Research On DDoS Attack Detection For 5g Network Environment

The trend of the fifth-generation mobile communication technology(5th Generation Mobile Communication Technology,5G)is sweeping all over the world.5G will participate in all aspects of the future society and reshape a new and disruptive information ecosystem.Software-defined networking(Software-Defined Network,SDN)and network function virtualization(Network Functions Virtualization,NFV)as a new generation of IT technology provide new solutions for building 5G networks which can be used to build new 5G facility platforms and network logical architectures.While new technologies bring new advantages,they also make 5G network security face more challenges.Nowadays,one of the most important threats to Internet security is distributed denial of service(Distributed Denial of Service,DDo S)attacks.A DDo S attack is extensive denial of service attack initiated by multiple computers on the Internet.In theory,every terminal that can access the Internet can be used as an attack node in a distributed denial of service attack.For 5G networks,attackers can launch DDo S attacks more effectively by using the high speed,big data,and massive terminals of 5G networks.Due to the introduction of SDN,the controller is deployed as control center on the Internet.And all network nodes communicate with the controller and share information about network status and data flow.The controller is the most attractive target to DDo S attackers.Under the malicious DDo S attack,the controller will be crash,meanwhile the relevant network will be also paralyzed,and all parts of the access network will be affected.DDo S attacks are cheap and simple to initiate,but they are extremely destructive and involve a wide range.Therefore,how to effectively detect the DDo S attacks in 5G network is a hot research topic.Based on the above background,the main work of this thesis is as follows:(1)Based on the study of 5G network architecture and key technologies,as well as the traditional network DDo S attacks,this thesis first analyzes the attack methods and specific forms used in the 5G network,proposes to classify the 5G network DDo S attacks according to the types of consumed resources,and divides them into four categories.Secondly,for these types of attacks,analyzes the relevant DDo S attack traffic characteristics,and further puts forward some detection methods for these characteristics,and verifies these methods;(2)In this thesis,we design and implement a two stages DDo S attack detection scheme based on SDN architecture.First,we judge whether the DDo S attack is likely to occur by pre judgment,which reduces the computational load of SDN controller.If the DDo S attack is predicted,then we detect whether the DDo S attack is likely to occur by specific detection.The first stage algorithm proposes a DDo S attack detection method based on Shannon entropy,by jointly detecting the entropy value of the destination IP address and the source IP address,the DDo S attack is judged and an alarm is given,and gives a method on design the important parameters in this algorithm such as threshold and window.The second stage algorithm proposes a method to judge DDo S attacks according to the principle of network selfsimilarity,and improves the traditional R / S method to calculate the Hurst coefficient.When the adjacent Hurst index coefficient changes more than 2 times,it is considered that the DDo S attack is detected and an alarm is issued.The first stage is used to detect DDo S attacks with obvious attack characteristics,which can detect the vast majority of DDo S attacks;for more covert DDo S attack flow,the second stage detection method is proposed to continue to detect;(3)In the first stage detection algorithm,it is proposed to use the Sketch data summary structure to count the frequency of each element in the data stream,so as to achieve the purpose of small cache space and low complexity;(4)Finally,the simulation experiment results show that the two stages algorithm of DDo S detection scheme can detect DDo S attacks in 5G network high detection rate and low false positive error rate and low negative error rate.