Enhancing Two-Step Random Access in LEO Satellite Internet an Attack-Aware Adaptive Backoff Indicator (AA-BI)

Abstract

Low-Earth-Orbit Satellite Internet (LEO SI), with its capability for seamless global coverage, is a key solution for connecting IoT devices in areas beyond terrestrial network reach, playing a vital role in building a future ubiquitous IoT system. Inspired by the IEEE 802.15.4 Improved Adaptive Backoff Algorithm (I-ABA), this paper proposes an Attack-Aware Adaptive Backoff Indicator (AA-BI) mechanism to enhance the security and robustness of the two-step random access process in LEO SI. The mechanism constructs a composite threat intensity indicator that incorporates collision probability, Denial-of-Service (DoS) attack strength, and replay attack intensity. This quantified threat level is smoothly mapped to a dynamic backoff window to achieve adaptive backoff adjustment. Simulation results demonstrate that, with 200 pieces of user equipment (UE), the AA-BI mechanism significantly improves the access success rate (ASR) and jamming resistance rate (JRR) under various attack scenarios compared to the I-ABA and Binary Exponential Backoff (BEB) algorithms. Notably, under high-attack conditions, AA-BI improves ASR by up to 25.1% and 56.6% over I-ABA and BEB, respectively. Moreover, under high-load conditions with 800 users, AA-BI still maintains superior performance, achieving an ASR of 0.42 and a JRR of 0.68, thereby effectively ensuring the access performance and reliability of satellite Internet in malicious environments.

1. Introduction

With the proposal of the 6G integrated space–air–ground–sea network vision, Non-Terrestrial Networks (NTN) have emerged as a critical technology for achieving global ubiquitous connectivity. Among these, satellite internet—characterized by its extensive coverage and high flexibility—is progressively becoming key infrastructure for enabling seamless worldwide coverage [1]. Compared to terrestrial cellular networks, LEO satellites offer advantages including wide-area coverage, independence from geographical constraints, and rapid deployment, providing continuous connectivity to regions beyond the reach of ground networks, such as oceans, deserts, and polar areas [2,3]. However, inherent challenges in LEO scenarios, such as long propagation delays and frequent beam handovers caused by high mobility, result in substantially higher retransmission costs—incurring a penalty of two round-trip times—when collisions occur in the traditional 4-step Random Access (4-step RA) procedure [4]. To drastically reduce this signaling overhead and access latency, which is critical in high-delay LEO environments, 3GPP Release 19 has identified “Two-Step Random Access (2-step RA)” as a key direction for NTN standard evolution [5]. This approach reduces signaling overhead considerably by merging Msg1 and Msg3 into MsgA, and Msg2 and Msg4 into MsgB, thereby compressing the access procedure into approximately one RTT and halving the collision retransmission penalty, which is essential for improving the overall access efficiency of LEO networks. It introduces a Backoff procedure for handling access collisions or failures [6]. The proposed AA-BI mechanism in this paper is designed to secure and optimize the backoff procedure within this more efficient 2-step RA framework.

In the two-step random access procedure adopted by LEO satellite internet, a UE must perform retransmissions based backoff window after an initial MsgA transmission failure, where the value of the backoff window is directly determined by the BI. Thus, the selection of the BI becomes a critical bottleneck in access performance. In LEO-NTN environments, the primary challenge faced by conventional BI mechanisms is the coupling mismatch between the round-trip time (RTT) and the backoff window. The RTT of LEO satellites (15–40 ms) and the granularity of traditional BI values (e.g., 8 ms, 16 ms) are on the same order of magnitude, leading to two extreme scenarios. The first occurs when the BI value assigned by the network is smaller than the current link’s RTT: the UE may receive a response message (MsgB) from the gNodeB before its backoff timer expires. In this case, the backoff process is prematurely terminated, resulting in channel resources being idle while the UE awaits the response, thereby reducing resource utilization. The opposite situation arises when the BI value exceeds the RTT: even after successfully receiving MsgB, the UE must wait through an extended backoff period before initiating the next access attempt. This excessive waiting causes significant “resource idling,” particularly under favorable channel conditions with low collision probability, where an excessively long backoff window unnecessarily increases access latency and degrades user experience. Although traditional BI mechanisms are straightforward to implement, they struggle to adapt to the dramatic fluctuations in traffic load typical of LEO networks—undersized windows under high load induce persistent collisions, whereas oversized windows under low load lead to resource idling [7].

