Omer H. Abdelrahman

Signalling storms in 3G mobile networks

We review the characteristics of signalling storms that have been caused by certain common apps and recently observed in cellular networks, leading to system outages. We then develop a mathematical model of a mobile users signalling behaviour which focuses on the potential of causing such storms, and represent it by a large Markov chain. The analysis of this model allows us to determine the key parameters of mobile user device behaviour that can lead to signalling storms. We then identify the parameter values that will lead to worst case load for the network itself in the presence of such storms. This leads to explicit results regarding the manner in which individual mobile behaviour can cause overload conditions on the network and its signalling servers, and provides insight into how this may be avoided.

Mobile Network Anomaly Detection and Mitigation: The NEMESYS Approach

Mobile malware and mobile network attacks are becoming a significant threat that accompanies the increasing popularity of smart phones and tablets. Thus in this paper we present our research vision that aims to develop a network-based security solution combining analytical modelling, simulation and learning, together with billing and control-plane data, to detect anomalies and attacks, and eliminate or mitigate their effects, as part of the EU FP7 NEMESYS project. These ideas are supplemented with a careful review of the state-of-the-art regarding anomaly detection techniques that mobile network operators may use to protect their infrastructure and secure users against malware.

Modeling and Analysis of RRC-Based Signalling Storms in 3G Networks

Mobile networks are vulnerable to signaling attacks and storms that are caused by traffic patterns that overload the control plane, and differ from distributed denial of service attacks in the Internet since they directly affect the control plane, and also reserve wireless bandwidth and network resources without actually using them. Such storms can result from malware and mobile botnets, as well as from poorly designed applications, and can cause service outages in 3G and 4G networks, which have been experienced by mobile operators. Since the radio resource control (RRC) protocol in the 3G and 4G networks is particularly susceptible to such storms, we analyze their effect with a mathematical model that helps to predict the congestion that is caused by a storm. A detailed simulation model of a mobile network is used to better understand the temporal dynamics of user behavior and signaling in the network and to show how RRC-based signaling attacks and storms cause significant problems in both the control and user planes of the network. Our analysis also serves to identify how storms can be detected, and to propose how system parameters can be chosen to mitigate their effect.

Storms in mobile networks

Mobile networks are vulnerable to signalling attacks and storms caused by traffic that overloads the control plane through excessive signalling, which can be introduced via malware and mobile botnets. With the advent of machine-to-machine (M2M) communications over mobile networks, the potential for signalling storms increases due to the normally periodic nature of M2M traffic and the sheer number of communicating nodes. Several mobile network operators have also experienced signalling storms due to poorly designed applications that result in service outage. The radio resource control (RRC) protocol is particularly susceptible to such attacks, motivating this work within the EU FP7 NEMESYS project which presents simulations that clarify the temporal dynamics of user behavior and signalling, allowing us to suggest how such attacks can be detected and mitigated.

Packet Delay and Energy Consumption in Non-homogeneous Networks

This paper studies whether a packet will ultimately succeed in reaching a given destination, how long this will take and how much energy may be expended, in the context of a network with imperfect routing tables and non-homogeneous network characteristics. It also investigates the effect of non-cooperative routers that may actually choose to drop certain packets if they view them to be dangerous for destination nodes, as when packets may be carrying worms, viruses or malware, and when certain packets have been identified as being part of a Denial of Service attack. The approach we take is to construct a probability model for packet travel from a source to destination node in a large non-homogeneous multiple hop network. The randomness models the lack of precise routing information at each of the network hops, and randomness in routing can also be used to model networks where one wishes to explore alternate paths in a network to discover the more reliable paths, or those that may have other desirable characteristics such as lower delay or lower packet loss. We assume that each packet has the same time out: when the time-out elapses, the packet is dropped if it has not yet reached the destination, and some time later the source will retransmit a duplicate packet. A numerical–analytical solution is developed to compute the average travel time of the packet from source to destination and to estimate its total energy consumption. Two applications of these results are then presented. In the first one, the packet is an ‘attack’ packet (e.g. a Denial of Service packet, or some malware) and as it approaches the destination node it is being frequently inspected by routers that may decide to drop it if they correctly detect that it is a threat. The second example considers a wireless network where areas which are remote from the source and destination nodes have poorer wireless coverage so that packet losses become more frequent as the packet ‘unknowingly’ (due to poor routing tables errors) meanders away from the main coverage area. Other applications in wireless networks are also provided and a simulation study is performed to validate the analytical model.

