Abstract
Researchers have recently uncovered numerous exploitable vulnerabilities that enable malicious individuals to mount attacks against mobile network users and services. The detection and attribution of these threats are of major importance to the mobile operators. Therefore, this paper presents a novel approach for anomaly detection in 3G/4G mobile networks based on Bayesian Robust Principal Component Analysis (BRPCA), which enables cognition in mobile networks through the ability to perceive threats and to act in order to mitigate their effects. BRPCA is used to model aggregate network data and subsequently identify abnormal network states. A major difference with previous work is that this method takes into account the spatio-temporal nature of the mobile network traffic, to reveal encoded periodic characteristics, which has the potential to reduce false positive rate. Furthermore, the BRPCA method is unsupervised and does not raise privacy issues due to the nature of the raw data. The effectiveness of the approach was evaluated against three other methods on two synthetic datasets for a large mobile network, and the results show that BRPCA provides both higher detection rate and lower computational overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bishop, C.M.: Pattern recognition and machine learning, vol. 1. Springer, Berlin (2006)
Borgaonkar, R., Redon, K., Seifert, J.P.: Security analysis of a femtocell device. In: Proceedings of 4th International Conference on Security of Information and Networks (SIN), pp. 95–102. ACM, Sydney (2011)
Breunig, M.M., Kriegel, H.P., Ng, R.T., Sander, J.: LOF: identifying density-based local outliers. SIGMOD Rec. 29(2), 93–104 (2000)
D’Alconzo, A., Coluccia, A., Romirer-Maierhofer, P.: Distribution-based anomaly detection in 3G mobile networks: from theory to practice. Int. J. Netw. Manag. 20(5), 245–269 (2010)
David, S., Harrison, D., Price, R., Fretheim, S.: Do-it-yourself cellular intrusion detection system. LMG Security, http://lmgsecurity.com/whitepapers/DIY-Cellular-IDS_2013-08-01.pdf (2013)
Delany, S.J., Buckley, M., Greene, D.: SMS spam filtering: methods and data. Exp. Syst. Appl. 39(10), 9899–9908 (2012)
Ding, X., He, L., Carin, L.: Bayesian robust principal component analysis. IEEE Trans. Image Process. 20(12), 3419–3430 (2011)
Golde, N., Redon, K., Borgaonkar, R.: Weaponizing femtocells: the effect of rogue devices on mobile telecommunications. In: Proceedings of NDSS, pp. 1–16 (2012)
Gorbil, G., Abdelrahman, O.H., Pavloski, M., Gelenbe, E.: Modeling and analysis of RRC-based signalling storms in 3G networks. IEEE Trans. Emerg. Topics Comput PP(99), 1 (2015)
Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, Berlin (2002)
Joshi, S.S., Phoha, V.V.: Investigating hidden Markov models capabilities in anomaly detectio. In: Proceedings of 43rd Annual Southeast Regional Conference, vol. 1, pp. 98–103. ACM, Kennesaw (2005)
Kim, E.K., McDaniel, P., La Porta, T.: A detection mechanism for SMS flooding attacks in cellular networks. In: Security and Privacy in Communication Networks, vol. 106, pp. 76–93. Springer, Berlin (2013)
Lee, P.P.C., Bu, T., Woo, T.: On the detection of signaling DoS attacks on 3G wireless networks. In: Proceedings of INFOCOM, pp. 1289–1297. IEEE, Alaska (2007)
Lee, P.P.C., Bu, T., Woo, T.: On the detection of signaling DoS attacks on 3G/WiMax wireless networks. Comput. Netw. 53(15), 2601–2616 (2009)
Liebergeld, S., Lange, M., Borgaonkar, R.: Cellpot: a concept for next generation cellular network honeypots. In: Proceedings of NDSS, pp. 1–6 (2014)
Rabiner, L.: A tutorial on hidden Markov models and selected applications in speech recognition. Proc. IEEE 77(2), 257–286 (1989)
Strang, G.: Linear Algebra and its Applications, 4th edn. Brooks/Cole (2006)
Traynor, P., et al.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of 16th Conference Computer and Communications Security (CCS), pp. 223–234. ACM, Chicago (2009)
Wang, F., et al.: A HMM-based method for anomaly detection. In: Proceedings of 4th International Conference on Broadband Network and Multimedia Technology, pp. 276–280. IEEE, Shenzhen (2011)
Yan, G., Eidenbenz, S., Galli, E.: SMS-Watchdog: Profiling social behaviors of sms users for anomaly detection. In: Proceedings of 12th International Symposium Recent Advances in Intrusion Detection (RAID), pp. 202–223. Springer, Saint-Malo (2009)
Acknowledgments
This work was partially supported by the European Commission through project FP7-ICT-317888-NEMESYS. The opinions expressed in this paper are those of the authors and do not necessarily reflect the views of the European Commission.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Papadopoulos, S., Drosou, A., Dimitriou, N., Abdelrahman, O.H., Gorbil, G., Tzovaras, D. (2016). A BRPCA Based Approach for Anomaly Detection in Mobile Networks. In: Abdelrahman, O., Gelenbe, E., Gorbil, G., Lent, R. (eds) Information Sciences and Systems 2015. Lecture Notes in Electrical Engineering, vol 363. Springer, Cham. https://doi.org/10.1007/978-3-319-22635-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-22635-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22634-7
Online ISBN: 978-3-319-22635-4
eBook Packages: EngineeringEngineering (R0)