TY - GEN
T1 - A chain reaction DoS attack on 3G networks
T2 - 28th Conference on Computer Communications, IEEE INFOCOM 2009
AU - Zhao, Bo
AU - Chi, Caixia
AU - Gao, Wei
AU - Zhu, Sencun
AU - Cao, Guohong
PY - 2009
Y1 - 2009
N2 - The IP Multimedia Subsystem (IMS) is being deployed in the Third Generation (3G) networks since it supports many kinds of multimedia services. However, the security of IMS networks has not been fully examined. This paper presents a novel DoS attack against IMS. By congesting the presence service, a core service of IMS, a malicious attack can cause chained automatic reaction of the system, thus blocking all the services of IMS. Because of the low-volume nature of this attack, an attacker only needs to control several clients to paralyze an IMS network supporting one million users. To address this DoS attack, we propose an online early defense mechanism, which aims to first detect the attack, then identify the malicious clients, and finally block them. We formulate this problem as a change-point detection problem, and solve it based on the non-parametric GRSh test. Through trace-driven experiments, we demonstrate that our defense mechanism can throttle this DoS attack within a short defense time window while generating few false alarms.
AB - The IP Multimedia Subsystem (IMS) is being deployed in the Third Generation (3G) networks since it supports many kinds of multimedia services. However, the security of IMS networks has not been fully examined. This paper presents a novel DoS attack against IMS. By congesting the presence service, a core service of IMS, a malicious attack can cause chained automatic reaction of the system, thus blocking all the services of IMS. Because of the low-volume nature of this attack, an attacker only needs to control several clients to paralyze an IMS network supporting one million users. To address this DoS attack, we propose an online early defense mechanism, which aims to first detect the attack, then identify the malicious clients, and finally block them. We formulate this problem as a change-point detection problem, and solve it based on the non-parametric GRSh test. Through trace-driven experiments, we demonstrate that our defense mechanism can throttle this DoS attack within a short defense time window while generating few false alarms.
UR - http://www.scopus.com/inward/record.url?scp=70349686596&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70349686596&partnerID=8YFLogxK
U2 - 10.1109/INFCOM.2009.5062173
DO - 10.1109/INFCOM.2009.5062173
M3 - Conference contribution
AN - SCOPUS:70349686596
SN - 9781424435135
T3 - Proceedings - IEEE INFOCOM
SP - 2455
EP - 2463
BT - IEEE INFOCOM 2009 - The 28th Conference on Computer Communications
Y2 - 19 April 2009 through 25 April 2009
ER -