Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

There is a lack of effective security solutions that autonomously, without any human intervention, detect and mitigate DDoS cyber-attacks. The lack is exacerbated when the network to be protected is a 5G mobile network. 5G networks push multi-tenancy to the edge of the network. Both the 5G user mobility and multi-tenancy are challenges to be addressed by current security solutions. These challenges lead to an insufficient protection of 5G users, tenants and infrastructures. This research proposes a novel autonomic security system, including the design, implementation and empirical validation to demonstrate the efficient protection of the network against Distributed Denial of Service (DDoS) attacks by applying countermeasures decided on and taken by an autonomic system, instead of a human. The self-management architecture provides support for all the different phases involved in a DDoS attack, from the detection of an attack to its final mitigation, through making the appropriate autonomous decisions and enforcing actions. Empirical experiments have been performed to protect a 5G multi-tenant infrastructure against a User Datagram Protocol (UDP) flooding attack, as an example of an attack to validate the design and prototype of the proposed architecture. Scalability results show self-protection against DDoS attacks, without human intervention, in around one second for an attack of 256 simultaneous attackers with 100 Mbps bandwidth per attacker. Furthermore, results demonstrate the proposed approach is flow-, user- and tenant-aware, which allows applying different protection strategies within the infrastructure.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The motivation for this research is to present a novel framework that enables a smart city administrator to effectively manage and provide security to the IoT device fleet from botnet-based attacks. There are open research challenges in recent studies [31][32][33][34][35][36][37][38][39][40] that require a new comprehensive and practical approach to protect embedded devices in a smart city from botnet attacks, ...
... Mamolar et al. [35] proposed an autonomous detection and mitigation architecture for DDoS attacks on multi-tenant 5G networks. The architecture consists of a data network used for user communications and the Management network interconnecting all autonomous system modules. ...
... The derivation from the achieved 96.10 precision is that the C-BotDet produces a reduced number of false alarms than the Self-Adaptive Deep Learning-Based System (SA-DL), which had the lowest at 68.63% [30]. The Visualized Botnet Detection System (VBDS) has 93.2% [35]. The Recall for the proposed protocol, which is at 93.03%, illustrates the high percentage of actual positives that were identified correctly. ...
Article
Smart Cities contains millions of IoT sensors supporting critical applications such as Smart Transport, Buildings, Intelligent Vehicles, and Logistics. A central administrator appointed by the government manages and maintains the security of each node. Smart City relies upon millions of sensors that are heterogeneous and do not support standard security architecture. Different manufacturers have weak protection protocols for their products and do not update their firmware upon newly identified operating systems’ vulnerabilities. Adversaries using brute force methods exploit the lack of inbuilt security systems on IoT devices to grow their bot network. Smart cities require a standard framework combining soft computing and Deep Learning (DL) for device fleet management and complete control of sensor operating systems for absolute security. This paper presents a real-world application for IoT fleet management security using a lightweight container-based botnet detection (C-BotDet) framework. Using a three-phase approach, the framework using Artificial Intelligence detects compromised IoT devices sending malicious traffic on the network. Balena Cloud revokes API keys and prevents a compromised device from infecting other devices to form a more giant botnet. VPN (Virtual Private Network) prevents inter-device communication and routes all malicious traffic through an external server. The framework quickly updates the standard Linux-based operating system IoT device fleet without relying on different manufacturers to update their system security individually. The simulation and analysis of the C-BotDet framework are presented in a practical working environment to demonstrate its implementation feasibility.
... Multi-tenant 5G mobile networks against UDP flooding DDoS attacks are introduced by Mamolar et al. (Mamolar et al., 2019). In this proposal, a security monitoring agent (SMA) based architecture is designed for combating the flooding attacks of DDoS It is concern by taking countermeasures determined by taking an autonomic system as an alternative to a human. ...
... Such methods are common in (Vidal et al., 2018) and (An and Yang, 2019). The methods in (Kurt et al., 2018) (Mamolar et al., 2019), and (Monge et al., 2019) rely on rule-based systems and prediction based processing. However, the prediction is used for identifying the traffic in the sequential transmission. ...
