DDoS Attack Identification
network flows become more distributed , to satisfy IoT performance and scale requirements , they also become more difficult to monitor from a central cloud platform . Central IP flow transportation and processing , for DDoS detection , will be difficult to scale and secure .
Distributed , blockchain-based DDoS detection and defense approaches ( for example
https :// hal . inria . fr / hal-01806063 : Jul 2017 ) propose use of Blockchains to detect and report DDoS via Smart Contracts deployed at various distributed network nodes along the IP path to the victim server . These methods certainly address some of the aforementioned user plane IP flow transportation and processing scale-ability and security concerns , but they do not observe cellular network radio and control plane DDoS attacks .
Traditional and proposed DDoS defense mechanisms , including the central and Blockchain distributed examples described above , suggest detection and mitigation mechanisms that address and defend against DDoS attacks of servers through an instrumented IP network . These traditional defense mechanisms , including IP blacklisting , packet dropping and connection rejection , protect the victim server , but they fail to protect the network radio or control resources along the path . Section 5 describes scenarios where some traditional defense mechanisms may exacerbate / amplify network radio and control resource attacks .
In summary , we aim to fill gaps in existing detection and countermeasure mechanisms that lack the scale and radio awareness to address the wireless IoT DDoS threat . Our solution includes radio and Blockchain DDoS detection techniques that complement radio countermeasure techniques .
During an IoT DDoS attack , potentially massive number of IoT devices initiate an abnormally high volume of various transactions towards a destination . These excess transactions may intentionally or unintentionally cause congestion and instability at the destination and / or various intermediate nodes and interfaces along the path between the origin ( radio ) and the destination ( server ). We propose a distributed detection approach that yields DDoS detection alerts closest to the source ( s ) and time of attack .
All wireless IoT transactions , legitimate and illegitimate , begin with radio network access . Each radio network access attempt includes IoT UE uplink radio transmissions that yield useful signal , for the intended transaction , and noise interference for all other transactions sharing the same cellular frequencies . IoT DDoS attacks may lead to a rise in uplink noise in the serving cell , but not in the neighboring cells nearby .
This is because high-volume , low cost IoT devices typically have low transmitter and battery power and are more effective for DDoS attacks close to the victim cell site . Legitimate UE traffic is typically dispersed over larger areas between multiple cell sites . If the noise is from typical
58 March 2022