Abstract
In recent years, the need for seamless connectivity has increased across various network platforms like IoT, with demands coming from industries, homes, mobile, transportation and office networks. The 5th generation (5G) network is being deployed to meet such demand for high-speed seamless network device connections. 5G is a high-speed network technology with a seamless connection of different network devices in an internet of things (IoT) network area. However, the advantages of 5G also contribute to the security challenges. The seamless connectivity 5G provides could be a security threat allowing attacks such as distributed denial of service (DDoS) because attackers might have easy access to the network infrastructure and higher bandwidth to enhance the effects of the attack. We look at DDoS attacks and the classification of DDoS. We discuss some general approaches proposed to mitigate DDoS threats. This paper covers approaches using SDN in 5G enabled IoT network platforms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
A. Kalliola, et al., Flooding DDoS mitigation and traffic management with software defined networking, in 2015 IEEE 4th International Conference on Cloud Networking, CloudNet 2015 (2015), pp. 248–254. https://doi.org/10.1109/CloudNet.2015.7335317
A. Bakr, A. El-Aziz, H. Hefny, A survey on mitigation techniques against DDoS attacks on cloud computing architecture. Int. J. Adv. Sci. Technol.28(12), 187–200 (2019). http://sersc.org/journals/index.php/IJAST/article/view/1211/994
A. Kulkarni, S. Bush, Detecting distributed denial-of-service attacks using Kolmogorov complexity metrics. J. Netw. Syst. Manag. 14(1), 69–80 (2006). https://doi.org/10.1007/s10922-005-9016-3
A. Serrano Mamolar, et al., Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks. Comput. Secur. 79(May 2020), 132–147 (2018). https://doi.org/10.1016/j.cose.2018.07.017
A. Serrano Mamolar, et al., Autonomic protection of multi-tenant 5G mobile networks against UDP flooding DDoS attacks. J. Netw. Comput. Appl. 145(November 2018), 102416 (Elsevier Ltd, 2019). https://doi.org/10.1016/j.jnca.2019.102416
A.S. Mamolar, et al., Towards the detection of mobile DDoS attacks in 5G multi-tenant networks, in 2019 European Conference on Networks and Communications, EuCNC 2019 (IEEE, 2019), pp. 273–277. https://doi.org/10.1109/EuCNC.2019.8801975
B. Gwak, et al., IoT trust estimation in an unknown place using the opinions of i-sharing friends, in Proceedings—16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems (2017), pp. 602–609. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.290
B. Hussain, et al., Deep learning-based DDoS-attack detection for cyber-physical system over 5G network. IEEE Trans. Ind. Inf. 3203(DL), 1–1 (2020). https://doi.org/10.1109/tii.2020.2974520
B.W. Gemberling, C.L. Morrow, B.R. Greene, ISP security—Real world techniques, in NANOG (2001).
C. Douligeris, A. Mitrokotsa, DDoS attacks and defense mechanisms: a classification, in Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology, ISSPIT 2003 (2003), pp. 190–193. https://doi.org/10.1109/ISSPIT.2003.1341092
C. Douligeris, A. Mitrokotsa, DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004). https://doi.org/10.1016/j.comnet.2003.10.003
C. Zhou, R.C. Paffenroth, Anomaly detection with robust deep autoencoders, in Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Part F1296 (2017). pp. 665–674. https://doi.org/10.1145/3097983.3098052
C. Buragohain, N. Medhi, FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers, in 3rd International Conference on Signal Processing and Integrated Networks, SPIN 2016 (IEEE, 2016), pp. 519–524. https://doi.org/10.1109/SPIN.2016.7566750
Chiang et al., Fog and IoT : an overview of research opportunities. IEEE Internet Things J. 3(6), 854–864 (IEEE, 2016). https://doi.org/10.1109/JIOT.2016.2584538
D. Sattar, A. Matrawy, Towards secure slicing: using slice isolation to mitigate DDoS attacks on 5G core network slices, in 2019 IEEE Conference on Communications and Network Security, CNS 2019 (2019), pp. 82–90. https://doi.org/10.1109/CNS.2019.8802852
D. Dean, M. Franklin, A. Stubblefield, An algebraic approach to IP traceback. ACM Transactions on Information and System Security 5(2), pp. 119–137 (2002). https://doi.org/10.1145/505586.505588
D.X. Song, A. Perrig, Advanced and authenticated marking schemes for IP traceback, Proceedings—IEEE INFOCOM, 2, (2001). pp. 878–886. https://doi.org/10.1109/INFCOM.2001.916279
