two,”IEEE Computer Society,May.2019.
[35]A Gupta,T Verma,S Bali,and S Kaul,“Detecting MS initiated signaling DDoS attacks in 3G/4G wireless networks,”Communication Systems and Networks,pp.1-60,Feb.2013.
[36]M Khosroshahy,D Qiu,and MKM Ali,“Botnets in 4G cellular networks:Platforms to launch DDoS attacks against the air interface,”In Selected Topics in Mobile and Wireless Networking(MoWNeT),vol.143,no.6,pp.30-35.Sept.2013.
[37]“3.2.4.3.1.sklearn.ensemble.RandomForestClassifier,”scikitlearn community,http://scikit-learn.org/dev/modules/generated/sklearn.ensemble.RandomForestClassifier.html#sklearn.ensemble.RandomForestClassifier.
[2]“The State of LTE,”OpenSignal,https://opensignal.com/reports/2017/06/state-of-lte,Jun.2017.
[3]A.Sardana,and R.Joshi,“An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoSattacked networks,”Computer Communications,vol.32,no.12,pp.1384-1399,Jul.2009.
[4]“DISTRIBUTED DENIAL OF SERVICE(DDOS)WHAT DOESDDOS MEAN?”Incapsula,https://www.incapsula.com/ddos/denial-of-service.html.
[5]绿盟科技发布《2017上半年DDoS与Web应用攻击态势报告》,绿盟科技,http://blog.nsfocus.net/2017-mid-year-ddos-web-cybersecurity-threat-report/,Aug.2017.
[6]C Kolias,G Kambourakis,A Stavrou,and J Voas,“DDoS in the IoT:Mirai and other botnets,”Computer,vol.50,no.12,pp.80-84,Jul.2017.
[7]J.Henrydoss,and T.Boult,“Critical security review and study of DDoS attacks on LTE mobile network,”IEEE Asia Pacific Conference on Wireless and Mobile(APWiMob),pp.194-200,Oct.2014.
[8]L.Qiang,W.Zhou,B.Cui,and L.Na,“Security analysis of TAUprocedure in LTE network,”Ninth International Conference on P2P,Parallel,Grid,Cloud and Internet Computing(3PGCIC),pp.372-376,Nov.2014.
[9]R.Bassil,I.H.Elhajj,A.Chehab,and A.Kayssi,“Effects of signaling attacks on LTE networks,”Workshops of 27th International Conference on Advanced Information Networking and Applications(WAINA),pp.499-504,Mar.2013.
[10]R.Bassil,A.Chehab,I.Elhajj,and A.Kayssi,“Signaling oriented denial of service on LTE networks,”ACM international symposium on Mobility management and wireless access(MobiWac 2012),vol.8,no.4,pp.153-158,Oct.2012.
[11]M Khosroshahy,D Qiu,and MKM Ali,“Botnets in 4G cellular networks:Platforms to launch DDoS attacks against the air interface,”International Conference on Selected Topics in Mobile and Wireless NETWORKING(MoWNet'13),vol.143,no.6,pp.30-35,Sept.2013.
[12]L He,Z Yan,M Atiquzzaman.“LTE/LTE-A Network Security Data Collection and Analysis for Security Measurement:A Survey,”IEEE Access,vol.6,pp.4220-4242,Jan.2018.
[13]R Doshi,N Apthorpe,and N Feamster.“Machine Learning DDoSDetection for Consumer Internet of Things Devices,”arXiv preprint arXiv:1804.04159,Apr.2018.
[14]C Livadas,R Walsh,D Lapsley,and WT Strayer,“Using machine learning technliques to identify botnet traffic,”IEEE Conference on Local Computer Networks(LCN),pp.967-974,Nov.2006.
[15]A Feizollah,NB Anuar,R Salleh,F Amalina,RR Ma'arof,and SShamshirband,“A study of machine learning classifiers for anomaly-based mobile botnet detection,”Malaysian Journal of Computer Science,vol.26,no.4,pp.251-265,Dec.2013.
[16]JH Jun,H Oh,and SH Kim,“DDoS flooding attack detection through a step-by-step investigation,”Networked Embedded Systems for Enterprise Applications(NESEA),pp.1-5,Dec.2011.
