Detecting IP DDoS Attacks Using 3GPP Radio Protocols

Contemporary mobile networks, offering advanced services such as highly dependable and fast communication (URLLC) and extensive device-to-device connectivity (mMTC), are paving the way for the upcoming 6G era. These networks are expanding their capabilities beyond traditional voice and short messaging services, enabling diverse devices to connect to the cellular network. However, with this increased connectivity comes a heightened vulnerability at the radio interface, which is the primary access medium for mobile network communication. This research work focuses on safeguarding the availability of the radio interface in the face of emerging threats. Threats to radio interface availability can originate either directly from exploiting the 3GPP radio protocol stack within base stations or indirectly through the IP protocol stack carried over the user plane. In particular, this research paper delves into user plane DDoS attacks leveraging the IP protocol stack to generate excessive traffic. It introduces a novel detection method situated within the Radio Access Network (RAN). This method analyzes the patterns of radio protocols and their functionalities to identify user plane DDoS attacks initiated from User Equipment (UEs). Importantly, the method does not rely on directly inspecting user plane packets like IP packets but rather leverages the characteristics of 3GPP radio protocols (e.g., MAC, RLC, PDCP) to detect IP DDoS attacks closer to their origin. This early detection capability helps prevent DDoS traffic from propagating to the transport network. The implications of this research extend beyond the current generation of networks, as it lays a foundation for enhancing security in the forthcoming 6G networks. As 6G aims to deliver even more advanced services and connectivity across a diverse array of devices, the robust security measures proposed in this work will be instrumental in ensuring the reliability and availability of these cutting-edge networks. The analysis employed in this paper showcase the performance with accuracy of 98.9% for DDoS attack detection.