Mitigating distributed denial of service attacks in satellite networks

Satellite communication is becoming a complementary technology in future 5G and beyond networks due to its wider coverage. Similar to any terrestrial network, security has become a major concern in satellite networks. Due to a long distance between ground stations (GS) and satellite transponders and due to its inherited broadcast nature, satellite communication encounters certain limitations such as high bit error rate, high link delays, power control, and large round trip delays. The aforementioned limitations make security techniques proposed for terrestrial networks more challenging in satellite settings. Denial-of-service (DoS) and distributed DoS (DDoS) attacks have become one of the most popular security threats in both the terrestrial and satellite networks. In this article, we present a DDoS mitigation technique that can be employed at the GS end in satellite networks. In particular, we simulate Internet Control Message Protocol echo request (ping) flooding across a satellite network and propose a proactive mitigation technique by restricting the number of echo requests a network entity can generate. The simulation results demonstrate that DDoS attacks can be mitigated in satellite networks without affecting the quality of experience of legitimate users.