Conference Paper

Towards the Detection of Mobile DDoS Attacks in 5G Multi-Tenant Networks

Authors:
  • National University of Distance Education (UNED)
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Its target is usually to hinder network resource from serving and answering requests from legitimate users. The DDoS attack, however, reduces and hinders the availability of network service, by utilizing numerous compromised systems in a coordinated manner [11,12]. In 2016, the department of homeland security USA released a fact sheet drawing the public's attention to the perils of DDoS [13]. ...
... Traditional detection and mitigation systems will be unable to protect 5G mobile networks because they are mostly not configures to recognize the irregular changes in the topology of the network. Attackers are known to move very often among various location, thereby capable of launching attacks difficult to pinpoint or trace [12]. This calls for the development of intelligent methods for the detection of DDoS attacks. ...
... Attackers are known to move very often among various locations, the consequence being their capability to launch attacks difficult to pinpoint or trace. In all, these methods failed to consider the fact that attackers often move around, changing their network topology and making the attacks unpredictable and difficult to pinpoint or trace back, hence there is a need for a more unique and flexible method for DDoS detection in 5G and B5G networks [12]. Furthermore, since DDoS attacks are difficult to detect in real-time, merely relying on the past approach of just identification is not sufficient to help the mitigation process. ...
Article
Distributed denial-of-service (DDoS) remains an ever-growing problem that has affected and continues to affect a host of web applications, corporate bodies, and governments. With the advent of fifth-generation (5G) network and beyond 5G (B5G) networks, the number and frequency of occurrence of DDoS attacks are predicted to soar as time goes by, hence there is a need for a sophisticated DDoS detection framework to enable the swift transition to 5G and B5G networks without worrying about the security issues and threats. A range of schemes has been deployed to tackle this issue, but along the line, few limitations have been noticed by the research community about these schemes. Owing to these limitations/drawbacks, this paper proposes a composite and efficient DDoS attack detection framework for 5G and B5G. The proposed detection framework consists of a composite multilayer perceptron which was coupled with an efficient feature extraction algorithm and was built not just to detect a DDoS attack, but also, return the type of DDoS attack it encountered. At the end of the simulations and after testing the proposed framework with an industry-recognized dataset, results showed that the framework is capable of detecting DDoS attacks with a high accuracy score of 99.66% and a loss of 0.011. Furthermore, the results of the proposed detection framework were compared with their contemporaries.
... The mitigation design framework is based on the Snort IDS capabilities named the snort monitoring agent (SMA). Mamolar et al. [6] had the third segment as a multi-domain structure. ...
Chapter
Full-text available
In recent years, the need for seamless connectivity has increased across various network platforms like IoT, with demands coming from industries, homes, mobile, transportation and office networks. The 5th generation (5G) network is being deployed to meet such demand for high-speed seamless network device connections. 5G is a high-speed network technology with a seamless connection of different network devices in an internet of things (IoT) network area. However, the advantages of 5G also contribute to the security challenges. The seamless connectivity 5G provides could be a security threat allowing attacks such as distributed denial of service (DDoS) because attackers might have easy access to the network infrastructure and higher bandwidth to enhance the effects of the attack. We look at DDoS attacks and the classification of DDoS. We discuss some general approaches proposed to mitigate DDoS threats. This paper covers approaches using SDN in 5G enabled IoT network platforms.KeywordsDDoS5GIoTSDNBandwidthNetwork resources
... Therefore, implementing strong security protocols in order to prevent the attackers from planting such malware-containing applications is of cardinal importance. Even though some novel and reliable defense approaches have been introduced in the recent years (Abbas et al., 2018;Chhabra et al., 2013;Mamolar et al., 2019;Vishnoi et al., 2021), there is still a need to develop some staunch and formidable defensive mechanisms considering the accrescent number of mobile devices. These malware-infected zombies constitute a giant powerful bot army that is capable of bringing down any device or enterprise. ...
Article
Full-text available
The demand for Internet security has escalated in the last two decades because the rapid proliferation in the number of Internet users has presented attackers with new detrimental opportunities. One of the simple yet powerful attack, lurking around the Internet today, is the Distributed Denial-of-Service (DDoS) attack. The expeditious surge in the collaborative environments, like IoT, cloud computing and SDN, have provided attackers with countless new avenues to benefit from the distributed nature of DDoS attacks. The attackers protect their anonymity by infecting distributed devices and utilizing them to create a bot army to constitute a large-scale attack. Thus, the development of an effective as well as efficient DDoS defense mechanism becomes an immediate goal. In this exposition, we present a DDoS threat analysis along with a few novel ground-breaking defense mechanisms proposed by various researchers for numerous domains. Further, we talk about popular performance metrics that evaluate the defense schemes. In the end, we list prevalent DDoS attack tools and open challenges.
