CN114567884A - DDoS attack resisting method based on physical layer attribute - Google Patents
DDoS attack resisting method based on physical layer attribute Download PDFInfo
- Publication number
- CN114567884A CN114567884A CN202210193204.6A CN202210193204A CN114567884A CN 114567884 A CN114567884 A CN 114567884A CN 202210193204 A CN202210193204 A CN 202210193204A CN 114567884 A CN114567884 A CN 114567884A
- Authority
- CN
- China
- Prior art keywords
- cfo
- values
- base station
- user
- ddos attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 239000011159 matrix material Substances 0.000 claims description 18
- 101100533725 Mus musculus Smr3a gene Proteins 0.000 claims description 11
- 238000003064 k means clustering Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 238000012549 training Methods 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 238000001514 detection method Methods 0.000 abstract description 9
- 238000004364 calculation method Methods 0.000 abstract description 7
- 238000004891 communication Methods 0.000 abstract description 4
- 235000019580 granularity Nutrition 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 5
- 230000011664 signaling Effects 0.000 description 4
- 230000004913 activation Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 101001055444 Homo sapiens Mediator of RNA polymerase II transcription subunit 20 Proteins 0.000 description 1
- 102100026165 Mediator of RNA polymerase II transcription subunit 20 Human genes 0.000 description 1
- 108091005487 SCARB1 Proteins 0.000 description 1
- 101150096310 SIB1 gene Proteins 0.000 description 1
- 102100037118 Scavenger receptor class B member 1 Human genes 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000013256 coordination polymer Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012559 user support system Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2321—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
- G06F18/23213—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access
- H04W74/002—Transmission of channel access control information
- H04W74/004—Transmission of channel access control information in the uplink, i.e. towards network
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Power Engineering (AREA)
- Life Sciences & Earth Sciences (AREA)
- Probability & Statistics with Applications (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a DDoS attack resisting method based on physical layer attribute, which utilizes the unique physical layer attribute (communication channel attribute TA and hardware attribute CFO uniqueness under ideal condition) of a user and provides two different schemes of cascade connection and joint detection through two physical layer device fingerprints with different granularities, so that base stations with different computing capabilities can adopt different modes, and the aim of utilizing illegal users to interrupt legal service by using a large amount of random access requests is fulfilled, under the condition of ensuring low cost, the legal and illegal users are distinguished by a clustering algorithm, the computing complexity is low, the DDoS attack detection in the random access stage of a 5G NR network is realized, the blank of detecting DDoS attack of the illegal users before RRC connection requests are sent is fundamentally filled, and simultaneously, because the computing complexity is low, the computing cost is small and the cost is low, the method realizes satisfactory balance between the calculation overhead and the security level, and is suitable for detecting the DDoS attack of the illegal user in a 5G massive connection scene.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to a DDoS attack resisting method based on physical layer attributes.
Background
Mass machine type communication is one of three scenes of 5G (flight-generation) network design, and aims to provide wide wireless connection for hundreds of billions of machine devices, but while realizing the interconnection of everything, the support for a large number of connected devices also provides great opportunities for attackers, especially in Distributed Denial-of-Service (DDoS) attacks. The security threats of DDoS attacks existing in the current 5G network mainly include:
1) before a Radio Resource Control (RRC) connection request is sent, in an initial stage of random access, a malicious user sends a large number of random access Preamble sequences (RA preambles, i.e., Msg1) to a base station in a short time, so that the base station continuously reserves resources for the malicious user to wait for the malicious user to access, and occupies the preambles, which results in that other legitimate users cannot access.
2) After RRC connection request transmission, RRC malicious signaling exchanged during this period may be used to cause DDoS attacks to the 5G base station (gNB) before Access Stratum (AS) security activation. For example, an attacker may destroy a large amount of internet of things devices, repeatedly send access request messages, and send a large amount of random accesses to the gNB in a short time, so that a preamble is occupied, and other normal internet of things devices cannot access the internet of things devices. Attacks it is also possible to build malicious RRC signaling to attack the gNB.
3) After the AS is activated safely, the internet of things device may be maliciously utilized to send a large amount of signaling or user data packets to the gNB, for example, send a large amount of RRC signaling or UP data such AS RRC reestablishment/RRC recovery/user plane data packets, and the like, which causes the gNB to exhaust process resources, and thus the gNB rejects services.