F. Baker, Requirements for IP version 4 routers. IETF, RFC 1812 (1995).
F. Wong, C.X. Tan, A survey of trends in massive DDOS attacks and cloud-based mitigations. Int. J. Netw. Secur. Appl. 6(3), 57–71 (2014). https://doi.org/10.5121/ijnsa.2014.6305
G.C. Hong, C.N. Lee, M.F. Lee, Dynamic threshold for DDoS mitigation in SDN environment, in 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference, APSIPA ASC 2019 (IEEE, 2019), pp. 1–7. https://doi.org/10.1109/APSIPAASC47483.2019.9023229
H. Ghorbani, M.S. Mohammadzadeh, M.H. Ahmadzadegan, DDoS attacks on the IoT network with the emergence of 5G, in 2020 International Conference on Technology and Entrepreneurship—Virtual, ICTE-V 2020 (2020). https://doi.org/10.1109/ICTE-V50708.2020.9113779
H. Huang, J. Chu, X. Cheng, Trend analysis and countermeasure research of DDoS attack under 5G network, in 2021 IEEE 5th International Conference on Cryptography, Security and Privacy, CSP 2021 (no. 978, 2021), pp. 153–160. https://doi.org/10.1109/CSP51677.2021.9357499
H. Burch, B. Cheswick, Tracing anonymous packets to their approximate source, Lisa (2000)
J. Rodriguez, Fundamentals of 5G Mobile Networks, Fundamentals of 5G Mobile Networks (2015). https://doi.org/10.1002/9781118867464
K. Giotis et al., Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62(April), 122–136 (2014). https://doi.org/10.1016/j.bjp.2013.10.014
K. Bhardwaj, J.C. Miranda, A. Gavrilovska, Towards IoT-DDoS prevention using edge computing, in USENIX Workshop on Hot Topics in Edge Computing (HotEdge 18) (2018). https://www.usenix.org/biblio-1765
K. Park, H. Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, Proceedings—IEEE INFOCOM, 1, pp. 338–347. (2000) https://doi.org/10.1109/INFCOM.2001.916716
L. Deng, D. Yu, Deep learning: methods and applications. Found. Trends Signal Process. 7(3–4), 197–387 (2013). https://doi.org/10.1561/2000000039
L. Kagal, T. Finin, A. Joshi, A policy language for a pervasive computing environment, in Proceedings—POLICY 2003: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003), pp. 63–74. https://doi.org/10.1109/POLICY.2003.1206958
M. Ejaz Ahmed, H. Kim, DDoS attack mitigation in internet of things using software defined networking, in Proceedings—3rd IEEE International Conference on Big Data Computing Service and Applications, BigDataService 2017 (2017), pp. 271–276. https://doi.org/10.1109/BigDataService.2017.41
M. Iavich, et al., The novel system of attacks detection in 5G. Lect. Notes Netw. Syst. 226 LNNS(April), 580–591 (2021). https://doi.org/10.1007/978-3-030-75075-6_47
M. Ozcelik, N. Chalabianloo, G. Gur, Software-defined edge defense against IoT-based DDoS, in IEEE CIT 2017—17th IEEE International Conference on Computer and Information Technology (2017), pp. 308–313. https://doi.org/10.1109/CIT.2017.61
M.A. Saleh, S. Abdul Manaf, A novel protective framework for defeating HTTP-based denial of service and distributed denial of service attacks. Sci. World J. (2015). https://doi.org/10.1155/2015/238230
M.A. Sotelo Monge, et al., Source-side DDoS detection on IoT-enabled 5G environments, in Proceedings—2018 International Workshop on Secure Internet of Things, SIoT 2018 (2018), pp. 28–37. https://doi.org/10.1109/SIoT.2018.00010
M.G. Perez et al., Dynamic reconfiguration in 5G mobile networks to proactively detect and mitigate botnets. IEEE Internet Comput. 21(5), 28–36 (2017). https://doi.org/10.1109/MIC.2017.3481345
N. Jawad, et al., Smart television services using NFV/SDN network management. IEEE Trans. Broadcast. 65(2), 404–413 (IEEE, 2019). https://doi.org/10.1109/TBC.2019.2898159
N. Patani, R. Patel, A mechanism for prevention of flooding based DDoS attack. Int. J. Comput. Intell. Res. 13(1), 101–111 (2017)
N. Sultana, et al., Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12(2), 493–501 (2019). https://doi.org/10.1007/s12083-017-0630-0
N. Weiler, Honeypots for distributed denial-of-service attacks, in Proceedings of the Workshop on Enabling Technologies: infrastructure for Collaborative Enterprises, WETICE (2002). pp. 109–114. https://doi.org/10.1109/ENABL.2002.1029997
N.N. Dao, et al., MAEC-X: DDoS prevention leveraging multi-access edge computing, in International Conference on Information Networking (IEEE, 2018), pp. 245–248. https://doi.org/10.1109/ICOIN.2018.8343118
P. Ferguson, D. Senie, Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. IETF (1998). https://www.hjp.at/doc/rfc/rfc2267.html