... In [17], the authors proposed an authentication scheme based on MD5 algorithm to prevent DRDoS in 5G networks, which may not be applicable in IoT scenarios due to the complexity. In [18], an extension of traditional network intrusion detection systems was proposed to support defenders in tracing back mobile attackers. They identified the UEs by the Virtual Operator (VNI) and the Tunnel Endpoint Identification (TEID). ...
... Further, attacks on mobile network of 5G in which various network objects are communicating between objects is discussed [19]. Sometimes this type of objects brings novel protection menaces to accessibility of network services through assaults such as distributed denial of service, denial of service, and so on. ...
Article
Full-text available
The propagation of 5G, beyond 5G and Internet of Everything (IoE) networks are the key business force for future networks and its various applications. These networks have been constantly under various assaults by means of blocking and tracking information. Therefore, it is essential to develop a real-time recognition system to handle these assaults. But, not sufficient research has been conducted in this area so far. Hence we propose a model to recognize various assaults via online in 5G, beyond 5G and IoE networks using dominance based rough set and formal concept analysis. For analyzing the model, this paper incorporates legal and simulated 5G, beyond 5G and IoE network traffic, along with various types of assaults. The dominance based rough set is used to identify the assaults whereas chief features that are involved in various assaults are identified using formal concept analysis. The results acquired explain the capability of the projected research.
... Yu et al. [13] have discussed the overall security policies of the IoT networks, and then they express roadmap that has been a way of preventing future security issues. One of the latest research by Rohan Doshi et al. when it comes to multi-tenant networks [31]. Z.Chen et al. [32] have researched about a MSPCA based intrusion detection algorithm to detect DDOS. ...
Article
There has been a dramatic expansion in the number and frequency of relationships between entities in mobile telecommunications networks over the last several years. For these interactions to be profitable, the parties involved must be able to count on one another. Since mobile networks require trust and reputation models to create feasible communications in 5 G and beyond networks, a collection of entities can create chains of operations between cross-operators with privacy and trustworthiness through mobile telecommunication network models. A major impediment to widespread communication beyond 5 G networks is the absence of automated, efficient, and scalable models for creating security and trust. Multitenancy and active infrastructure sharing will be major facilitators of new business models as 5 G networks expand. New security concerns are emerging due to these new opportunities, which is one of the primary obstacles for the mass implementation of 5 G networks. There are several ways in which attackers might use 5G-enabled situations to undertake lateral moves and disrupt 5 G services and infrastructure resources. Existing trust and security models cannot deal with the dynamic nature of the 5 G infrastructural threats or the multi-tenant security issues. Hence, we propose a Mobile Node Trust Factor Linked Privacy Preservation model for 5 G multi-stage authentication models in this work. A threat model for multi-stage authentication scenarios in an underlying 5 G network infrastructure is used to demonstrate how this model can be used. For secure end-to-end communication, authorization and strong authentication are necessary. A combination of anonymous authentication and authorization is needed to preserve the privacy of mobile devices which share personal information. The proposed model is compared with the traditional models and the proposed model results exhibit better performance.
Chapter
System identification is a process of creating a mathematical model of a system from its external observations (inputs and outputs). The concept of discovering models from data is trivial in science and engineering fields. The goal of this chapter is to review the recent development in the field of System Identification from the Automatic Control perspective. In the first part of this chapter, we present a classification of design features of Industrial Control Systems (ICSs). Then we review the literature on system identification techniques for creating models of ICSs. The classification of ICSs allows us to identify limitations and unexplored challenges in the literature on system identification techniques.KeywordsSystem identificationModel discoveryIndustrial control systems
Article
The fifth-generation (5G) technology is anticipated to permit connectivity to billions of devices, called the Internet of Things (IoT). The primary benefit of 5G is that it has maximum bandwidth and can drastically expand service beyond cell phones to standard internet service for conventionally fixed connectivity to homes, offices, factories, etc. But IoT devices will unavoidably be the primary target of diverse kinds of cyberattacks, notably distributed denial of service (DDoS) attacks. Since the conventional DDoS mitigation techniques are ineffective for 5G networks, machine learning (ML) approaches find helpful to accomplish better security. With this motivation, this study resolves the network security issues posed by network devices in the 5G networks and mitigates the harmful effects of DDoS attacks. This paper presents a new pigeon-inspired optimization-based feature selection with optimal functional link neural network (FLNN), PIOFS-OFLNN model for mitigating DDoS attacks in the 5G environment. The proposed PIOFS-OFLNN model aims to detect DDoS attacks with the inclusion of feature selection and classification processes. The proposed PIOFS-OFLNN model incorporates different techniques such as pre-processing, feature selection, classification, and parameter tuning. In addition, the PIOFS algorithm is employed to choose an optimal subset of features from the pre-processed data. Besides, the OFLNN based classification model is applied to determine DDoS attacks where the Rat Swarm Optimizer (RSO) parameter tuning takes place to adjust the parameters involved in the FLNN model optimally. FLNN is a low computational interconnectivity higher cognitive neural network. There are still no hidden layers. FLNN’s input vector is operationally enlarged to produce non-linear remedies. More details can be accessed application of Nature-Inspired Method to Odia Written by hand Number system Recognition. To validate the improved DDoS detection performance of the proposed model, a benchmark dataset is used.