In the prior art, there are two main schemes for resisting DDOS attack in a 5G network, which are respectively:
the first one is mainly to use two thresholds, the gNB can detect RRC resume/RRC re-estimate, RRC message sent on SRB1 and NAS message transmitted through SRB2, then if the total number of messages received by the base station in a period of time exceeds threshold 1, the base station starts to track each UE, if the same UE temporary identifier is received and sent out to a message that also exceeds threshold 2, the UE is marked as an attacking or behaving abnormal user, and reports the information of the attacking UE to 5 GC.
The second is mainly that the RAN can identify the misbehaving user by itself through the traffic detection mechanism, and since the present end-user supports mobility, in order to protect the neighboring RAN and try to shorten the detection time of the neighboring RAN, the original RAN will report the misbehaving UE ID list to its neighboring RAN.
The existing DDoS attack detection scheme only solves DDoS attacks occurring after AS security activation and before AS security activation after RRC connection request transmission, that is, mainly aims at security threats existing in 2) and 3), wherein the first scheme is mainly aimed at a third point in the security threats, and the second scheme is mainly aimed at a second point and a third point in the security threats. How to prevent DDoS attacks from being detected before RRC connection request transmission remains an open question. If a malicious user sends a large number of random access preamble sequences to a base station in a random access stage, and the base station reserves resources, the existing scheme cannot solve the problem. Furthermore, the threshold of the first scheme has yet to be implemented and the second scheme has yet to be questioned how to synchronize the lists in the RAN. Therefore, a practical solution to the first security threat needs to be developed.
Disclosure of Invention
The invention provides a method for resisting DDoS attack based on physical layer attributes, which is used for detecting DDoS attack in a stage of sending Msg1 messages in a first step of random access before an RRC connection request is sent, and fills the blank of the part in practical application.
In order to achieve the above purpose, the invention provides the following technical scheme:
a DDoS attack resisting method based on physical layer attributes, wherein a base station works in two modes, and the method comprises the following steps:
s1, setting a Threshold value Threshold to represent the maximum random access times which can be initiated by the same UE;
s2, the UE sends a random access lead code Msg1 to the base station gNB;
s3, after receiving the Msg1, the gNB judges whether the base station is a small base station or not, if the base station is the small base station, the Mode1 is adopted, the step is executed, otherwise, the Mode2 is adopted, and the step S8 is executed; automatically calculating TA, and recording all TA values received in a period of time to obtain an N-dimensional vector TA ═ TA0,TA1,...,TAN-1];
S4, performing one-dimensional clustering based on TA;
s5, if the Number1 of the elements of a certain class is larger than a Threshold, judging that malicious users possibly exist in the class, and executing a step S8, otherwise, judging that no malicious user exists, and allowing access:
s6, tracking the UEs with TA values in the classes possibly containing malicious users, extracting CFO values from the Msg1 messages sent by the UEs, and obtaining an N-dimensional vector epsilon ═ epsilon0,ε1,...,εN-1]One-dimensional clustering is performed based on epsilon;
s7, if the Number of elements in a certain class is 2 greater than Threshold, then the user with the CFO value is judged to be a malicious user, and the access request is rejected, otherwise, the access request is received;
s8, the bs continuously obtains TA value and CFO estimation value of the received signal, and defines a 2 × N matrix a [ [ TA ∈ ] ]]TWhere TA and epsilon represent N samples of the timing advance and carrier frequency offset from the ue, respectively, and TA is [ TA ═ N0,TA1,...,TAN-1],ε=[ε0,ε1,...,εN-1];
S9, performing two-dimensional clustering based on the matrix A;
s10, if the total Number3 of the matrix A in a certain class is larger than a Threshold value Threshold, judging that the user of the matrix A is a malicious user, rejecting the access request of the user, and otherwise, receiving the access request of the user.
Further, in step S4, the TA values are classified into K classes in total, and based on the N-dimensional vector TA, the TA values are classified by using a K-Means clustering method.
Further, in step S6, the CFO values are classified into M classes in total, and one classification is performed on the CFO values by using a K-Means clustering method based on the N-dimensional vector ∈.
Further, the estimation and processing of the CFO value in step S6 is embedded in the signal processing of the receiver.
Further, the method of acquiring the CFO value in step S6 is to measure the CFO by using a time domain method or a frequency domain method using the repetition resources, or estimate the CFO by using a training sequence with a pilot inserted, or track the CFO by using an extended kalman filter, or estimate the CFO based on AVR.