... The cloud handles a maximum of 180 request processing instances between the SP and GL. In this comparative analysis detection time, true positive rate (TPR), Request delivery, and response ratio are compared with the existing SMA (Mamolar et al., 2019) and EDoS , respectively. ...
Article
Full-text available
Quality of Service (QoS) in a fifth-generation communication network is leveraged through its interoperable information communication technologies. This interoperability improves the scalable and adaptable level of heterogenous users by maximizing the radio and network resources reliably. Denial of service (DoS) turns out to be a threat in granting communication quality and reliability in service responses due to periodic flooding and invariable traffic flows. This manuscript introduces a differential flow management scheme (DFMS) for the 5G communication network for thwarting the impact of DoS adversaries. This scheme classifies the request/ response flow traffic as continuous and discrete and addresses the discrete flow as a sub-optimal differential problem. In this optimization problem, the goal is to converge the time of adversary detection and to re-formulate resource allocation as a continuous flow based on the remaining flows. The invariable flow is modeled for the persistence time based on service and transmission intervals to retain the user equipment's response rate. The experimental results show the proposed scheme's consistency by achieving less adversary detection time, maximizing the request delivery ratio, and retaining the response rate, respectively.
... The classification operations are performed based on the selected features of the attacks. Mohammadi et al. [21] and Mamolar et al. [22] has tried to resolve the attacks with defined traffic protocols with proper switching and hubs. ...
... In such attacks, the adversary tries to associate its MAC address with the IP address of a legitimate 5G component, causing any traffic meant for that IP address to be sent to the attacker instead. Another significant threat to the 5G access network is radio flooding [42], occurring when transmission of data requests is sent to exhaust resources. This can subsequently lead to a reduction or even a complete shutdown of the radio resources provided by the component. ...
Article
Full-text available
With the expansion of 5G networks, new business models are arising where multi-tenancy and active infrastructure sharing will be key enablers for them. With these new opportunities, new security risks are appearing in the form of a complex and evolving threat landscape for 5G networks, being one of the main challenges for the 5G mass rollout. In 5G-enabled scenarios, adversaries can exploit vulnerabilities associated with resource sharing to perform lateral movements targeting other tenant resources, as well as to disturb the 5G services offered or even the infrastructure resources. Moreover, existing security and trust models are not adequate to react to the dynamicity of the 5G infrastructure threats nor to the multi-tenancy security risks. Hence, we propose in this work a new security and trust framework for 5G multi-domain scenarios. To motivate its application, we detail a threat model covering multi-tenant scenarios in an underlying 5G network infrastructure. We also propose different ways to mitigate these threats by increasing the security and trust levels using network security monitoring, threat investigation, and end-to-end trust establishments. The framework is applied in a realistic use case of the H2020 5GZORRO project, which envisions a multi-tenant environment where domain owners share resources at will. The proposed framework forms a secure environment with zero-touch automation capabilities, minimizing human intervention.
... Papers [2], [3], [4], [5] and [6] justify their proposed solution upon the theoretical basis of modelling the system using simulator, empirical formulas etc. but, [7] proposes the autonomous security system to bespeak the systematic protection of the network contrary to DDoS attacks by elucidating the definite countermeasures apprehended by the autonomous system rather than a human. ...
Article
Full-text available
Abstract—This paper proposes a hybrid technique for distributed denial-of-service (DDoS) attack detection that combines statistical analysis and machine learning, with software defined networking (SDN) security. Data sets are analysed in an iterative approach and compared to a dynamic threshold. Sixteen features are extracted, and machine learning is used to examine correlation measures between the features. A dynamically configured SDN is employed with software defined security (SDS), to provide a robust policy framework to protect the availability and integrity, and to maintain privacy of all the networks with quick response remediation. Machine learning is further employed to increase the precision of detection. This increases the accuracy from 87/88% to 99.86%, with reduced false positive ratio (FPR). The results obtained based on experimental data-sets outperformed existing techniques. Index Terms—DDoS, Software Defined Networking (SDN), 5G Security, Internet of Things(IoT) security, Machine Learning.
