2,967 research outputs found

    Rogue Base Station Detection Techniques

    Get PDF
    User equipment (UE) and cellular networks implement one or more techniques to detect and mitigate rogue base stations/cells. In one approach, a UE implements base station authentication techniques for detecting and mitigating rogue base stations. In this approach, the UE detects a failed authentication procedure and determines the associated base station is a rogue base station. The UE stores identifying information associated with the rogue base station and location information associated with the UE. Upon attachment with a legitimate base station/cell, the UE sends the identifying information and location information to the network. In another example, the network implements reverse mobility detection techniques for detecting and mitigating rogue base stations. In this approach, static mobile UEs are located throughout the network and monitor signal strength variations associated with cells for detecting rogue base stations. In yet another approach, a UE is configured to detect when a base station is attempting to downgrade the UE to a lower order radio access technology (RAT) and identifies the base station as a rogue base station. In a further approach, a UE is configured to determine when a received signal strength indicator (RSSI) is abnormally high, indicating that a rogue base station is using a signal-jamming mechanism

    Generation of realistic signal strength measurements for a 5G Rogue Base Station attack scenario

    Get PDF
    The detection and prevention of cyber-attacks is one of the main challenges in Vehicle-to-Everything (V2X) autonomous platooning scenarios. A key tool in this activity is the measurement report that is generated by User Equipment (UE), containing received signal strength and location information. Such data is effective in techniques to detect Rogue Base Stations (RBS) or Subscription Permanent Identifier SUPI/5G-GUTI catchers. An undetected RBS could result in unwanted consequences such as Denial of Service (DoS) attacks and subscriber privacy attacks on the network and UE. Motivated by this, this paper presents the novel simulation of a 5G cellular system to generate a realistic dataset of signal strength measurements that can later be used in the development of techniques to identify and prevent RBS interventions. The results show that the tool can create a large dataset of realistic measurement reports which can be used to develop and validate RBS detection techniques

    Synthetic Generation of Realistic Signal Strength Data to Enable 5G Rogue Base Station Investigation in Vehicular Platooning

    Get PDF
    Rogue Base Stations (RBS), also known as 5G Subscription Concealed Identifier (SUCI) catchers, were initially developed to maliciously intercept subscribers’ identities. Since then, further advances have been made, not only in RBSs, but also in communication network security. The identification and prevention of RBSs in Fifth Generation (5G) networks are among the main security challenges for users and network infrastructure. The security architecture group in 3GPP clarified that the radio configuration information received from user equipment could contain fingerprints of the RBS. This information is periodically included in the measurement report generated by the user equipment to report location information and Received Signal Strength (RSS) measurements for the strongest base stations. The motivation in this work, then is to generate 5G measurement reports to provide a large and realistic dataset of radio information and RSS measurements for an autonomous vehicle driving along various sections of a road. These simulated measurement reports can then be used to develop and test new methods for identifying an RBS and taking mitigating actions. The proposed approach can generate 20 min of synthetic drive test data in 15 s, which is 80 times faster than real time

    Rogue Drone Detection: A Machine Learning Approach

    Full text link
    The emerging, practical and observed issue of how to detect rogue drones that carry terrestrial user equipment (UEs) on mobile networks is addressed in this paper. This issue has drawn much attention since the rogue drones may generate excessive interference to mobile networks and may not be allowed by regulations in some regions. In this paper, we propose a novel machine learning approach to identify the rogue drones in mobile networks based on radio measurements. We apply two classification machine learning models, Logistic Regression, and Decision Tree, using features from radio measurements to identify the rogue drones. We find that for high altitudes the proposed machine learning solutions can yield high rogue drone detection rate while not mis-classifying regular ground based UEs as rogue drone UEs. The detection accuracy however degrades at low altitudes.Comment: Submitted to Globecom 201

    Revista Economica

    Get PDF

    Applying Machine Learning on RSRP-based Features for False Base Station Detection

    Full text link
    False base stations -- IMSI catchers, Stingrays -- are devices that impersonate legitimate base stations, as a part of malicious activities like unauthorized surveillance or communication sabotage. Detecting them on the network side using 3GPP standardized measurement reports is a promising technique. While applying predetermined detection rules works well when an attacker operates a false base station with an illegitimate Physical Cell Identifiers (PCI), the detection will produce false negatives when a more resourceful attacker operates the false base station with one of the legitimate PCIs obtained by scanning the neighborhood first. In this paper, we show how Machine Learning (ML) can be applied to alleviate such false negatives. We demonstrate our approach by conducting experiments in a simulation setup using the ns-3 LTE module. We propose three robust ML features (COL, DIST, XY) based on Reference Signal Received Power (RSRP) contained in measurement reports and cell locations. We evaluate four ML models (Regression Clustering, Anomaly Detection Forest, Autoencoder, and RCGAN) and show that several of them have a high precision in detection even when the false base station is using a legitimate PCI. In our experiments with a layout of 12 cells, where one cell acts as a moving false cell, between 75-95\% of the false positions are detected by the best model at a cost of 0.5\% false positives.Comment: 9 pages,5 figure, 3 tables, 2 algorithm
    • …
    corecore