securing 5g networks
play

Securing 5G Networks Stavros Papadopoulos, Anastasios Drosou, and - PowerPoint PPT Presentation

Nov 17, 2022 •187 likes •426 views

Behavioural Network Traffic Analytics for Securing 5G Networks Stavros Papadopoulos, Anastasios Drosou, and Dimitrios Tzovaras 5 th International Workshop on 5G Architecture (5GARCH) Presenter: Dr. Stavros Papadopoulos Post-doctoral research

  1. Behavioural Network Traffic Analytics for Securing 5G Networks Stavros Papadopoulos, Anastasios Drosou, and Dimitrios Tzovaras 5 th International Workshop on 5G Architecture (5GARCH) Presenter: Dr. Stavros Papadopoulos Post-doctoral research associate at the Centre for Research and Technology Hellas / Information Technologies Institute

  2. Presentation outline • Problem formulation • Proposed method • Experimental results • Conclusions 2

  3. Presentation outline • Problem formulation • Proposed method • Experimental results • Conclusions 3

  4. Problem formulation (1/2) • Securing Mobile networks – Malware detection : – Spam/Premium SMS/Call, DDoS SMS-flooding, DDoS by sending periodically Internet packets • Diversity of the malware types and behaviours – Renders the problem of anomaly detection as a very challenging one • Multi-dimensional nature of the data makes it difficult to analyse – SMS, Call, Internet, Services, Signalling • More challenging in 5G networks , since one more dimension is added to the traffic, representing different network slices – Activity that is normal in one slice can be anomalous in another

  5. Problem formulation (2/2) • Data types in the mobile network: – Signalling (control) plane: all the signals that control or are needed for the network services (e.g. Call Forwarding enable/disable or Call handover) – Billing (data) plane: comprised of actual data sent/received by the mobile devices, including Call Detail Records (CDR), and Internet traffic • Focus on the detection of malware on the billing plane : – No content used due to privacy concerns – Only high level communication events (who communicates with who and how/when) Thessaloniki, September 2017 5

  6. Presentation outline • Problem formulation • Proposed method • Experimental results • Conclusions 6

  7. Proposed method Background 1/2 • Behavioural-based approaches – Extract descriptors that capture different aspects of the behaviour of malicious and normal actors, allowing for their efficient discrimination Behaviour : Range of actions taken by actors in conjunction with themselves and their environment. In the context of mobile networks, the actors are the mobile devices, environment is the rest of the mobile devices and network, and actions are the communications among them. 7

  8. Proposed method Background 2/2 • This paper proposes the Behavioral Traffic Analysis method, for discriminating between different user behaviors • The method is an extension of the Multi-objective Clustering approach [Kalamaras et al. 2015] by extending the proposed behavioral descriptors 8

  9. Proposed method Multi-objective Clustering framework 1/2 Minimum Spanning Tree (MST) … Descriptor-M Descriptor-1 Multi-Objective Descriptor-1 Descriptor-M Visualization … for Mobile-1 for Mobile-1 Mobile-1 Descriptor-1 Descriptor-M … for Mobile-2 for Mobile-2 Mobile-2 … … Billing data … … … Descriptor-1 Descriptor-M … for Mobile-M for Mobile-N Mobile-N 9

  10. Proposed method Multi-objective Clustering framework 2/2 • Inputs of Multi-objective Clustering framework – Descriptor definitions – Distance metric between descriptors • Example of Multi-objective Clustering approach [Kalamaras et al. 2015] – Proposed Descriptors for both SMS and Call activities SMS/time Histogram Descriptor SMS/recipient Histogram Descriptor SMS ratio *these descriptors are also SMS ratio defined for the call activity of each device (i.e. 4 descriptors in total) hour of day recipient ID – Distance metric between descriptors: L1 10

  11. Proposed Behavioural Analytics method Proposed Descriptors • k-partite graphs created by a subset of billing attributes • Each attribute value is mapped into a single graph node • Continuous attributes (e.g. date-time, duration) are discretized Origin Dest Slice Type m1 m4 s1 SMS m1 m4 s1 SMS Example of descriptors: Origin Dest Slice Type m1 m2 s1 CALL 1. CALL descriptor: ? m1 m2 s1 CALL Origin/Dest/Slice m1 m3 s2 CALL m1 m3 s2 CALL for CALL activity m1 m2 s2 CALL 2. SMS descriptor: m1 m2 s2 CALL m2 m3 s1 CALL Origin/Dest/Slice Billing data used for the for SMS activity CALL descriptor of m1 m2 m3 s1 SMS CALL descriptor of m1 m2 m3 s1 CALL m2 m1 s1 SMS Billing data