... et al. and Bhushan et al. worked on low-rate DDoS attack in cloud computing environment[15,16]. Besides there are 758 studies on attack detection and prevention in 5G mobile networks[17][18][19].Demir et al. proposed an intrusion detection system by combining different classification models, but their study did not have a mitigation system[20]. Patil et al. and Behal et al. worked on DDoS just for early detection[21,22]. ...
... There is abundant work in the literature on the detection of DDoS attacks on networks by relying on SDN. In [18], the authors propose a framework for improving network security in which data traffic is mirrored to a central Intrusion Detection System (IDS) for attack detection, taking into account the mobility of the users. In [19,20], two machine learning models for detecting malicious data flows are presented. ...
Article
Full-text available
The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of "smart" objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3GPP) is designing the different 5G releases specifically with IoT in mind. Nevertheless, from a security perspective this scenario is a potential nightmare: the attack surface becomes wider and many IoT nodes do not have enough resources to support advanced security protocols. In fact, security is rarely a priority in their design. Thus, including network-level mechanisms for preventing attacks from malware-infected IoT devices is mandatory to avert further damage. In this paper, we propose a novel Software-Defined Networking (SDN)-based architecture to identify suspicious nodes in 4G or 5G networks and redirect their traffic to a secondary network slice where traffic is analyzed in depth before allowing it reaching its destination. The architecture can be easily integrated in any existing deployment due to its interoperability. By following this approach, we can detect potential threats at an early stage and limit the damage by Distributed Denial of Service (DDoS) attacks originated in IoT devices.
Conference Paper
Network management have posed ever-increasing complexity with the evolution of virtualized and softwarized mobile networking paradigm, demanding advanced network visualization and automation technologies to address this significant paradigm shift. This paper provides a novel holographic immersive network management interface that extends the standardized ETSI Zero-Touch Network and Service Management (ZSM) reference architecture to allow network administrators to understand real-time automated tasks in a 5G network without human intervention. This augmented reality based system has been validated and prototyped using Microsoft Hololens 2 in a realistic 5G infrastructure.
Chapter
Nowadays, 5G networks (or simply 5G) will soon enter our everyday lives to enrich our colorful living environment. However, current 5G lacks of tools that can automatically detect and relieve DoS or DDoS attacks. Basically, 5G. will push its users to link to its attached subsystem, i.e., edge computers, which will burden some of the tasks originally provided by its core network. In the near future, when 5G networks start serving User Equipment (UE), the security problem will be serious. Therefore, in this research, we propose a security system to detect DoS/DDoS attacks and mitigate the attack so that the network can continue effectively serving UEs. We also conducted related experiments to validate our proposed structural design and its feasibility. Eight attackers attack this system at the same time, issuing totally 800 Mbps network traffic. The proposed system can effectively protect the simulated environment from DoS/DDoS attacks without any human interference.
Article
Full-text available
Internet of Things (IoT) is a key business driver for the upcoming fifth-generation (5G) mobile networks, which in turn will enable numerous innovative IoT applications such as smart city, mobile health, and other massive IoT use cases being defined in 5G standards. To truly unlock the hidden value of such mission-critical IoT applications in a large scale in the 5G era, advanced self-protection capabilities are entailed in 5G-based Narrowband IoT (NB-IoT) networks to efficiently fight off cyber-attacks such as widespread Distributed Denial of Service (DDoS) attacks. However, insufficient research has been conducted in this crucial area, in particular, few if any solutions are capable of dealing with the multiple encapsulated 5G traffic for IoT security management. This paper proposes and prototypes a new security framework to achieve the highly desirable self-organizing networking capabilities to secure virtualized, multitenant 5G-based IoT traffic through an autonomic control loop featured with efficient 5G-aware traffic filtering. Empirical results have validated the design and implementation and demonstrated the efficiency of the proposed system, which is capable of processing thousands of 5G-aware traffic filtering rules and thus enables timely protection against large-scale attacks.