Article
Network slicing is one of the main enablers of the fifth-generation (5G) cellular network. However, it is susceptible to security threats such as distributed denial of service (DDoS) attacks. A DDoS attack on a slice could lead to the exhaustion of available common resources and a breach of the availability of resources on the slices. Recent works such as statistical, machine learning and cryptography techniques are limited by the requirement to define thresholds, feature engineering constraints and computation overload, respectively. In this letter, we propose DeepSecure, a framework based on a Long Short Term Memory deep learning technique that detects user equipment (UE) network traffic as DDoS attack or normal traffic and assigns an appropriate slice to a legitimate UE request. We compared our work with existing machine learning and deep learning techniques used in the literature. Experiment results showed that our proposed framework performed better in detecting DDoS attacks with an accuracy of 99.970% and predicting the appropriate slice requested by legitimate UE with an accuracy of 98.798%.
Conference Paper
The commercial implementation of 5G networks in the recent past has contributed to the advent of an enhanced digital connective experience for users around the world. Among the various services offered by 5G networks, Device-to-Device (D2D) communication has emerged as an important strategy, allowing efficient resource utilization with the balancing of network load, both of which are critical issues. 5GD2D networks are however vulnerable to malicious users perpetrating attacks such as Denial-of-Service (DoS). The present work examines a probable DoS attack strategy for double auction game based resource trading in 5GD2D networks. The auction game based DoS attack dealt with in the present work degrades service through disincentivization of buyers and sellers to participate in the double auction. The paper then presents a strategy to mitigate such a DoS attack. The mathematical proof of the proposed method is presented along with corresponding simulation results confirming the veracity of the presented approach.
Article
Full-text available
The on-going development of Fifth Generation (5G) mobile communication technology will be the cornerstone for applying Information and Communication Technology (ICT) to various fields, e.g., smart city, smart home, connected car, etc. The 3rd Generation Partnership Project (3GPP), which has developed the most successful standard technologies in the mobile communication market such as Universal Mobile Telecommunication System (UMTS) and Long Term Evolution (LTE), is currently carrying out the standardization of both 5G access network system and 5G core network system at the same time. Within 3GPP, Service and System Aspects Working Group 2 (SA2) is responsible for identifying the main functions and entities of the network. In December 2016, the 3GPP SA2 group finalized the first phase of study for the architecture and main functions of 5G mobile communication system under the study item of Next Generation system (NextGen). Currently, normative standardization is on-going based on the agreements made in the NextGen Phase 1 study. In this paper, we present the architecture and functions of 5G mobile communication system agreed in the NextGen study.
Article
Full-text available
It is without a doubt that botnets pose a growing threat to the Internet, with DDoS attacks of any kind carried out by botnets to be on the rise. Nowadays, botmasters rely on advanced Command & Control (C&C) infrastructures to achieve their goals and most importantly to remain undetected. This work introduces two novel botnet architectures that consist only of mobile devices and evaluates both their impact in terms of DNS amplification and TCP flooding attacks, and their cost pertaining to the maintenance of the C&C channel. The first one, puts forward the idea of using a continually-changing mobile HTTP proxy in front of the botherder, while the other capitalizes on DNS protocol as a covert channel for coordinating the botnet. That is, for the latter, the messages exchanged among the bots and the herder appear as legitimate DNS transactions. Also, a third architecture is described and assessed, which is basically an optimized variation of the first one. Namely, it utilizes a mixed layout where all the attacking bots are mobile, but the proxy machines are typical PCs not involved in the actual attack. For the DNS amplification attack, which is by nature more powerful, we report an amplification factor that fluctuates between 32.7 and 34.1. Also, regarding the imposed C&C cost, we assert that it is minimal (about 0.25 Mbps) per bot in the worst case happening momentarily when the bot learns about the parameters of the attack.
Article
Full-text available
Distributed Denial of Service (DDoS) flooding attacks are one of the top concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users’ access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more victim systems. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. This paper explores the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Article
Full-text available
In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker's locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.
