Detection and mitigation of denial-of-service attacks in wireless communication networks
First Claim
1. A method comprising:
- obtaining, by a base station comprising a processor, data relating to a set of collision events on a shared channel for communicating with the base station on a wireless network according to a contention-based access protocol,wherein a plurality of terminals attempt to access the channel contemporaneously, the data comprising a first number representing a number of unsuccessful attempts to access the channel by the plurality of terminals, a second number representing a number of access attempts, and a set of time intervals between access attempts for each of the plurality of terminals, the channel being associated with a set of resource blocks;
estimating, by the base station, a probability of collision in the channel based on the first number, the second number, and the protocol;
generating, by the base station, a first probability distribution of the time intervals for each of the terminals, based on the estimated probability of collision;
calculating, by the base station, a second probability distribution of the time intervals for each of the terminals, based on the data;
calculating, by the base station, for each terminal a first cumulative distribution function and a second cumulative distribution function from the first probability distribution and the second probability distribution respectively;
comparing, by the base station, the first cumulative distribution function and the second cumulative distribution function for each terminal to identify a malfunctioning terminal not operating in accordance with the protocol;
responsive to determining that the base station is in a multi-antenna system and is capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, blocking the signal from the malfunctioning terminal; and
responsive to determining that the base station is not in a multi-antenna system or is not capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, re-assigning the channel to a different set of resource blocks and broadcasting information regarding the re-assigning on a broadcast channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A method that incorporates teachings of the subject disclosure may include, for example, obtaining data relating to a set of collision events on a shared channel on a wireless network according to a contention-based access protocol in which a plurality of terminals attempt to access the channel contemporaneously. A probability of collision in the channel is estimated and a probability distribution of time intervals between access attempts is generated based on the estimated probability of collision. Empirical and theoretical cumulative distribution functions for the time intervals are calculated, and compared to identify a malfunctioning terminal not operating in accordance with the protocol. Other embodiments are disclosed.
17 Citations
20 Claims
-
1. A method comprising:
-
obtaining, by a base station comprising a processor, data relating to a set of collision events on a shared channel for communicating with the base station on a wireless network according to a contention-based access protocol, wherein a plurality of terminals attempt to access the channel contemporaneously, the data comprising a first number representing a number of unsuccessful attempts to access the channel by the plurality of terminals, a second number representing a number of access attempts, and a set of time intervals between access attempts for each of the plurality of terminals, the channel being associated with a set of resource blocks; estimating, by the base station, a probability of collision in the channel based on the first number, the second number, and the protocol; generating, by the base station, a first probability distribution of the time intervals for each of the terminals, based on the estimated probability of collision; calculating, by the base station, a second probability distribution of the time intervals for each of the terminals, based on the data; calculating, by the base station, for each terminal a first cumulative distribution function and a second cumulative distribution function from the first probability distribution and the second probability distribution respectively; comparing, by the base station, the first cumulative distribution function and the second cumulative distribution function for each terminal to identify a malfunctioning terminal not operating in accordance with the protocol; responsive to determining that the base station is in a multi-antenna system and is capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, blocking the signal from the malfunctioning terminal; and responsive to determining that the base station is not in a multi-antenna system or is not capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, re-assigning the channel to a different set of resource blocks and broadcasting information regarding the re-assigning on a broadcast channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A base station comprising:
-
a memory to store instructions; and a processor coupled to the memory, wherein responsive to executing the instructions, the processor performs operations comprising; obtaining data relating to a set of collision events on a shared channel for communicating with the base station on a wireless network according to a contention-based access protocol, wherein a plurality of terminals attempt to access the channel contemporaneously, the data comprising a first number representing a number of unsuccessful attempts to access the channel by the plurality of terminals, a second number representing a number of access attempts, and a set of time intervals between access attempts for each of the plurality of terminals, the channel being associated with a set of resource blocks; estimating a probability of collision in the channel based on the first number, the second number, and the protocol; generating a first probability distribution of the time intervals for each of the terminals, based on the estimated probability of collision; calculating a second probability distribution of the time intervals for each of the terminals; calculating for each terminal a first cumulative distribution function and a second cumulative distribution function from the first probability distribution and the second probability distribution respectively; generating a test statistic based on the first cumulative distribution function and the second cumulative distribution function for each terminal; applying a one-sided statistical goodness of fit test to the test statistic to determine a goodness of fit threshold function; comparing the second cumulative distribution function and the goodness of fit threshold function for each terminal to identify a malfunctioning terminal not operating in accordance with the protocol, wherein for some time interval in the set of time intervals, the malfunctioning terminal has a second cumulative distribution function value that exceeds the threshold function; responsive to determining that the base station is in a multi-antenna system and is capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, blocking the signal from the malfunctioning terminal; and responsive to determining that the base station is not in a multi-antenna system or is not capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, re-assigning the channel to a different set of resource blocks and broadcasting information regarding the re-assigning on a broadcast channel. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage device comprising executable instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
obtaining data relating to a set of collision events on a shared channel for communicating with a base station on a wireless network according to a contention-based access protocol, wherein a plurality of terminals attempt to access the channel contemporaneously, the data comprising a first number representing a number of unsuccessful attempts to access the channel by the plurality of terminals, a second number representing a number of access attempts, and a set of time intervals between access attempts for each of the plurality of terminals, the channel being associated with a set of resource blocks, wherein an attempt to access the channel comprises transmission of a preamble message by a sending terminal of the plurality of terminals; estimating a probability of collision in the channel based on the first number, the second number, and the protocol; generating a first probability distribution of the time intervals for each of the terminals, based on the estimated probability of collision; calculating a second probability distribution of the time intervals for each of the terminals; calculating for each terminal a first cumulative distribution function and a second cumulative distribution function from the first probability distribution and the second probability distribution respectively; generating a test statistic based on the first cumulative distribution function and the second cumulative distribution function for each terminal; applying a one-sided statistical goodness of fit test to the test statistic to determine a goodness of fit threshold function; comparing the second cumulative distribution function and the goodness of fit threshold function for each terminal to identify a malfunctioning terminal not operating in accordance with the protocol, wherein for some time interval in the set of time intervals, the malfunctioning terminal has a second cumulative distribution function value that exceeds the threshold function; responsive to determining that the base station is in a multi-antenna system and is capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, blocking the signal from the malfunctioning terminal; and responsive to determining that the base station is not in a multi-antenna system or is not capable of estimating an angle of arrival of a signal incoming to the base station from the malfunctioning terminal, re-assigning the channel to a different set of resource blocks and broadcasting information regarding the re-assigning on a broadcast channel. - View Dependent Claims (17, 18, 19, 20)
-
Specification