DDoS Attack Identification |
|
|
|
UE |
gNB |
UE |
gNB |
1 |
Random Access Preamble |
A |
Random Access Preamble
PUSCH payload
|
Random Access Response 2 Contention Resolution
B
3
Scheduled Transmission
Contention Resolution 4
( a ) CBRA with 4-step RA type ( b ) CBRA with 2-step RA type
RA Preamble assignment 0
RA Preamble and PUSCH assignment
0
1 |
Random Access Preamble |
A |
Random Access Preamble
PUSCH payload
|
Random Access Response 2 Random Access Response
B
( c ) CFRA with 4-step RA type
( d ) CFRA with 2-step RA type Figure 4-4 : Contention-based and contention-free RACH procedures .
Under typical load conditions , all UEs are load balanced between available frequencies and RACH resources . This is accomplished with inter-frequency handovers at the leading edge of transactions , and / or release with cell info at the trailing edge of transactions . Such load-balancing behavior is optimal under normal conditions , but with DDoS , this approach multiplies the legitimate UE impact and radio RACH signaling capacity between DDoS UEs and upstream targets .
When DDoS is detected , the cell site applies a defensive load balance mechanism which pushes DDoS UEs towards a single , narrow radio frequency that is not shared with legitimate UE . This is accomplished via assignment of a DDoS countermeasure SPID ( Service Profile Identifier ), which narrows DDoS UE access to a single selected radio frequency .
70 March 2022