  12. Proposed Behavioural Analytics method Proposed Descriptors • k-partite graphs created by a subset of billing attributes • Each attribute value is mapped into a single graph node • Continuous attributes (e.g. date-time, duration) are discretized Origin Origin Dest Slice Type Call Destination m1 m4 s1 SMS Slice m2 1 m1 m4 s1 SMS 1 Example of descriptors: Origin Dest Slice Type 1 m1 m2 s1 CALL 1. CALL descriptor: m1 m1 m2 s1 CALL s1 Origin/Dest/Slice m1 m3 s2 CALL m1 m3 s2 CALL for CALL activity m1 m2 s2 CALL 2. SMS descriptor: m1 m2 s2 CALL m2 m3 s1 CALL Origin/Dest/Slice Billing data used for the for SMS activity CALL descriptor of m1 m2 m3 s1 SMS CALL descriptor of m1 m2 m3 s1 CALL m2 m1 s1 SMS Billing data

  13. Proposed Behavioural Analytics method Proposed Descriptors • k-partite graphs created by a subset of billing attributes • Each attribute value is mapped into a single graph node • Continuous attributes (e.g. date-time, duration) are discretized Origin Origin Dest Slice Type Call Destination m1 m4 s1 SMS Slice m2 1 m1 m4 s1 SMS 1 Example of descriptors: Origin Dest Slice Type 1 m1 m2 s1 CALL 1. CALL descriptor: m1 m1 m2 s1 CALL s1 Origin/Dest/Slice m1 m3 s2 CALL m1 m3 s2 CALL for CALL activity 1 m1 m2 s2 CALL 2. SMS descriptor: m1 m2 s2 CALL 1 s2 s2 m2 m3 s1 CALL Origin/Dest/Slice Billing data used for the m3 m3 1 for SMS activity CALL descriptor of m1 m2 m3 s1 SMS CALL descriptor of m1 m2 m3 s1 CALL m2 m1 s1 SMS Billing data

  14. Proposed Behavioural Analytics method Proposed Descriptors • k-partite graphs created by a subset of billing attributes • Each attribute value is mapped into a single graph node • Continuous attributes (e.g. date-time, duration) are discretized Origin Origin Dest Slice Type Call Destination m1 m4 s1 SMS Slice m2 2 1 m1 m4 s1 SMS 1 Example of descriptors: Origin Dest Slice Type 1 m1 m2 s1 CALL 1. CALL descriptor: m1 m1 m2 s1 CALL s1 Origin/Dest/Slice m1 m3 s2 CALL m1 m3 s2 CALL 1 for CALL activity 1 2 m1 m2 s2 CALL 2. SMS descriptor: m1 m2 s2 CALL 1 s2 s2 m2 m3 s1 CALL Origin/Dest/Slice Billing data used for the m3 m3 1 for SMS activity CALL descriptor of m1 m2 m3 s1 SMS CALL descriptor of m1 m2 m3 s1 CALL m2 m1 s1 SMS Billing data

  15. Proposed Behavioural Analytics method Proposed Descriptors • k-partite graphs created by a subset of billing attributes • Each attribute value is mapped into a single graph node • Continuous attributes (e.g. date-time, duration) are discretized Origin Dest Slice Type m1 m4 s1 SMS Origin m1 m4 s1 SMS SMS Destination Example of descriptors: Slice m1 m2 s1 CALL 1. CALL descriptor: Origin Dest Slice Type m4 2 Origin/Dest/Slice 2 m1 m3 s2 CALL m1 m4 s1 SMS for CALL activity 2 m1 m2 s2 CALL m1 m4 s1 SMS m1 2. SMS descriptor: s1 m2 m3 s1 CALL Origin/Dest/Slice Billing data used for the for SMS activity SMS descriptor of m1 m2 m3 s1 SMS SMS descriptor of m1 m2 m3 s1 CALL m2 m1 s1 SMS Billing data