Further, in step S9, the values of the two-dimensional matrix a are classified into P classes in total, and based on the two-dimensional matrix a, the values of a are classified by using a K-Means clustering method.
Further, the value K is taken in terms of the resolution of TA in the cell, K being the resolution of the cell radius/TA value.
Further, the values of M and P are the average number of users initiating random access in the 5G cell.
Compared with the prior art, the invention has the beneficial effects that:
compared with the existing DDoS attack detection scheme in the 5G NR network, the DDoS attack resisting method based on the physical layer attributes fundamentally fills the blank of detecting the DDoS attack of an illegal user before the RRC connection request is sent, two different schemes of cascade connection and joint detection are provided by using the special physical layer attributes (the uniqueness of a communication channel attribute TA and a hardware attribute CFO under the ideal condition) of the user and through the fingerprints of physical layer equipment with two different granularities, so that base stations with different computing capabilities can adopt different modes, the aim of using a large number of random access requests to interrupt legal service by the illegal user is fulfilled, the legal and illegal users are distinguished by a clustering algorithm under the condition of ensuring low cost, the computing complexity is low, and the DDoS attack detection at the random access stage of the 5G NR network is realized. Meanwhile, due to low computation complexity, low computation overhead and low cost, satisfactory balance between the computation overhead and the security level is realized, and the method is suitable for detecting the DDoS attack of the illegal user in a 5G massive connection scene.
Drawings
In order to more clearly illustrate the embodiments of the present application or technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a diagram of a mode selection process of a base station according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for resisting DDoS attack based on physical layer attributes according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood by those skilled in the art, the present invention will be further described in detail with reference to the accompanying drawings and examples.
The base station is divided into a small base station and a macro base station. The small base station is a base station with much smaller transmission power, coverage and user ratio than the traditional macro base station, and limited calculation and storage capacity.
In the DDoS attack resisting method based on the physical layer attribute, the base station works in two modes, namely Mode1 and Mode 2. As shown in fig. 1, if the base station is a small base station and the calculation and storage capabilities are weak, the Mode is adopted 1, otherwise, the Mode is adopted 2. As shown in fig. 2, the method specifically includes the following steps:
s1, setting a Threshold, which indicates the maximum number of times of random access that the same UE can initiate (given in the scheduling information of SIB1 sent by the network side).
S2, the UE sends a random access Preamble (namely Msg1, RA Preamble) to the base station gNB.
S3、gAnd after receiving the Msg1, the NB judges whether the base station is a small base station or not, and if the base station is the small base station. Then the Mode1 is adopted, the step is executed, otherwise the Mode2 is adopted, and the step S8 is executed; automatically calculating TA (time Advance), and recording all TA values received in a period of time to obtain an N-dimensional vector TA ═ TA0,TA1,...,TAN-1]。
S4, performing one-dimensional clustering based on TA, specifically, dividing TA values into K classes in total, and performing one classification based on N-dimensional vector TA by adopting a K-Means clustering method. If a hierarchical clustering algorithm or the like is adopted, which does not need to know several types of algorithms in advance, the K types are not set in advance. The K value is obtained according to the resolution of TA in the actual cell, and the K value actually represents the type of TA value that can be distinguished in the cell, so K is the resolution of cell radius/TA value, the resolution of TA is generally 78m, for example, in a typical 5G small cell with a cell radius of 780m, and K is 10.
S5, if the Number1 of the elements of a certain class is larger than a Threshold value Threshold, judging that malicious users possibly exist in the class, and executing a step S8, otherwise, judging that no malicious users exist, and allowing access.
S6, tracking the UEs with TA values in the classes possibly containing malicious users, extracting CFO values from the Msg1 messages sent by the UEs, and obtaining an N-dimensional vector epsilon ═ epsilon0,ε1,...,εN-1]And one-dimensional clustering is carried out based on epsilon, specifically, CFO values are divided into M classes in total, and one class is carried out based on the N-dimensional vector epsilon by adopting a K-Means clustering method. If a hierarchical clustering algorithm or the like is adopted, which does not need to know several types of algorithms in advance, M types can not be set in advance. The value of M is the average number of users that typically initiate random access in a 5G cell.
As for the method for extracting CFO in step 6), there are various methods in the prior art, for example, measuring CFO by using a time domain method or a frequency domain method using a repetition resource (CP or repetition subcarrier); a method for estimating CFO by using a training sequence inserted with pilot frequency, and simultaneously, in order to accurately model and predict the value of the next frame, the value of CFO can be tracked by using extended Kalman filtering; as another example, joint estimation of CFO and IQ imbalance, but also CFO estimation based on AVR, and so on. In this scheme, CFO estimation and processing is embedded in the signal processing of the receiver in order not to introduce additional computational overhead in the actual system.