[17]L Feinstein,D Schnackenberg,R Balupari,and D Kindred,“Statistical approaches to DDoS attack detection and response,”IEEEXplore,vol.1,pp.303-314,Apr.2003.
[18]S Yu,W Zhou,R Doss,and W Jia“Traceback of DDoS attacks using entropy variations,”IEEE Transactions on Parallel and Distributed Systems(TPDS),vol.22,no.3,pp.412-425,Mar 2011.
[19]K Kumar,RC Joshi,and K Singh.“A distributed approach using entropy to detect DDoS attacks in ISP domain,”International Conference on Signal Processing(ICSPIS),pp.331-337,Nov.2007.
[20]A Lakhina,M Crovella,and C Diot,“Mining anomalies using traffic feature distributions,”In ACM SIGCOMM Computer Communication Review(ACM),vol.35,no.4,pp.217-228,Oct.2005.
[21]X Ma,and Y Chen,“DDos detection method based on chaos analysis of network traffic entropy,”IEEE Communications Letters,vol.18,no.1,pp.114-117,Dec.2014.
[22]J′er?me Franc?ois,Issam Aib,and Raouf Boutaba.“Firecol:a collaborative protection network for the detection of flooding ddos attacks,”IEEE/ACM Transactions on Networking(TON),vol.20,no.6,pp.1828-1841,Dec.2012.
[23]Y Tao and S Yu,“DDos attack detection at local area networks using information theoretical metrics,”In Trust,Security and Privacy in Computing and Communications(TrustCom),pp.233-240,2013.
[24]A.Kesavan,“Three Types of DDoS Attacks,”ThousandEyes Blog,https://blog.thousandeyes.com/three-types-ddos-attacks/,Nov.2016.
[25]R Balian,“Entropy,a Protean concept,”PoincaréSeminar,Progress in Mathematical Physics,pp.119-144,Nov.2004.
[26]T Hastie,R Tibshirani,JH Friedman,and J Franklin,“The Elements of Statistical Learning(2nd ed.),”Springer.ISBN,vol.27,no.2,pp.587-588,2008.
[27]“[Machine Learning&Algorithm]随机森林(Random Forest),”Poll,http://www.cnblogs.com/maybe2030/p/4585705.html,Jun.015.
[28]Breiman L.“Classification and regression trees,”Routledge,2017.
[29]“Scapy”,Philippe Biondi and the Scapy community,https://scapy.net/,2018.
[30]C Kolias,G Kambourakis,A Stavrou,and J Voas,“DDoS in the IoT:Mirai and other botnets,”Computer,vol.50,no.7,pp.80-84,Jul.2017.
[31]SA Arunmozhi,and Y Venkataramani.“DDoS Attack and Defense Scheme in Wireless Ad hoc Networks,”arXiv preprint arXiv:1106.1287,vol.3,no.3,Jun 2011.
[32]P Sharma,N Sharma,R Singh,“A Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network,”International Journal of Computer Applications,vol.41,no.21,pp.7-14,Mar.2012.
[33]C Balarengadurai,and S Saraswathi,“Comparative analysis of detection of DDoS attacks in IEEE 802.15.4 low rate wireless personal area network”.Procedia engineering,vol.38,no.1,pp.3855-3863,Jun.2012.
[34]D Rupprecht,K Kohls,T Holz,and C P?pper,“Breaking LTE on Layer Two,”IEEE Computer Society,May.2019.
[35]A Gupta,T Verma,S Bali,and S Kaul,“Detecting MS initiated signaling DDoS attacks in 3G/4G wireless networks,”Communication Systems and Networks,pp.1-60,Feb.2013.
[36]M Khosroshahy,D Qiu,and MKM Ali,“Botnets in 4G cellular networks:Platforms to launch DDoS attacks against the air interface,”In Selected Topics in Mobile and Wireless Networking(MoWNeT),vol.143,no.6,pp.30-35.Sept.2013.
[37]“3.2.4.3.1.sklearn.ensemble.RandomForestClassifier,”scikitlearn community,http://scikit-learn.org/dev/modules/generated/sklearn.ensemble.RandomForestClassifier.html#sklearn.ensemble.RandomForestClassifier.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |