FBSDetector: Fake Base Station and Multi Step Attack Detection in Cellular Networks using Machine Learning

Fake base stations (FBSes) pose a significant security threat by impersonating legitimate base stations.

Though efforts have been made to defeat this threat, up to this day, the presence of FBSes and the multi-step attacks (MSAs) stemming from them can lead to unauthorized surveillance, interception of sensitive information, and disruption of network services for legitimate users.

Therefore, detecting these malicious entities is crucial to ensure the security and reliability of cellular networks.

Traditional detection methods often rely on additional hardware, predefined rules, signal scanning, changing protocol specifications, or cryptographic mechanisms that have limitations and incur huge infrastructure costs in accurately identifying FBSes.

In this paper, we develop FBSDetector-an effective and efficient detection solution that can reliably detect FBSes and MSAs from layer-3 network traces using machine learning (ML) at the user equipment (UE) side.

To develop FBSDetector, we created FBSAD and MSAD, the first-ever high-quality and large-scale datasets for training machine learning models capable of detecting FBSes and MSAs.

These datasets capture the network traces in different real-world cellular network scenarios (including mobility and different attacker capabilities) incorporating legitimate base stations and FBSes.

The combined network trace has a volume of 6.6 GB containing 751963 packets.

Our novel ML models, specially designed to detect FBSes and MSAs, can effectively detect FBSes with an accuracy of 92% and a false positive rate of 5.96% and recognize MSAs with an accuracy of 86% and a false positive rate of 7.82%.

We deploy FBSDetector as a real-world solution to protect end-users through an Android app and validate in a controlled lab environment.

Compared to the existing solutions that fail to detect FBSes, FBSDetector can detect FBSes in the wild in real time.