Abstract
5th generation wireless systems are coming. While we are excited about the delay-free high speeds 5G will bring, security problems are becoming more and more serious. Increasingly rampant Distributed Denial of service (DDoS) attacks, particularly Distributed Reflection Denial of Service (DrDoS) attacks with User Datagram Protocols (UDPs) have developed into a global problem. This article presents a design, implementation, analysis, and experimental evaluation of an authentication scheme, a defense against UDP DrDoS attacks, by which attackers cleverly use rebound server farms to bounce a flood of packets to a target host. We call our solution IEWA because it combines the concepts of increasing expenses and weak authentication. In this paper, we apply IEWA to Network Time Protocol (NTP). First, we simulate and compare the original and improved protocols. Next, we verify the effectiveness of our proposed scheme. We show that our improved scheme is safer than the original scheme. Finally, we compare our solution with existing state-of-the-art schemes, using indicators such as communication overhead, server storage costs, client storage costs, computation costs of server and computation costs of client. We find that our scheme improves system stability and security, reduces communication overhead, server storage cost and computational costs. Our solution not only improves the NTP protocol to mitigate DrDoS attacks, but also strengthens other UDP protocols that are vulnerable to DrDoS attacks. Therefore, our solution can be used as a solution to UDP DrDoS attacks in 5G Networks
Highlights
Along with the increasingly prosperous development of the Internet of things (IoT) [1], [2], intelligent services and mobile services [3]–[5], the 5th generation wireless systems is coming gradually [6], [7]
After the protocol is improved, the steady-state availability of the system increases from 0.93 to 0.98, indicating that the IEWA scheme proposed in this paper has a higher steady-state availability than the original Network Time Protocol (NTP) protocol under analysis
User Datagram Protocols (UDPs) flooding can be deployed for Distributed Reflection Denial of Service (DrDoS) attack has advantages in terms security by which a large number of UDP packets are sent to a target server in order to overwhelm the device’s processing capability and responsiveness
Summary
Along with the increasingly prosperous development of the Internet of things (IoT) [1], [2], intelligent services and mobile services [3]–[5], the 5th generation wireless systems (in short 5G) is coming gradually [6], [7]. Why are the Distributed Reflection Denial of Service (DrDoS) attacks through UDP favored by attackers? While many UDP packets impersonate its victim’s IP address, the destination server (or amplifier) responds to the victim instead of VOLUME 7, 2019 the attacker – this creates a reflected denial-of-service (DoS) attack [20]. In [21], we can refer all the UDP protocols prone to Distributed Reflection Denial-of-Service (DrDoS) attacks and associated BAFS(Bandwidth Amplification Factors). A significant DDoS NTP reflection attack occurred on February 11, 2014 This attack was reported to hit a record-breaking 400 Gbit/s (33% larger than the previous year’s attack against Spamhaus).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
