Internet of Things ( IoT ) device density / volume is the new Distributed Denial of Service ( DDoS ) risk for 5G . The utilization of cloud and edge computing , as well as the convergence of mobile and traditional IT networks , results in the creation of powerful new attack vectors for IoT applications and networks . The challenge is to convert the risk of high-volume IoT attacks to an opportunity to observe and steer a larger sample of IoT devices and nodes involved in potential attacks . An additional challenge is to convert complexity , of distributed networks , to additional DDoS detection and countermeasure horsepower .
Another key challenge is to convert radio network complexity and DDoS vulnerability to even more powerful DDoS detection and countermeasure horsepower . Diversified DDoS detection and countermeasures are therefore crucial for IoT applications and the networks that host them . Emerging technologies , such as blockchain and smart contracts , enable the fully distributed and automatic exchange of attack information . This paper investigates how 5G radio networks and blockchain can be used in tandem to provide an additional layer of protection against IoT DDoS attacks .
The challenge of detecting DDoS attacks is not entirely new , but when high IoT device density is considered , the scale and associated automation needs are . We propose a step-by-step approach for DDoS detection as described below :
• Sensing : We must first identify which measurement points and metrics can reveal a potential DDoS attack . Examples include UE trace and / or billing records , radio eNB / gNB , MME / AMF for control plane sensing , and PGW / UPF for user plane sensing .
• Baseline state models : We must next build models which represent " normal " or nonanomalous UE and network states , observe-able by sensing , that exist before the DDoS incident . Examples include UE volume / attach / tracking area update per hour , radio uplink noise , RACCH occupancy , MME / AMF attach / tracking area update per attached UE / hour , and PGW / UPF data volume per connected UE .
• Network and UE anomaly detection : We must next begin with a means to detect an abnormal condition , which may or may not be DDoS , from available UE and network sensing data which is out of alignment with baselines . Anomaly examples include uplink noise , signaling , and / or user data traffic volume spikes compared to baseline .
1
U . S . Patent pending No . 63 / 307,519 .
IIC Journal of Innovation 54