Q. Gu, S. Marcos, Denial of service attacks department of computer science texas State University—San marcos school of information sciences and technology Pennsylvania State University denial of service attacks outline (2007), pp. 1–28. https://s2.ist.psu.edu/ist451/DDoS-Chap-Gu-June-07.pdf
Q. Yan et al., A multi-level DDoS mitigation framework for the industrial internet of things. IEEE Commun. Mag. IEEE 56(2), 30–36 (2018). https://doi.org/10.1109/MCOM.2018.1700621
Q. Cheng, F. Fang, Kolmogorov random graphs only have trivial stable colorings. Information processing letters, 81(3), (2001). 133–136 https://doi.org/10.1016/S0304-3975(96)00206-X
R. Alhajri, R. Zagrouba, F. Al-Haidari, Survey for anomaly detection of IoT botnets using machine learning auto-encoders. Int. J. Appl. Eng. Res.14(10), 2417–2421 (2019). http://www.ripublication.com
R. Sathya, A. Abraham, Comparison of supervised and unsupervised learning algorithms for pattern classification. (IJARAI) Int. J. Adv. Res. Artific. Intell. 2(2), 34–38 (2013)
R.B. Blazek, et al., A novel approach to detection of denial-of-service attacks via adaptive sequential and batch-sequential change-point detection methods, in Proceedings of IEEE …(2001), pp. 1–7. http://www.professores.unirg.edu.br/marcelo/coordenacao/mar/doutorado/ufrj/DoSDectionPaper.pdf
RCN, Prevention is Better than Cure, Royal College of Nursing (2020). https://www.rcn.org.uk/get-involved/campaign-with-us/prevention-is-better-than-cure
README.unified2, Unified2 (2018). https://www.snort.org/faq/readme-unified2. Accessed 15 Apr. 2022
S. Li, L.D. Xu, S. Zhao, 5G Internet of things: a survey. J. Ind. Inform. Integr. 10, 1–9 (Elsevier, 2018). https://doi.org/10.1016/J.JII.2018.01.005
S. Rommer et al., 5G Core Networks (Elsevier, 2020)
S. Savage, D. Wetherall, A. Karlin, T. Anderson, Network support for IP traceback. IEEE/ACM Transactions on Networking 9(3), 226–237 (2000). https://doi.org/10.1109/90.929847
S.M. Bellovin, M. Leech, T. Taylor, ICMP traceback messages (2003). http://academiccommons.columbia.edu/catalog/ac:127253
S.M. Specht, R.B. Lee, Distributed denial of service: taxonomies of attacks, tools and countermeasures, Int. Works. Secur. Parall. Distrib. Syst. (9), 543–550 (2004). https://doi.org/10.1.1.133.4566
S.S. Bhunia, M. Gurusamy, Dynamic attack detection and mitigation in IoT using SDN, in 2017 27th International Telecommunication Networks and Applications Conference, ITNAC 2017 (2017), pp. 1–6. https://doi.org/10.1109/ATNAC.2017.8215418
T. Luo, S.G. Nagarajany, Distributed anomaly detection using autoencoder neural networks in WSN for IoT, in IEEE International Conference on Communications (2018). https://doi.org/10.1109/ICC.2018.8422402
T. Peng, C. Leckie, K. Ramamohanarao, Protection from distributed denial of service attack using history-based IP filtering (2002)
T. Peng, C. Leckie, K. Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1) (2007). https://doi.org/10.1145/1216370.1216373
T.M. Gil, M. Poletto, in Proceedings of the 10 th USENIX Security Symposium MULTOPS : a Data-Structure for Bandwidth Attack Detection. Statistics (2001)
X. Geng, A.B. Whinston, Proactively defeating distributed denial of service attacks, Security 1(August), 1520 (2000). https://doi.org/10.1109/ccece.2003.1226075
Y. Bhavani, V. Janaki, R. Sridevi, IP traceback through modified probabilistic packet marking algorithm using chinese remainder theorem. Ain Shams Eng. J. Faculty Eng. Ain Shams Univ. 6(2), 715–722 (2015). https://doi.org/10.1016/j.asej.2014.12.004
Z. Kotulski, et al., On end-to-end approach for slice isolation in 5G networks. Fundamental challenges, in Proceedings of the 2017 Federated Conference on Computer Science and Information Systems, FedCSIS 2017 (vol. 11, 2017), pp. 783–792. https://doi.org/10.15439/2017F228
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Onoja, D., Hitchens, M., Shankaran, R. (2022). DDoS Threats and Solutions for 5G-Enabled IoT Networks. In: Pal, S., Jadidi, Z., Foo, E. (eds) Secure and Trusted Cyber Physical Systems. Smart Sensors, Measurement and Instrumentation, vol 43. Springer, Cham. https://doi.org/10.1007/978-3-031-08270-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-08270-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08269-6
Online ISBN: 978-3-031-08270-2
eBook Packages: Computer ScienceComputer Science (R0)