The present invention relates to handling of signaling attacks in wireless networks. More particularly, and not by way of limitation, the present invention is directed to a system and method to substantially prevent Denial of Service (DoS) attacks in a cellular wireless network through reallocation of Random Access Channel (RACH) resources.
Today's broadband cellular wireless networks with expanded voice and data capabilities are increasingly becoming vulnerable to cyber attacks because of rapid growth in packet data traffic in these networks. As opposed to most wireline links, wireless links tend to have a much limited bandwidth. Hence, it takes a significantly less traffic to quickly overload a wireless connection. Furthermore, in today's third (3G) and fourth (4G) generation wireless networks, a large amount of signaling is carried out—even for a small amount of data transfer—to efficiently and optimally use limited radio resources. On the other hand, wireline networks may not need to resort to such extensive signaling for routine data transfer operations. Thus, today's cellular networks remain inherently susceptible to cyber attacks, such as, for example, a Denial of Service (DoS) attack through exhaustion of a wireless network's limited signaling channel resources.
It is observed from above that wireless networks are less robust than wireline networks, especially when it comes to being vulnerable to DoS attacks. Not only do “traditional” wireline DoS attacks apply in a wireless domain, a wireless network's limited radio resource availability and bandwidth may expose the network to additional wireless-specific DoS attacks. For example, a malicious remote host may create havoc in the signaling plane of a 3G network by repeatedly triggering radio channel allocations and revocations for targeted mobile handsets as explained more fully in “On the Detection of Signaling DoS Attacks on 3G Wireless Networks” by Patrick P. C. Lee, Tian Bu, and Thomas Woo, in Proc in Proceedings of IEEE INFOCOM, Anchorage, Ak., May 2007. A low rate, low volume attack traffic from such a malicious host can still cause significant potential damage including (1) overloading of Radio Network Controller (RNC) and Base Station (BS), leading to reduced system performance, (2) denial of service to legitimate signaling messages due to congestion in the signaling paths, and (3) shortening of a (targeted) mobile handset's battery life. In other words, unlike conventional DoS attacks in the wireless data plane, the signaling DoS attacks do not have to generate aggressive data traffic in the network to cause aggravated damage.
The detection algorithms identifying signaling DoS attacks in wireless networks may achieve high detection probability, low false alarm probability, and may have low detection time. Once a host is detected as malicious, a reaction mechanism may basically filter out subsequent traffic from the identified malicious host.