DDoS Attack Identification
In cases , such as private networks , where available spectrum is initially applied to a single radio frequency ( ARFCN or EARFCN ), the cell site may subdivide the spectrum by creating two new frequencies with imbalanced bandwidth . Over-active DDoS UEs compete and collide with each other for fewer RACH resources on a single , narrow radio frequency , and are less likely to acquire dedicated resources towards the upstream network , platform , application , and service nodes .
From the DDoS UE perspective , this observe-able load balance and congestion activity appear to be the intended outcome from the DDoS attack = DDoS mission accomplished . From the legitimate UE and network perspective , the DDoS UEs are fighting and blocking each other before they are able to reach the DDoS victim = DDoS mission thwarted .
Traditional inter-frequency load balance
All UE load balanced between F1-F3
F1 F2 F3
DDOS Victim
Legitimate UE compete with over-active DDOS UE for RACH resources
DDOS countermeasures
Legitimate UE steered away from F3
DDOS UE assigned to DDOS SPID with F3 as only carrier
F1 F2 F3
DDOS UE compete with each other for 1 / 3 as many RACH resources , thus reducing radio and upstream network impact
DDOS Victim
Figure 4-5 : Inter-frequency load balance for covert DDoS countermeasures .
In this case , DDoS countermeasure effectiveness increases with the number of DDoS UEs , and the interference and blocking they cause for each other at the leading edge of their attempted transactions .
In the above sections , we have described how radio and blockchain techniques can be combined to form a distributed and powerful IoT DDoS detection , location and covert countermeasure
IIC Journal of Innovation 71