Conference paper Open Access

Leveraging the 5G architecture to mitigate amplification attacks

Repetto, Matteo; Carrega, Alessandro; Lamanna, Guerino; Yusupov, Jaloliddin; Toscano, Orazio; Bruno, Gianmarco; Nuovo, Michele; Cappelli, Marco

Volumetric (Distributed) Denial of Service attacks remain one of the major threats for any organization, capable of saturating most Internet access links through the usage of botnets and amplification techniques. The only effective mitiga- tion mechanism today is the redirection of the network traffic towards scrubbing centers; this protects the Internet pipe of the victim, but does not prevent wasting resources in other parts of the network.

In this paper, we leverage the cloud-native design of the 5G architecture to monitor traffic statistics at the edge of the network, which are then processed by a powerful Analytics ToolKit (ATk). Our work is based on the framework designed by the ASTRID project, which allows to automatically change the inspection probes while chasing a better balance between the granularity of the collected data and the overhead. We demonstrate our approach for an NTP amplification attack; the ATk is first trained with historical data and then used to detect deviations from the expected traffic profile, by switching between normal/warning/alert states. Our results show that it can correctly distinguish between periodical fluctuations of requests and attacks.

Files (596.3 kB)
Name Size
secsoft2021-1-2-1.pdf
md5:7714771fc8e5274d574bbcd6927004c8
596.3 kB Download
8
5
views
downloads
All versions This version
Views 88
Downloads 55
Data volume 3.0 MB3.0 MB
Unique views 88
Unique downloads 55

Share

Cite as