DDoS Attack Identification
describe use of Blockchain Smart Contracts to detect and classify control and user plane DDoS attacks from network core nodes . In Section 4.1 , we describe timing advance observation to form a location fingerprint for perpetrator UEs involved in over-the-air DDoS attacks . The next challenge is to minimize or preferably eliminate the DDoS impact of IoT devices classified and localized as perpetrator UEs in a specific area . As per Figure 4-2 , DDoS attacks may target one or many networks , platforms , applications , or service victims .
Figure 4-2 : IoT security threat environment .
Considering the variety and the sheer number of IoT devices and DDoS victims , it is relatively impractical and / or ineffective to apply countermeasures and mitigation at all endpoints and intermediate nodes . Some intermediate node mitigation techniques may even exacerbate DDoS impact for other nodes in the network . For example , packet core nodes may selectively drop packets for DDoS perpetrator flows , thus rate-limiting the DDoS impact to upstream nodes in the core , internet , and IoT platforms .
This kind of overt countermeasure action will trigger an even more damaging reaction , packet retransmission , from the perpetrator UEs . Packet retransmission will amplify the radio noise and congestion that triggered DDoS countermeasures and mitigation in the first place . Another intermediate node DDoS mitigation technique , called “ defense by offense ”, deliberately increases the volume of “ good client ” traffic so there is less bandwidth for the DDoS perpetrators to use .
68 March 2022