Paper Info
Title
Anomaly detection of network-initiated LTE signaling traffic in wireless sensor and actuator networks based on a Hidden semi-Markov Model.
Abstract
LTE signaling attack is a serious threat to a wireless sensor and actuator network whose facilities are dispersed and connected with LTE technology on a large scale, in order to conduct a particular mission. An LTE attacker generates a lot of signaling initiating packets, named wakeup packets, to saturate the LTE network's resources. Existing LTE signaling attack detection schemes are merely based on measuring the mean wakeup packet generation rate. Since resulting from extensive amounts of facilities involved in a normal management process, severe fluctuations of signaling traffic are ordinarily expected in the wireless sensor and actuator network, and those mean-based schemes cannot effectively distinguish between attacks and normal traffic. In this paper, we propose an advanced LTE signaling attack detection scheme based on a Hidden semi-Markov model, which captures the spatialtemporal characteristics of normal wakeup packet generation behavior. Our proposed detector takes the log-likelihood of a node's wakeup packet generation as the test criterion for normality. Through simulations with various parameter settings, we verified that the proposed scheme effectively distinguishes attacker nodes from normal nodes.
Year
DOI
Venue
2017
10.1016/j.cose.2016.11.008
Computers & Security
Keywords
Field
DocType
Wireless sensor and actuator network,LTE signaling attack,Hidden semi-Markov Model,Anomaly detection,Intrusion detection system
Anomaly detection,Wireless,Computer science,Computer security,Network packet,Computer network,Detector,Intrusion detection system,Actuator,Hidden semi-Markov model
Journal
Volume
Issue
ISSN
65
C
0167-4048
Citations 
PageRank 
References 
8
0.46
18
Authors
3
Name
Order
Citations
PageRank
June-ho Bang180.80
Young-Jong Cho2597.64
Kyungran Kang3377.82