Detecting signalling DoS attacks on LTE networks

As mobile communications increase their presence in our life, service availability becomes a crucial player for the next generation of cellular networks. However, both 4G and 5G systems lack of full protection against Denial-of-Service (DoS) attacks, due to the need of designing radio-access protocols focused on providing seamless connectivity. This paper presents a new method to detect a DoS attack over the Radio Resource Control (RRC) layer, offering three original metrics to identify such attack in a live Intrusion Detection System (IDS). The proposed metrics evaluate the connection release rate, the average session establishment and the session success rate to identify the attack. The presented results provide an average detection rate above 96%, with an average false positive rate below 3.8%.