Abstract
The flooding distributed denial of service (DDoS) attacks are recognized as one of the most considerable threats to security. In the B5G/6G era, as devices connected to mobile networks increase, it is easily predicted that mobile data communication traffic will increase massively and rapidly. This suggests that DDoS attacks traffic via mobile networks can become a thread more than before. To defend against DDoS attacks, the best way is to collaborate with multiple domain networks, i.e., source network, core network, and victim-end network. An ideal approach is to detect and protect against DDoS attacks in a location close to the attack source. Therefore in this paper, we design a collaborative system working between IP and mobile networks to defend against DDoS attacks and introduce a prototype of the proposed scheme. By demonstrating the packet filtering function in UPF, we show its feasibility and effectiveness in 5G/6G networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ITU-R, IMT Traffic Estimates for the Years 2020 to 2030, Report ITU-R M.2370-0 (2015)
Oikonomou, G., Mirkovic, J., Reiher, P., Robinson, M.: A framework for a collaborative DDoS defense. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), pp. 33–42, December 2006
Shin, S., Kim, K., Jang, J.: D-SAT: detecting SYN flooding attack by two-stage statistical approach. In: Proceedings of Symposium on Applications and the Internet (SAINT), pp. 430–436, February 2005
Wang, H., Shin, K.G.: Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks. IEEE Trans. Parallel Distrib. Syst. 14(9), 873–884 (2003)
Mirkovic, J., Prier, G., Reiher, P.L.: Attacking DDoS at the source. In: Proceedings of IEEE International Conference on Network Protocols (ICNP), pp. 312–321, November 2002
netfilter/iptables project. https://www.netfilter.org/
Nawrocki, M., Blendin, J., Christoph, D., Schmidt, T.C., Wählisch, M.: Down the block hole: dismantling operational practices of BGP blackholing at IXPs. In: Proceedings of Internet Measurement Conference (IMC), October 2019
Saad, R., Nait-Abdesselam, F., Serhrouchni, A.: A collaborative peer-to-peer architecture to defend against DDoS attacks. In: Proceedings of IEEE Conference on Local Computer Networks (LCN), pp. 427–434, October 2008
Rashidi, B., Fung, C., Bertino, E.: A collaborative DDoS defence framework using network function virtualization. IEEE Trans. Inf. Forensics Secur. 12(10), 2483–2497 (2017)
Mortrnsen, A., Reddy, T., Moskowitz, R.: DDoS open threat signaling (DOTS) requirements. IETF, RFC 8612 (2019)
3GPP, System Architecture for the 5G System, 3GPP TS 23.501 V17.5.0, June 2022
Thomson, M., Benfield, C.: HTTP/2, IETF, RFC 9113, June 2022
3GPP, 5G System; Technical Realization of Service Based Architecture, 3GPP TS 29.500 V17.5.0, June 2022
OpenAPI, OpenAPI Specification Version 3.0.0. https://spec.openapis.org/oas/v3.0.0
3GPP, Interface between the Control Plane and the User Plane nodes, 3GPP TS 29.244, V17.5.0, June 2022
ETSI, Network Functions Virtualisation (NFV); architectural framework, Technical report ETSI GS NFV 002 (2018)
ONAP. https://www.onap.org/
ETSI, Zero-touch network and service management, Technical report ETSI GS ZSM 002 (2019)
Güngör, A.: UERANSIM. https://github.com/aligungr/UERANSIM
The free5GC project, free5GC. https://www.free5gc.org/
tshark. https://tshark.dev/
iperf3. https://iperf.fr/
The free5GC project, gtp5g - 5G compatible GTP kernel module. https://github.com/free5gc/gtp5g
The free5GC project, libgtp5gnl - netlink library for Linux kernel module 5G GTP-U. https://github.com/free5gc/libgtp5gnl
Antonakakis, M., April, T., Bailey, M., et al.: C. Understanding the Mirai botnet. In: USENIX Security Symposium, pp. 1093–1110, August 2017
Acknowledgments
This work is partly supported by the commissioned research (02501) of the National Institute of Information and Communications Technology (NICT), Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Okonogi, K., Suzuki, M., Tagami, A. (2023). System Design for DDoS Traffic Mitigation by a Collaboration of Mobile and IP Networks in 5G/6G. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 661. Springer, Cham. https://doi.org/10.1007/978-3-031-29056-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-29056-5_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29055-8
Online ISBN: 978-3-031-29056-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)