S7, if the Number2 of the certain element is larger than the Threshold value Threshold, judging that the user with the CFO value is a malicious user, rejecting the access request, and otherwise, receiving the access request.
S8, the base station continuously obtains TA value and CFO estimation value of the received signal, and defines a 2 × N matrix a ═ TA ∈]TWhere TA, epsilon represent N samples of the timing advance and carrier frequency offset from the ue, respectively, and TA is [ TA ═0,TA1,...,TAN-1],ε=[ε0,ε1,...,εN-1]。
S9, performing two-dimensional clustering based on the matrix A, specifically, dividing the value of the two-dimensional matrix A into P classes in total, and performing one classification based on the two-dimensional matrix A by adopting a K-Means clustering method. If a hierarchical clustering algorithm or the like is adopted, which does not need to know several types of algorithms in advance, the P type is not set in advance. The value of P is the average number of users that typically initiate random access in a 5G cell.
S10, if the total Number3 of the matrix A in a certain class is larger than a Threshold, judging that the user of the matrix A is a malicious user, rejecting the access request, and otherwise, receiving the access request.
Compared with the prior art, the DDoS attack resisting method based on the physical layer attribute has the following outstanding contributions:
1) the method and the device distinguish legal users from illegal users by utilizing the uniqueness of the user communication channel attribute TA and the hardware attribute CFO under the ideal condition, wherein the TA is the amount which can be measured by the original base station, and the CFO estimation and processing are embedded into the signal processing of the receiver.
2) The scheme is applied before the RRC connection request is sent, and fills the blank of how to prevent and detect DDoS attack before the RRC connection request is sent in the actual application process at the initial stage of random access.
3) By using the aim that an illegal user wants to interrupt legal service by using a large number of random access requests, a satisfactory balance between the security level and the calculation overhead is realized through a simple clustering algorithm and two modes which can be adopted by base stations with different calculation capabilities.
4) The method can be suitable for DDoS attack detection in the random access stage of the 5G NR network, is low in cost and low in calculation overhead, and achieves satisfactory balance between the security level and the calculation overhead through two schemes.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: it is to be understood that modifications may be made to the technical solutions described in the foregoing embodiments, or equivalents may be substituted for some of the technical features thereof, but such modifications or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A DDoS attack resisting method based on physical layer attributes is characterized in that a base station works in two modes, and the method comprises the following steps:
s1, setting a Threshold value Threshold to represent the maximum random access times which can be initiated by the same UE;
s2, the UE sends a random access lead code Msg1 to a base station gNB;
s3, after receiving the Msg1, the gNB judges whether the base station is a small base station or not, if the base station is the small base station, the Mode1 is adopted, the step is executed, otherwise, the Mode2 is adopted, and the step S8 is executed; automatically calculating TA, and recording all TA values received in a period of time to obtain an N-dimensional vector TA ═ TA0,TA1,...,TAN-1];
S4, performing one-dimensional clustering based on TA;
s5, if the Number1 of the elements of a certain class is larger than a Threshold value Threshold, judging that malicious users possibly exist in the class, and executing a step S8, otherwise, judging that no malicious user exists, and allowing access;
s6, tracking the UEs with TA values in the classes possibly containing malicious users, extracting CFO values from the Msg1 messages sent by the UEs, and obtaining an N-dimensional vector epsilon ═ epsilon0,ε1,…,εN-1]One-dimensional clustering is performed based on epsilon;
s7, if the Number2 of certain element is larger than Threshold, judging that the user with the CFO value is a malicious user, rejecting the access request, otherwise, receiving the access request;
s8, the base station continuously obtains TA value and CFO estimation value of the received signal, and defines a 2 × N matrix a ═ TA ∈]TWhere TA, epsilon represent N samples of the timing advance and carrier frequency offset from the ue, respectively, and TA is [ TA ═0,TA1,...,TAN-1],ε=[ε0,ε1,…,εN-1];
S9, performing two-dimensional clustering based on the matrix A;
s10, if the total Number3 of the matrix A in a certain class is larger than a Threshold value Threshold, judging that the user of the matrix A is a malicious user, rejecting the access request of the user, and otherwise, receiving the access request of the user.