  16. Proposed Behavioural Analytics method Distance metric • Distance metric defined using graph matching techniques • For mobile −𝑗 and mobile −𝑘 , their distance with respect to descriptor −𝑙 is defined as: 𝑓𝑗𝑕 𝐻 𝑙 𝑘 = 𝑥 𝑓𝑗𝑕 𝐸 𝑙 𝑘 + 𝑥 𝑏𝑒𝑘 𝐸 𝑙 𝑏𝑒𝑘 𝐻 𝑙 𝑗 , 𝐻 𝑙 𝑗 , 𝐻 𝑙 𝑗 , 𝐻 𝑙 𝑘 𝐸 𝑙 𝐻 𝑙 content information using the graph [Koutra et al. 2011] structural information adjacency matrices 𝑁 using the graph eigenvalues λ ℎ 𝑛𝑏𝑦 𝑘,ℎ 2 𝑓𝑗𝑕 𝐻 𝑙 𝑘 = ෍ 𝑗,ℎ − λ 𝑙 𝑗 , 𝐻 𝑙 𝐸 𝑙 λ 𝑙 𝑏𝑒𝑘 𝐻 𝑙 𝑘 = ෍ 𝑁 𝑙 𝑗 , 𝐻 𝑙 𝑗 − 𝑁 𝑙 𝑘 𝐸 𝑙 ℎ=1 16

  17. Proposed Behavioural Analytics method Overview Minimum Spanning Tree (MST) Call Descriptor SMS Descriptor Multi-Objective Visualization Mobile-1 Mobile-2 Billing data … … … Mobile-N

  18. Presentation outline • Problem formulation • Proposed method • Experimental results • Conclusions 18

  19. Experimental results (1/2) • Simulation of different behavioral groups: Dunn Index 4 3.91 3 2 1.82 1 0 Kalamaras et al. [1] Proposed approach [1] Kalamaras et al., “A multi -objective clustering approach for the detection of abnormal behaviors in mobile networks ,” ICCW 2015

  20. Experimental results (2/2) • Simulation of different behavioral groups for 7 days First 6 days: normal behavior, 7 th day: anomalous group emerges • Dunn Index 4 3.72 3 3.2 2 1.69 1.61 1 0 Kalamaras et al. [1] Proposed approach Normal Day Anomalous day [1] Kalamaras et al., “A multi -objective clustering approach for the detection of abnormal behaviors in mobile networks ,” ICCW 2015

  21. Presentation outline • Problem formulation • Proposed method • Experimental results • Conclusions 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline

Mobile Networks Module I Part 2 Securing Vehicular Networks Prof. J.-P. Hubaux 1 Outline Motivation Threat model and specific attacks Security architecture Security analysis Certificate revocation

751 views • 43 slides
Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br Instituto de Informtica UFRGS Securing Networks in the Programmable Data Plane Era Network softwarization : the first wave P4 programs are

607 views • 12 slides
Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Benjamin Braun, Klemens Mang Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to detect attackers accessing your service? How to analyze attack patterns? How to detect yet unknown attack

246 views • 13 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle,

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle,

Securing IPv6 neighbor discovery and SLAAC in access networks through SDN Daniel Nelle, dnelle@uni-potsdam.de Thomas Scheffler, thomas.scheffler@htw-berlin.de ANRW 2019, Montreal, July 22nd 2019 Outline Security issues in ICMPv6 Stateless

663 views • 21 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas

- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas

- Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel - Securing Santas Sleigh - INET XMAS Presentation 2018 by Timo Hckel Overview 1. Automotive Networks 2. SecVI Research Project 3. Software-Defined Networking

344 views • 31 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Securing Caribbean networks Bevil Wooding Executive Director, CaribNOG THE DIGITAL WORLD

Securing Caribbean networks Bevil Wooding Executive Director, CaribNOG THE DIGITAL WORLD

Securing Caribbean networks Bevil Wooding Executive Director, CaribNOG THE DIGITAL WORLD Explosion of Online Devices Explosion of Online Users Explosion of Online Data Dark Side To Digital Progress There are only two types of

614 views • 34 slides
IPsec (AH, ESP), IKE Guevara Noubir CSG254: Network Security noubir@ccs.neu.edu Securing

IPsec (AH, ESP), IKE Guevara Noubir CSG254: Network Security noubir@ccs.neu.edu Securing

IPsec (AH, ESP), IKE Guevara Noubir CSG254: Network Security noubir@ccs.neu.edu Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Control/Management (configuration) telnet/ftp: ssh, http: https , mail: PGP Network

