MECPASS: Distributed Denial of Service Defense Architecture for Mobile Networks

Distributed denial of service is one of the most critical threats to the availability of Internet services. A botnet with only 0.01 percent of the 50 billion connected devices in the Internet of Things is sufficient to launch a massive DDoS flooding attack that could exhaust resources and interrupt any target. However, the mobility of user equipment and the distinctive characteristics of traffic behavior in mobile networks also limit the detection capabilities of traditional anti-DDoS techniques. In this article, we present a novel collaborative DDoS defense architecture called MECPASS to mitigate the attack traffic from mobile devices. Our design involves two filtering hierarchies. First, filters at edge computing servers (i.e., local nodes) seek to prevent spoofing attacks and anomalous traffic near sources as much as possible. Second, global analyzers located at cloud servers (i.e., central nodes) classify the traffic of the entire monitored network and unveil suspicious behaviors by periodically aggregating data from the local nodes. We have explored the effectiveness of our system on various types of application-layer DDoS attacks in the context of web servers. The simulation results show that MECPASS can effectively defend and clean an Internet service provider core network from the junk traffic of compromised UEs, while maintaining the false-positive rate of its detection engine at less than 1 percent.