Impact of Signaling Storms on Energy Consumption and Latency of LTE User Equipment

Signaling storms in mobile networks, which congest the control plane, are becoming more frequent and severe because misbehaving applications can nowadays spread more rapidly due to the popularity of application marketplaces for smartphones. While previous work on signaling storms consider the processing overhead in the network and energy consumption of the misbehaving User Equipment (UE) only, this paper aims to investigate how signaling storms affect both the energy consumption and bandwidth allocation of normal and misbehaving LTE UEs by constructing a mathematical model which captures the interaction between the UE traffic and the Radio Resource Control state machine and bandwidth allocation mechanism at the eNodeB. Our results show that even if only a small proportion of the UE population is misbehaving, the energy consumption of the radio subsystem of the normal UEs can increase significantly while the time spent actively communicating increases drastically for a normal data session. Moreover, we show that misbehaving UEs have to spend an increasing amount of energy to attack the network when the severity of the signaling storms increases since they also suffer from the attacks.

Search in the Universe of Big Networks and Data

Searching the Internet for some object characterized by its attributes in the form of data, such as a hotel in a certain city whose price is lower than some amount, is one of our most common activities when we access the web. We discuss this problem in a general setting, and compute the average amount of time and energy it takes to find an object in an infinitely large search space. We consider the use of N search agents that act concurrently in both the case where the search agent knows which way it needs to go to find the object, and the case where the search agent is completely ignorant and may even head away from the object being sought. We show that under mild conditions regarding the randomness of the search and the use of a time-out, the search agent will always find the object in spite of the fact that the search space is infinite. We obtain a formula for the average search time and the average energy expended by N search agents acting concurrently and independent of each other. We see that the time-out itself can be used to minimize the search time and the amount of energy that is consumed to find an object. An approximate formula is derived for the number of search agents that can help us guarantee that an object is found in a given time, and we discuss how the competition between search agents and other agents that try to hide the data object can be used by opposing parties to guarantee their own success.

Fast message dissemination for emergency communications

This paper presents an emergency communication system that is able to quickly deliver emergency messages over an unreliable and best-effort network such as the Internet. The proposed architecture employs application-layer multicast to rapidly deliver emergency traffic without the support of a dedicated network infrastructure. We introduce a distributed overlay tree construction and maintenance mechanism that produces consistent, loop-free and self-adaptive trees that dynamically change over time to effectively deal with varying network conditions and offer low message delays to end nodes. We evaluate the performance of the proposed approach through an experimental study conducted on a real-life networking testbed.

Queueing performance under Network Coding

We develop analytical and simulation models to evaluate the additional delay at intermediate nodes of a store and forward packet network when Network Coding (NC) is applied. The approach is based on the analysis of queueing systems with specific service processes that capture the effect of NC. The analytical results are compared with simulations.

A BRPCA Based Approach for Anomaly Detection in Mobile Networks

Researchers have recently uncovered numerous exploitable vulnerabilities that enable malicious individuals to mount attacks against mobile network users and services. The detection and attribution of these threats are of major importance to the mobile operators. Therefore, this paper presents a novel approach for anomaly detection in 3G/4G mobile networks based on Bayesian Robust Principal Component Analysis (BRPCA), which enables cognition in mobile networks through the ability to perceive threats and to act in order to mitigate their effects. BRPCA is used to model aggregate network data and subsequently identify abnormal network states. A major difference with previous work is that this method takes into account the spatio-temporal nature of the mobile network traffic, to reveal encoded periodic characteristics, which has the potential to reduce false positive rate. Furthermore, the BRPCA method is unsupervised and does not raise privacy issues due to the nature of the raw data. The effectiveness of the approach was evaluated against three other methods on two synthetic datasets for a large mobile network, and the results show that BRPCA provides both higher detection rate and lower computational overhead.