Real-Time DDoS Defense in 5G-Enabled IoT: A Multidomain Collaboration Perspective

While 5G networks have accelerated the development of the Internet of Things (IoT), they have also introduced a large number of vulnerable IoT devices into the network, which would lead to severe Distributed Denial-of-Service (DDoS) attacks. The newly emerging DDoS attack methods generally have a shorter duration, which imposes higher requirements for the response time of DDoS mitigation technologies. Existing DDoS defense methods cannot achieve real-time detection due to the difficulty of reducing the delay of feature extraction and large-scale data processing. In this article, we focus on the timeliness of DDoS detection and mitigation. We hope that deploying effective defense countermeasures at the source side will block the majority of DDoS attack traffic in real time before it enters the data network (DN). To this end, we propose a real-time DDoS defense framework based on multidomain collaboration that combines multisource information to detect attack sessions with high accuracy in 5G networks. To operate the framework at line rate, we propose an optimal packet sampling strategy based on the accurate session size estimation, which can greatly reduce the detection overhead while ensuring good accuracy. In a typical scenario with an attack session size larger than 10, this method can achieve a 99% detection rate while reducing the packet inspection rate (PIR) to less than 37%.