2. A method according to claim 1, wherein in step S4, the TA values are divided into K classes, and based on the N-dimensional vector TA, the TA values are classified by a K-Means clustering method.
3. A method according to claim 1, wherein in step S6, the CFO values are classified into M classes, and based on the N-dimensional vector epsilon, the CFO values are classified by a K-Means clustering method.
4. The method for resisting DDoS attack based on physical layer attributes according to claim 1, wherein the estimation and processing of CFO values in step S6 is embedded in signal processing of a receiver.
5. The method of claim 1, wherein the step S6 of obtaining the CFO value is to measure the CFO by using a time domain method or a frequency domain method using repeated resources, or to estimate the CFO by using a training sequence with inserted pilots, or to track the CFO by using an extended kalman filter, or to estimate the CFO based on AVR.
6. A method according to claim 1, wherein in step S9, the values of the two-dimensional matrix a are classified into P classes, and based on the two-dimensional matrix a, the values of a are classified by a K-Means clustering method.
7. A method as claimed in claim 1, wherein K is derived according to TA resolution in the cell, K is cell radius/TA resolution.
8. The method of claim 1, wherein the values of M and P are an average number of users initiating random access in a 5G cell.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210193204.6A CN114567884A (en) | 2022-03-01 | 2022-03-01 | DDoS attack resisting method based on physical layer attribute |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210193204.6A CN114567884A (en) | 2022-03-01 | 2022-03-01 | DDoS attack resisting method based on physical layer attribute |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114567884A true CN114567884A (en) | 2022-05-31 |
Family
ID=81715614
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210193204.6A Pending CN114567884A (en) | 2022-03-01 | 2022-03-01 | DDoS attack resisting method based on physical layer attribute |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114567884A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4297341A1 (en) * | 2022-06-20 | 2023-12-27 | Nokia Solutions and Networks Oy | Apparatus and method for detecting prach storm attacks |
-
2022
- 2022-03-01 CN CN202210193204.6A patent/CN114567884A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4297341A1 (en) * | 2022-06-20 | 2023-12-27 | Nokia Solutions and Networks Oy | Apparatus and method for detecting prach storm attacks |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110741661B (en) | Method, mobile device and computer readable storage medium for pseudo base station detection | |
US11317348B2 (en) | Communication apparatus and communication method for low power event monitoring | |
Yu et al. | Securing cognitive radio networks against primary user emulation attacks | |
CN109275145B (en) | Device behavior detection and barrier processing method, medium and electronic device | |
RU2441327C2 (en) | Protocol data unit restoration | |
US20230099706A1 (en) | Wireless intrusion prevention system, wireless network system comprising same, and method for operating wireless network system | |
Moreira et al. | Cross-layer authentication protocol design for ultra-dense 5G HetNets | |
US20240114337A1 (en) | Method and user equipment for determining whether base station is genuine or rouge in wireless network | |
Song et al. | Enhancing Packet‐Level Wi‐Fi Device Authentication Protocol Leveraging Channel State Information | |
CN113728670B (en) | Detection of system information modification using access stratum security mode commands | |
US20210282016A1 (en) | Denial of service attack detection and mitigation | |
US20220264307A1 (en) | Method and system for detecting cyber-attacks using network analytics | |
Jang et al. | A preamble collision resolution scheme via tagged preambles for cellular IoT/M2M communications | |
Marojevic | C-V2X security requirements and procedures: Survey and research directions | |
CN112087756A (en) | Communication method and device for preventing malicious user from accessing | |
Chen et al. | Enhancing Wi-Fi Device Authentication Protocol Leveraging Channel State Information | |
CN114567884A (en) | DDoS attack resisting method based on physical layer attribute | |
US20080263660A1 (en) | Method, Device and Program for Detection of Address Spoofing in a Wireless Network | |
EP3884635B1 (en) | A method and apparatuses for authenticating a group of wireless communication devices | |
Bisht et al. | Detection and localization of DDoS attack during inter-slice handover in 5G network slicing | |
Shojaee et al. | Traffic analysis for WiMAX network under DDoS attack | |
Lu et al. | Traffic-driven intrusion detection for massive MTC towards 5G networks | |
WO2016184097A1 (en) | Signal processing method, network device, system, and computer storage medium | |
EP4297341A1 (en) | Apparatus and method for detecting prach storm attacks | |
Tian et al. | A DDoS Detection Method Over Radio Interfaces Based on Multiple Physical Layer Attributes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |