論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0803120-120639 詳細資訊
Title page for etd-0803120-120639
論文名稱 Title |
於長期演進行動網路下基於符號模型檢測的無線存取網路攻擊偵測 Symbolic Detection of Cyberattacks Against Radio Access Networks in Long-term Evolution Mobile Networks Using Model Checking |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
61 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2020-06-30 |
繳交日期 Date of Submission |
2020-09-03 |
關鍵字 Keywords |
Model Checking、Intrusion Detection、Misuse Detection、Cyberattacks、Radio Access Network、5G、Long-Term Evolution Long-Term Evolution, 5G, Radio Access Network, Model Checking, Intrusion Detection, Misuse Detection, Cyberattacks |
||
統計 Statistics |
本論文已被瀏覽 5653 次,被下載 1 次 The thesis/dissertation has been browsed 5653 times, has been downloaded 1 times. |
中文摘要 |
第五代(5G)移動通信標準已得到廣泛開發,以引入更多用於物聯網(IoT)的連 接設備。它帶來了許多功能,例如網絡切片和網絡功能虛擬化。但是,無線接入網 路(RAN)的漏洞將影響基於5G的IoT應用程序的安全性。由於RAN的程序通常在安 全性認證建立之前就已開始進行,透過空中接口發送/接收數據,因此容易受到許多 主動及被動式攻擊。隨著連接到網際網路的設備的逐漸增長,攻擊者更容易進行大 規模攻擊。基於以上原因,在RAN中急切需要一個強大的入侵檢測/防禦框架,以識 別/防禦此類攻擊。在本研究中,我們在第四代行動通訊(4G) 及長期演進技術(LTE) 的RAN中引入了某些典型的攻擊。我們還研究了這些攻擊對使用不同的臺灣電信商的 移動設備造成之影響。此外,我們模擬RAN攻擊以收集相關的流量記錄檔,進行基於 機器學習和基於模型檢查的檢測技術。實驗結果表明,我們的系統能夠動態及有效地 檢測出RAN中的攻擊。 |
Abstract |
The fifth-generation (5G) mobile communication standard has been extensively developed to introduce many more connected devices for the internet of things (IoT). It brings with it many features, like network slicing and virtualization of network functions. However, the vulnerability of the radio access network (RAN) would impact the security of 5G-based IoT applications. The RAN transmits/receives data over the air interface and is vulnerable to active and passive attacks as the RAN procedures usually occur prior to any security establishment. The massive-scale attacks would be easier for the attackers to perform with the increase in devices connected to the internet. A robust framework for intrusion detection/prevention to identify/defend such attacks is urgently required. This work has implemented the common attacks in the RAN of 4G/Long-term evolution (LTE) and examined their influence on different mobile devices and the telecom operators. The collected network traffic logs were analyzed using machine learning and model checking based attack detection techniques. Experimental results show that the proposed system can detect attacks in RAN dynamically and effectively. |
目次 Table of Contents |
Contents 論文審定書 Acknowledgments iii 摘要 iv ABSTRACT v List of Tables iii List of Figures iv Chapter 1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Contributions of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 2 Background 5 2.1 Cellular Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.2 LTE Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.3 Common LTE Procedures . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.2 Types of Detection Methodology . . . . . . . . . . . . . . . . . . . . 9 2.2.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3 Model checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3.2 Model checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Chapter 3 Related Works 13 Chapter 4 Implemented Attacks on Radio Access Network 16 4.1 Numb Attack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.2 AKA Bypass Attack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3 Tracking Area Update Reject: . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.4 Attach Reject Attack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4.5 Service Reject Attack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.6 Detach Request Attack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 4.7 IMSI capture Attack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Chapter 5 The Proposed System 25 5.1 The Proposed Detection System . . . . . . . . . . . . . . . . . . . . . . . . 25 5.2 Machine learning Module in LTE . . . . . . . . . . . . . . . . . . . . . . . . 27 5.2.1 Data Collection and Feature Selection: . . . . . . . . . . . . . . . . . 27 5.2.2 Model Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.3 Automatic model checker in LTE . . . . . . . . . . . . . . . . . . . . . . . . 30 5.3.1 Experiment with model checking based detection . . . . . . . . . . . 32 5.4 An example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Chapter 6 Experiment Results 36 6.1 Parameter Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 6.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Chapter 7 Conclusion and Future Works 38 7.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 7.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Appendix A Implemented code segments and Wireshark screen capture 42 |
參考文獻 References |
[1] 2018 Hawaii false missile alert [Online], Available: https://en.wikipedia.org/ wiki/2018Hawaiifalsemissilealert [2] Bhati, Bhoopesh Singh and Chandravilash Rai. “A Survey on Intrusion Detection Tools.” 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom) (2019): 806-810. [3] Sabahi, F. & Movaghar, Ali. (2008). Intrusion Detection: A Survey. Systems and Networks Communication, International Conference on. 23-26. 10.1109/ICSNC.2008.44. [4] K. A. Al-Enezi, I. F. Al-Shaikhli, A. R. Al-Kandari and L. Z. Al-Tayyar, ”A Survey of Intrusion Detection System Using Case Study Kuwait Governments Entities,” 2014 3rd International Conference on Advanced Computer Science Applications and Technologies, Amman, 2014, pp. 37-43, doi: 10.1109/ACSAT.2014.14. [5] Hussain, S. R., Omar Chowdhury, Shagufta Mehnaz and E. Bertino. “LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE.” NDSS (2018). [6] H. Kim, J. Lee, E. Lee and Y. Kim, ”Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane,” 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2019, pp. 1153-1168, doi: 10.1109/SP.2019.00038. [7] L. He, Z. Yan and M. Atiquzzaman, ”LTE/LTE-A Network Security Data Collection and Analysis for Security Measurement: A Survey,” in IEEE Access, vol. 6, pp. 4220-4242, 2018, doi: 10.1109/ACCESS.2018.2792534. [8] K. Vachhani, Security Threats Against LTE Networks, SSCC 2018, Bangalore, India,September 19–22, 2018, Revised Selected Papers, 01 2019, pp. 242–256. [9] S. P. Rao, B. T. Kotte, and S. Holtmanns, “Privacy in LTE Networks,” in Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications,ser. MobiMedia ’16.Brussels, BEL: ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2016, p. 176–183. [10] S. Holtmanns, S. P. Rao and I. Oliver, ”User location tracking attacks for LTE networks using the interworking functionality,” 2016 IFIP Networking Conference (IFIP Networking) and Workshops, Vienna, 2016, pp. 315-322, doi: 10.1109/IFIPNetworking.2016.7497239. [11] A. Dabrowski, N. Pianta, T. Klepp, M. Mulazzani, and E. Weippl, “IMSI-Catch Me If You Can: IMSI-Catcher-Catchers,” in Proceedings of the 30th Annual Computer Security Applications Conference, ser. ACSAC ’14.New York, NY, USA: Association forComputing Machinery, 2014, p. 246–255. [12] A. Shaik, R. Borgaonkar, N. Asokan, V. Niemi, and J.-P. Seifert, “Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems,” 01 2016. [13] R. Bassil, A. Chehab, I. Elhajj, and A. Kayssi, “Signaling oriented denial of service on lte networks,” 10 2012, pp. 153–158. [14] J. Jin, C. Lian, and M. Xu, “Rogue base station detection using a machine learning approach,” in2019 28th Wireless and Optical Communications Conference (WOCC),2019, pp. 1–5. [15] A. Dabrowski, N. Pianta, T. Klepp, M. Mulazzani, and E. Weippl, “IMSI-Catch Me If You Can: IMSI-Catcher-Catchers,” in Proceedings of the 30th Annual Computer Security Applications Conference.Association for Computing Machinery, 2014, p.246–255. [16] Z. Li, W. Wang, C. Wilson, J. J. Chen, C. Qian, T. Jung, L. C. Zhang, K. Liu, X. Li, and Y. Liu, “Fbs-radar: Uncovering fake base stations at scale in the wild,” in NDSS, 2017. [17] Tamarin Prover [Online], Available: https://tamarin-prover.github.io [18] NuSMV: a new symbolic model checker [Online], Available: http://nusmv.fbk.eu [19] OpenAirInterface, 5G software alliance for democratising wireless innovation [Online], Available: https://www.openairinterface.org [20] LTEFuzz [Online], Available: https://www.sites.google.com/view/ltefuzz [21] srsLTE [Online], Available: https://www.srslte.com [22] 3GPP TS 24.301, Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS) Stage 3 [Online], Available: https://portal.3gpp.org/desktopmodules/ Specifications/SpecificationDetails.aspx?specificationId=1072 [23] OpenLTE [Online], Available: https://sourceforge.net/projects/openlte [24] J. Jin, C. Lian and M. Xu, ”Rogue Base Station Detection Using A Machine Learning Approach,” 2019 28th Wireless and Optical Communications Conference (WOCC), Beijing, China, 2019, pp. 1-5, doi: 10.1109/WOCC.2019.8770554. [25] DataLogger [Online], Available: https://github.com/STRCWearlab/DataLogger [26] SCAT: Signaling Collection and Analysis Tool [Online], Available: https://github. com/fgsect/scat [27] Wireshark [Online], Available: https://www.wireshark.org/download.html [28] Christel Baier, Joost-Pieter Katoen (2008). Principles of model checking. The MIT Press. pp. 20–21 and 94–95. ISBN 978-0-262-02649-9. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS