DDoS Attack Identification
Indicators ( KPI ) of the primary cell and its nearest neighbors . We validate our results for various environmental conditions in data available from LTE and 5G consumer networks . We propose a combination of :
a ) Time series distance-based measures , such as Dynamic Time Warping ( DTW ), b ) Frequency domain-based measures or generalized ( uniform or non-uniform ) filter-bank based approaches , such as Wavelets and Short Time Fourier Transform ( STFT ), and c ) Sequence model-based measures , such as Hidden Markov Models ( HMM ).
The block diagram of our approach is shown in Figure 3-2 .
We further have extended the work to multi-frequency time series , by using Fourier Feature Mapping to handle finer time granularities and detect DoS anomalies in an online learning setting .
Figure 3-2 : Block-diagram of the ensemble-based approach for time series ensemble-based approach for network anomaly detection under DoS attacks .
We further propose a self-supervised reinforcement learning approach to predict DoS-related anomalies before they occur . Such predictions may , for example , observe the leading edge of a large-scale IoT DDoS attack , and initiate countermeasures before the entire local population of IoT devices join the attack . We forecast environmental conditions that give rise to DoS based on offline historical data and models that predict future occurrences . T
These approaches were tested on customer LTE data for 50,000 + cell sites . The Key Performance Indicators ( KPIs ) were collected at every 15 minutes . As a DDoS attack is correlated to a rise in uplink noise in the primary cell , and not in the neighbors as described above , we mark the rise in
60 March 2022