DDoS Attack Identification
This method may slow down the DDoS devices , but it will also amplify radio noise and congestion that triggered DDoS mitigation in the first place . Traditional radio congestion mitigation techniques , such as RRC connection reject , may also amplify DDoS radio degradation . In the RRC connection reject case , the victim cell sends RRC connection reject , along with a wait timer ranging from 0 to 16 seconds to the DDoS perpetrator UEs . This kind of overt countermeasure action may cause the compromised perpetrator UEs to ignore wait times and instead send noise inducing RRC requests at an even faster rate .
Figure 4-3 : RRC Connection Reject message per 3GPP TS 36.331 .
Considering these examples , IoT device density , and the sheer volume of DDoS attacks they could bring , a more targeted yet less overt radio countermeasure and mitigation approach is required .
According to 3GPP 38.300 standards , all UE , including IoT , must initially access the radio network via a Random-Access Control Channel ( RACH ). For each UE , this shared RACH is the initial path to dedicated resources used for the remainder of any transaction . While sharing a common primary cell ( radio carrier ), UEs must share and therefore compete for RACH resources in a contentionbased or contention free manner .
In contention-based RACH , over-active DDoS UEs may jam the RACH with interference in the form of RACH collisions with other UEs attempting to access the same cell at the same time . In contention-free RACH , over-active DDoS UEs may occupy a disproportionate share of RA preamble assignments . In either case , legitimate UEs , sharing the same RACH with DDoS UEs , will suffer delayed or blocked access to the radio network .
IIC Journal of Innovation 69