DDoS Attack Identification
• Network and UE anomaly classification : Once detected , anomalies must be classified prior to causal inference and other steps . This classification is needed in order to narrow relatively broad , and compute expensive , causality inference actions to a manageable set . Sensed data patterns are temporal , spatial and distribution clues that suggest an optimal path for causality inference .
• Network and UE causality inference : The combination of network and UE anomaly classification should be used to initiate / instantiate a targeted causality inference path .
• Network countermeasures and remedial actions : Once classified , UE and network DDoS causes must be addressed via countermeasures and remedial actions . If coordinated / coincident UE signaling actions are observed , then appropriate countermeasures must be instantiated to steer these UE down a network path which limits their impact on the upstream network and legitimate UE . In this case , a desirable outcome may be for the anomalous UE to impact or deny service to each other , thus using the high density of DDoS IoT devices as an enabler , versus challenge , to a powerful DDoS defense mechanism . Next , additional spatial classification , using geolocation techniques , should be used to identify the presence or absence of DDoS device clusters . Additional remedial actions , including automated over-the-air software updates , may be used to further identify , repair , impair or completely disable DDoS devices . Finally , proactive actions must be taken to prevent DDoS UE from impacting additional networks after detection . These countermeasures and remedial actions should all be designed to mimic normal or DDoSimpaired conditions that are difficult for IoT devices to detect or counter .
• Chapter 2 – Motivation
• Chapter 3 – Distributed DDoS Attack Detection
• Chapter 4 – DDoS Countermeasures
• Chapter 5 – Summary and Next Steps
• 5G – Fifth-generation technology standard for broadband cellular network
• AMF – Access & Mobility Management Function
• ARFCN – Absolute radio frequency channel Number
• DDoS – Distributed Denial of Service
• DIU – Data Interface Unit
• DTW – Dynamic Time Warping
• EARFCN – E-Ultra Absolute Radio Frequency Channel Number
IIC Journal of Innovation 55