1.4k views • 26 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole

Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole

Securing Neighbor Discovery the wormhole attack centralized and decentralized wormhole detection mechanisms Security and Cooperation in Wireless Networks Georg-August University Gttingen Introduction many wireless networking

639 views • 32 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
TRANSPORTATION COMMUNITY JULY 17, 2020 PRESENTED BY: JIM REGAN, CAPITALWORKS CONSULTING GROUP

TRANSPORTATION COMMUNITY JULY 17, 2020 PRESENTED BY: JIM REGAN, CAPITALWORKS CONSULTING GROUP

A PROJECT REVIEW FOR THE TRANSPORTATION COMMUNITY JULY 17, 2020 PRESENTED BY: JIM REGAN, CAPITALWORKS CONSULTING GROUP TIM AMMON, DECISION SUPPORT GROUP 2 Sponsoring Organizations The Student Transportation Aligned for Return To School

474 views • 13 slides
Towards a Professional Development Framework for Leaders of Degree Programmes Susan Moron

Towards a Professional Development Framework for Leaders of Degree Programmes Susan Moron

Teaching and Learning Exchange Towards a Professional Development Framework for Leaders of Degree Programmes Susan Moron Garcia, University of Central Lancashire Petia Petrova, University of the West of England Elizabeth Staddon, University

338 views • 17 slides
Assessments and Assessment Frameworks Robert Wagenaar Overall Coordinator Outline 1.

Assessments and Assessment Frameworks Robert Wagenaar Overall Coordinator Outline 1.

2 nd General Meeting CALOHEE Project Porto, 18 19 November 2016 Assessments and Assessment Frameworks Robert Wagenaar Overall Coordinator Outline 1. Assessments in HE in Europa: Outcomes CALOHEE questionnaire 2. Generic Competences

718 views • 35 slides
VULKAN AND NVIDIA: THE ESSENTIALS Tristan Lorach Manager of Developer Technology Group, NVIDIA US

VULKAN AND NVIDIA: THE ESSENTIALS Tristan Lorach Manager of Developer Technology Group, NVIDIA US

Siggraph 2016 VULKAN AND NVIDIA: THE ESSENTIALS Tristan Lorach Manager of Developer Technology Group, NVIDIA US 7/25/2016 ANALOGY ON GRAPHIC APIS (getting ready for my 7 years old sons questions on my job) Car Toy Lego Kit Derby Kit 2

1.59k views • 56 slides
Town Hall of REF 2021 Follow us on Twitter @REF_2021 Email us: info@ref.ac.uk 2021 framework

Town Hall of REF 2021 Follow us on Twitter @REF_2021 Email us: info@ref.ac.uk 2021 framework

Town Hall of REF 2021 Follow us on Twitter @REF_2021 Email us: info@ref.ac.uk 2021 framework Overall quality Outputs Impact Environment FTE x 2.5 = number of Environment data and Impact case studies outputs required template 60% 25%

288 views • 27 slides
Gossip-based peer sampling Mateusz Fedoryszak on the base of M. Jelasity, S. Voulgaris, R.

Gossip-based peer sampling Mateusz Fedoryszak on the base of M. Jelasity, S. Voulgaris, R.

Gossip-based peer sampling Mateusz Fedoryszak on the base of M. Jelasity, S. Voulgaris, R. Guerraoui, A.-M. Kermarrec, and M. van Steen: Gossip - based peer sampling, ACM Transactions on Computer Systems, vol. 25, no. 3, August 2007,

474 views • 21 slides
Ray-Traced Global Illumination for Games: Massively Parallel Path Space Filtering Nikolaus Binder

Ray-Traced Global Illumination for Games: Massively Parallel Path Space Filtering Nikolaus Binder

Ray-Traced Global Illumination for Games: Massively Parallel Path Space Filtering Nikolaus Binder and Alexander Keller Principles of Image Synthesis Solving the visibility problem Rasterization 2 Principles of Image Synthesis Solving the

959 views • 84 slides
Human Activity Recognition in Low Quality Videos using Spatio-Temporal Features Saimunur Rahman

Human Activity Recognition in Low Quality Videos using Spatio-Temporal Features Saimunur Rahman

Human Activity Recognition in Low Quality Videos using Spatio-Temporal Features Saimunur Rahman Masters (by Research) Viva Thesis supervisor: Dr. John See Su Yang Thesis co-supervisor: Dr. Ho Chiung Ching Visual Processing Laboratory

1.02k views • 73 slides

More recommend