Article
The 5G Architecture Working Group as part of the 5GPPP Initiative is looking at capturing novel trends and key technological enablers for the realization of the 5G architecture. It also targets at presenting in a harmonized way the architectural concepts developed in various projects and initiatives (not limited to 5GPPP projects only) so as to provide a consolidated view on the technical directions for the architecture design in the 5G era. The first version of the white paper was released in July 2016, which captured novel trends and key technological enablers for the realization of the 5G architecture vision along with harmonized architectural concepts from 5GPPP Phase 1 projects and initiatives. Capitalizing on the architectural vision and framework set by the first version of the white paper, this Version 2.0 of the white paper presents the latest findings and analyses with a particular focus on the concept evaluations, and accordingly it presents the consolidated overall architecture design.
Article
Distributed denial of service is one of the most critical threats to the availability of Internet services. A botnet with only 0.01 percent of the 50 billion connected devices in the Internet of Things is sufficient to launch a massive DDoS flooding attack that could exhaust resources and interrupt any target. However, the mobility of user equipment and the distinctive characteristics of traffic behavior in mobile networks also limit the detection capabilities of traditional anti-DDoS techniques. In this article, we present a novel collaborative DDoS defense architecture called MECPASS to mitigate the attack traffic from mobile devices. Our design involves two filtering hierarchies. First, filters at edge computing servers (i.e., local nodes) seek to prevent spoofing attacks and anomalous traffic near sources as much as possible. Second, global analyzers located at cloud servers (i.e., central nodes) classify the traffic of the entire monitored network and unveil suspicious behaviors by periodically aggregating data from the local nodes. We have explored the effectiveness of our system on various types of application- layer DDoS attacks in the context of web servers. The simulation results show that MECPASS can effectively defend and clean an Internet service provider core network from the junk traffic of compromised UEs, while maintaining the false-positive rate of its detection engine at less than 1 percent.
Conference Paper
Distributed Denial of Service (DDoS) attacks is the most challenging problems for network security. The attacker uses large number of compromised hosts to launch attack on victim. Various DDoS defense mechanisms aim at detecting and preventing the attack traffic. The effectiveness depends on the point of deployment. The purpose of this paper is to study various detection and defense mechanisms, their performance and deployment characteristics. This helps in understanding which defense should be deployed under what circumstances and at what locations.
Article
In virtue of the large-scale diffusion of smartphones and tablets, a possible exploitation of such devices to execute cyber-attacks should be evaluated. This scenario is rarely considered by cyber-criminals, since mobile devices commonly represents a target of attacks, instead of an exploitable resource. In this paper we analyze the possibility to execute distributed denial of service attacks from mobile phones. We introduce SlowBot Net, a botnet infrastructure designed to involve mobile agents, and we compare it with Low-Orbit Ion Cannon (also called LOIC), a well-known botnet adopted by cyber-hacktivists on the Internet. Results prove that SlowBot Net requires fewer resources to the attacker and it is effectively deployable on mobile nodes. Since research related to mobile botnets is still immature, the proposed work should be considered a valuable resource enriching the cyber-security field.
Article
While the threats in Internet are still increasing and evolving (like intra multi-tenant data center attacks), protection and detection mechanisms are not fully accurate. Therefore, forensics is vital for recovering from an attack but also to identify the responsible entities. Therefore, this paper focuses on tracing back to the sources of an anomaly in the network. In this paper, we propose a method leveraging the Software Defined Networking (SDN) paradigm to passively identify switches composing the network path of an anomaly. As SDN technologies tend to be deployed in the next generation of networks including in data centers, they provide a helpful framework to implement our proposal without developing dedicated routers like usual IP traceback techniques. We evaluated our scheme with different network topologies (Internet and data centers) by considering distributed attacks with numerous hosts.
Conference Paper
As modern life becomes increasingly closely bound to the Internet, network security becomes increasingly important. Like it or not, we all live under the shadow of network threats. The threats could cause leakage of privacy and/or economic loss. Among network attacks, the DDoS (distributed denial-of-service) attack is one of the most frequent and serious. In a DDoS attack, an attacker first breaks into many innocent computers (called zombies) by taking advantages of known or unknown bugs and vulnerabilities in the software. Then the attacker sends a large number of packets from these already-captured zombies to a server. These packets either occupy a major portion of the server's network bandwidth or they consume much of the server's time. The server is then prevented from conducting normal business operations.In order to mitigate the DDoS threat, we design a system to detect DDoS attacks based on a decision-tree technique and, after detecting an attack, to trace back to the approximate locations of the attacker with a traffic-flow pattern-matching technique. We conduct our experiment on the DETER system. According to our experiment results, our system could detect the DDoS attack with the false positive ratio about 1.2% - 2.4%, false negative ratio about 2% - 10% with different kind of attack, attack sending rate and find the attack path in trace back with the false negative rate 8% - 12% and false positive rate 12% - 14%.
BoNeSi, the DDoS Botnet Simulator
  • goldstein
Ericsson Mobility Report November 2018
  • Ericsson