Article
Full-text available
Over the last decade, a significant amount of effort has been invested on architecting agile and adaptive management solutions in support of autonomic, self-managing networks. Auto-nomic networking calls for automated decisions for management actions. This can be realized through a set of pre-defined network management policies engineered from human expert knowledge. However, engineering sufficiently accurate knowledge considering the high complexity of today's networking environment is a difficult task. This has been a particularly limiting factor in the practical deployment of autonomic systems. Machine Learning (ML) is a powerful technique for extracting knowledge from data. However, there has been little evidence of its application in realizing practical management solutions for autonomic networks. Recent advances in network softwarization and programmabil-ity through Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), the proliferation of new sources of data, and the availability of low-cost and seemingly infinite storage and compute resource from the cloud are paving the way for the adoption of ML to realize cognitive network management in support of autonomic networking. This article is intended to stimulate thought and foster discussion on how to defeat the bottlenecks that are limiting the wide deployment of autonomic systems, and the role that ML can play in this regard.
Article
Full-text available
The on-going development of Fifth Generation (5G) mobile communication technology will be the cornerstone for applying Information and Communication Technology (ICT) to various fields, e.g., smart city, smart home, connected car, etc. The 3rd Generation Partnership Project (3GPP), which has developed the most successful standard technologies in the mobile communication market such as Universal Mobile Telecommunication System (UMTS) and Long Term Evolution (LTE), is currently carrying out the standardization of both 5G access network system and 5G core network system at the same time. Within 3GPP, Service and System Aspects Working Group 2 (SA2) is responsible for identifying the main functions and entities of the network. In December 2016, the 3GPP SA2 group finalized the first phase of study for the architecture and main functions of 5G mobile communication system under the study item of Next Generation system (NextGen). Currently, normative standardization is on-going based on the agreements made in the NextGen Phase 1 study. In this paper, we present the architecture and functions of 5G mobile communication system agreed in the NextGen study.
Article
Full-text available
Software Defined Networks (SDNs) based on the OpenFlow (OF) protocol export control-plane programmability of switched substrates. As a result, rich functionality in traffic management, load balancing, routing, firewall configuration, etc. that may pertain to specific flows they control, may be easily developed. In this paper we extend these functionalities with an efficient and scalable mechanism for performing anomaly detection and mitigation in SDN architectures. Flow statistics may reveal anomalies triggered by large scale malicious events (typically massive Distributed Denial of Service attacks) and subsequently assist networked resource owners/operators to raise mitigation policies against these threats. First, we demonstrate that OF statistics collection and processing overloads the centralized control plane, introducing scalability issues. Second, we propose a modular architecture for the separation of the data collection process from the SDN control plane with the employment of sFlow monitoring data. We then report experimental results that compare its performance against native OF approaches that use standard flow table statistics. Both alternatives are evaluated using an entropy-based method on high volume real network traffic data collected from a university campus network. The packet traces were fed to hardware and software OF devices in order to assess flow-based data-gathering and related anomaly detection options. We subsequently present experimental results that demonstrate the effectiveness of the proposed sFlow-based mechanism compared to the native OF approach, in terms of overhead imposed on usage of system resources. Finally, we conclude by demonstrating that once a network anomaly is detected and identified, the OF protocol can effectively mitigate it via flow table modifications.
Article
Full-text available
Distributed Denial of Service (DDoS) flooding attacks are one of the top concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users’ access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more victim systems. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. This paper explores the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Article
Currently, there is no any effective security solution which can detect cyber-attacks against 5G networks where multitenancy and user mobility are some unique characteristics that impose significant challenges over such security solutions. This paper focuses on addressing a transversal detection system to be able to protect at the same time, infrastructures, tenants and 5G users in both edge and core network segments of the 5G multi-tenant infrastructures. A novel approach which significantly extends the capabilities of a commonly used IDS, to accurately identify attacking nodes in a 5G network, regardless of multiple network traffic encapsulations, has been proposed in this paper. The proposed approach is suitable to be deployed in almost all 5G network segments including the Mobile Edge Computing. Both architectural design and data models are described in this contribution. Empirical experiments have been carried out a realistic 5G multi-tenant infrastructures to intensively validate the design of the proposed approach regarding scalability and flexibility.
Article
The Industrial Internet of Things is growing fast. But the rapid growth of IIoT devices raises a number of security concerns, because the IIoT device is weak in defending against malware, and the method of managing a large number of IIoT devices is awkward and inconvenient. This article proposes a multi-level DDoS mitigation framework (MLDMF) to defend against DDoS attacks for IIoT, which includes the edge computing level, fog computing level, and cloud computing level. Software defined networking is used to manage a large number of IIoT devices and to mitigate DDoS attacks in IIoT. Experimental results show the effectiveness of the proposed framework.
Conference Paper
The ubiquity of Internet has been escalating in the recent past as the Internet of Things (IoT) came into the picture. A large number of connected things has completely redefined the perspective of Internet. Advancements in the underlying technologies accelerated this change. On the other side, cyber-attacks also increased with all these developments. The distributed denial of service (DDoS) attacks have increased steeply with more devices to compromise and less secure targets to attack. The IoT networks have been a major victim of the DDoS attacks due to their resource constrained characteristics. Defending IoT-enabled devices and networks from DDoS attacks and being compromised to perform the DDoS attack is a challenging task. In this work, we have proposed a DDoS mitigation framework to defend DDoS attacks on an IoT network. The proposed framework matches with the resource constrained characteristics of IoT environment and suits to adapt to different IoT applications
Article
Distributed Denial of Service (DDoS) attacks have been the plague of the Internet for more than two decades, despite the tremendous and continuous efforts from both academia and industry to counter them. The lessons learned from the past DDoS mitigation designs indicate that the heavy reliance on additional software modules and dedicated hardware devices seriously impede their widespread deployment. This paper proposes an autonomic DDoS defense framework, called ArOMA, that leverages the programmability and centralized manageability features of Software Defined Networking (SDN) paradigm. Specifically, ArOMA can systematically bridge the gaps between different security functions, ranging from traffic monitoring to anomaly detection to mitigation, while sparing human operators from non-trivial interventions. It also facilitates the collaborations between ISPs and their customers on DDoS mitigation by logically distributing the essential security functions, allowing the ISP to handle DDoS traffic based on the requests of its customers. Our experimental results demonstrate that, in the face of DDoS flooding attacks, ArOMA can effectively maintain the performance of video streams at a satisfactory level.
Article
The 5G infrastructure initiative in Europe¹ 5G Infrastructure Public Private Partnership, [Online]. Available here: https://5g-ppp.eu/ has agreed a number of challenging key performance indicators (KPIs) to significantly enhance the user experience and support a number of use cases with very demanding requirements on the network infrastructure. At the same time there is high pressure on the reduction of the operational expenditure (OPEX). A contribution to meeting the KPIs and to reduce OPEX is to evolve the management of the network into a fully autonomic and intelligent framework. Based on advanced technologies, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), the EU H2020 project SELFNET (https://selfnet-5g.eu/) is proposing an advanced network management framework to achieve these objectives.
Article
Detection of distributed denial of service (DDoS) attacks has been a challenging problem for network security. Most of the existing works take into account the anomaly features of the traffic caused by DDoS. However, these detection methods suffer from either less generality or high computational and memory costs in detecting subtle DDoS attacks. In this paper, we first present a model for DDoS attacks with quantitative measurements. Based on this model, we find that there are two factors that have a severe influence on the deviation of traffic features. In view of these two factors, the DDoS attack traffic observed by monitors can be trivial, leading to the subtle DDoS attacks which are difficult to detect. To detect the subtle DDoS anomalies at monitors close to the attack sources, we propose a novel multistage DDoS detection framework that consists of a NTS (Network Traffic State) prediction, a fine-grained singularity detection and a malicious address extraction engine. We also briefly introduced how to distribute our detection framework to enhance the performance of detecting world-wide DDoS attacks. Moreover, the prototype system is implemented and evaluated with real network traces from our campus network and testbed. The results show that our method can detect various DDoS attacks efficiently even though the attack rate is low. Our method can extract malicious IPs for attack reaction with records for a short period, and multiple monitors distributed in the network can fuse the results of extraction seamlessly to improve the accuracy of detection