Resumen
Research to deal with distributed denial of service (DDoS) attacks was kicked off from long ago and has seen technological advancement along with an extensive 5G footprint. Prior studies, and still newer ones, in the realm of DDoS attacks in the 5G environment appear to be focused primarily on radio access network (RAN) and voice service network, meaning that there is no attempt to mitigate DDoS attacks targeted on core networks (CN) by applying artificial intelligence (AI) in modeling. In particular, such components of a CN as the Access and Mobility Management Function (AMF), Session Management Function (SMF), and User Plane Function (UPF), all being principal functions enabled to provide 5G services as base stations do, provide expansive connectivity with geographically very large area coverage that cannot be matched by the base stations. Moreover, to complete re-registration for one UE, required messages in protocols Packet Forwarding Control Protocol (PFCP) and HTTP/2 are approximately 40 in number. This implies that a DDoS attack targeting the CN has, once accomplished, a greater than expected impact, when compared to DDoS attacks targeting the RAN. Therefore, security mechanisms for the CN must be put into practice. This research proposes a method, along with a threat detection system, to mitigate signaling DDoS attacks targeted on 5G SA (standalone) CNs. It is verified that the use of fundamental ML classifiers together with preprocessing with entropy-based analysis (EBA) and statistics-based analysis (SBA) enables us to proactively react against signaling DDoS attacks. Additionally, the evaluation results manifest that the random forest achieves the best detection performance, with an average accuracy of 98.7%.