Standards such as IEEE 802.11 and LTE employ the Binary Exponential Backoff (BEB) and its variants, which utilize an exponentially growing Contention Window (CW) to manage retransmissions [8]. However, these algorithms suffer from large jitter, slow convergence, and—more critically—fail to adequately accommodate the high mobility andRTT coupling effects characteristic of LEO satellite environments. Consequently, they are unsuitable for direct use in LEO satellite internet random access. To overcome these issues, Khanafer et al. introduced I-ABA in 2024 [9], an adaptive backoff algorithm based on quadratic curve fitting. By dynamically adjusting the contention window according to collision probability, I-ABA raised channel utilization from 13.3% (with BEB) to 57.6% in a large-scale Wireless Body Area Network (WBAN) with 340 nodes, also providing an analytical three-dimensional Markov model for throughput, delay, and energy consumption. Despite these advances, I-ABA does not account for attack scenarios, which are a serious concern in open and resource-constrained LEO-NTN environments where jamming attacks—including DoS, replay, and physical-layer jamming—are prevalent [10,11].

In such settings, DoS attackers flood the PRACH with random access preambles (RAP) to exhaust resources and block legitimate UE, while replay attackers intercept and retransmit valid MsgA messages, inducing artificial collisions. Traditional BI mechanisms operate on a “collision–backoff” loop, adjusting BI based on detected collisions. This approach has a fundamental flaw: it cannot differentiate between collisions caused by normal high load and those triggered maliciously. Both are treated as congestion, invoking aggressive backoff strategies [11]. As a result, legitimate UE is penalized with extended backoffs, while attackers—unconstrained by backoff rules—continue their assaults, exacerbating network paralysis.

Unlike I-ABA, which remains collision-driven and blind to attack sources, or methods like NJS [12] that rely on precise attacker identification and isolation—involving detailed channel monitoring and complex analysis—our proposed AA-BI mechanism adopts a resilience-oriented paradigm. It enhances intrinsic robustness by adapting the backoff strategy through comprehensive threat assessment—without needing to pinpoint individual attackers. This represents a fundamental shift from a collision-driven or identification-dependent model to a threat-aware, resilience-based adaptation framework, ensuring reliable access performance even under persistent attacks.

To address these challenges, this paper proposes an AA-BI mechanism. The core innovation of AA-BI lies in shifting the backoff decision paradigm from a conventional collision-driven to a threat-driven approach, enabling dynamic and adaptive backoff window adjustment tailored for two-step random access in LEO satellite networks. The main contributions are summarized as follows:

• Threat-Aware Backoff Indicator Design: We propose a composite threat intensity metric (denoted as P_eff) that incorporates not only traditional collision probability (P_c), but also quantifies DoS attack intensity (P_dos) and replay attack intensity (P_rep). This enables accurate real-time network state assessment under malicious conditions.
• Sigmoid-Based Adaptive Window Mapping: A lightweight Sigmoid mapping function is designed to translate P_eff into appropriate backoff window sizes, ensuring low latency under benign conditions and rapid attack suppression under high threats.
• Low-Complexity Offline Optimization: Critical parameters including the sensitivity coefficient k and the trigger threshold x₀ of the mapping function are optimized via offline grid search, ensuring robust performance across diverse attack scenarios without introducing significant online computation.

The remainder of this paper is organized as follows. Section 2 introduces the background of the random access procedure in LEO satellite internet and the threat models of DoS and replay attacks. Section 3 details the proposed Attack-Aware Adaptive Backoff Indicator (AA-BI) mechanism. Section 4 presents the simulation setup and performance evaluation. Finally, Section 5 concludes the paper.

2. Materials and Methods

2.1. Random Access Procedure

Current random access protocols in LEO satellite internet systems support two distinct procedures: the 4-step random access and the 2-step random access [13], as illustrated in Figure 1.

In the 4-step random access procedure, Msg1—the initial transmission from the UE to the network—consists of a preamble sent via the PRACH [14]. After transmitting Msg1, the UE monitors for a response, Msg2, from the LEO satellite base station within a preconfigured time window. Msg2 allocates a temporary identifier and grants resources on the Physical Uplink Shared Channel (PUSCH) for the UE to transmit Msg3 [15]. Msg3 serves as the UE’s reply to Msg2 and includes a UE identifier for contention resolution. Finally, Msg4 is sent from the gNB to the UE in step 4, using the received UE ID to resolve contention that may arise when multiple pieces of UE select the same preamble in step 1. Thus, the 4-step procedure entails two round-trip exchanges between the gNB and UE, implemented via carefully designed control signaling [15].

In contrast, the 2-step random access procedure combines the preamble and payload into a single initial transmission, MsgA, which is transmitted over the PRACH and PUSCH, respectively. After sending MsgA, the UE waits within a configured window for the response message MsgB. If the UE successfully receives MsgB and correctly decodes the contention resolution information intended for it, the random access is considered successful. If MsgB is not received within the stipulated time or contains incorrect information, the access attempt is deemed unsuccessful. The UE then performs a backoff procedure based on the BI broadcast by the gNodeB, waiting for a specified interval before reattempting access [16]. In scenarios with a large number of units of UE, random access failures frequently occur due to repeated preamble collisions during signal transmission, increasing overall latency under congested conditions [17].

In the two-step random access procedure of LEO SI, preamble collision is a critical factor leading to network congestion. As shown in Figure 2, when multiple pieces of UE select the same preamble in the same Random Access Opportunity (RO), the time-frequency resources occupied by these preambles overlap, resulting in a collision. This collision makes it impossible for the base station to distinguish between the identities of the UE, thereby causing access failure. In such cases, the UE performs a backoff procedure according to the BI assigned by the base station and retries the access process after a randomly selected backoff time. However, when the number of units of UE in the network is large, this collision-triggered backoff and retry mechanism leads to frequent preamble collisions, which in turn exacerbates congestion during the random access procedure.

2.2. DoS and Replay Attacks

To comprehensively evaluate the robustness of the proposed mechanism in hostile environments, two typical attacks targeting the random access procedure are considered in this work:

• DoS Attack: Due to the limited computational power and bandwidth resources on satellites, DoS attacks can cause more severe damage—or even complete paralysis—to LEO satellite internet systems [18]. In this attack model, one or more malicious nodes (attackers) continuously transmit a large number of forged random access preambles over the PRACH. These preambles may be completely random or may mimic legitimate UE. The primary goal is to exhaust the limited resources of the PRACH, causing access requests from legitimate UE to fail due to either resource unavailability or collisions. In our model, the intensity of the DoS attack is quantified by P_dos, defined as the proportion of access requests sent by attackers within the total PRACH load. This attack significantly increases the collision probability on the channel, misleading conventional BI mechanisms into misjudging the network as experiencing high load, thereby inappropriately increasing the backoff window for all UEs.
• Replay Attack: The replay attack is a more stealthy form of assault. The attacker first intercepts legitimate MsgA transmissions from UE through eavesdropping or other means. At a later time, the attacker retransmits these intercepted legitimate messages into the PRACH. Since the MsgA itself is valid, this type of attack is more difficult to detect using traditional signature-based detection methods. The objective of the replay attack is to create artificial contention and collisions, disrupt the gNodeB’s assessment of channel status, and cause legitimate UE to fail during the contention resolution phase—thereby also increasing the channel collision rate. In our model, the intensity of the replay attack is quantified by P_rep, defined as the ratio of replayed access requests to the total PRACH load.

3. Attack-Aware Adaptive Backoff Indicator (AA-BI)

The core design principle of traditional backoff mechanisms can be summarized as a collision–backoff model. In the BEB algorithm, after each failed access attempt, the UE randomly selects a backoff interval based on the BI, resulting in an exponentially increasing backoff window. Before any transmission attempt, two parameters are initialized: the CW and the Backoff Exponent (BE). The following symbols are used in the description of the backoff algorithms: BE denotes the Backoff Exponent; W_min and W_max are the minimum and maximum bounds of the backoff window, respectively. Subsequently, the node’s backoff window W is randomly chosen from the interval [W_min, W_max] [8]:

$$\left\{\begin{array}{l}W=2^{BE}\in \left[W_{\min },W_{\max }\right]\\ BE\in \left[B{E}_{\min },B{E}_{\max }\right]\end{array}\right..$$

(1)

while this mechanism performs acceptably in stable network environments with low collision probability—as it reduces the likelihood of repeated collisions by randomizing retransmission times—it lacks adaptability under dynamic or malicious conditions. The I-ABA advances beyond standard BEB by continuously adjusting the contention window size in response to collisions on the wireless medium. Instead of using deterministic exponential increments, I-ABA employs the collision probability (P_C) as a feedback metric to proactively control the contention window size. The mathematical expression for updating the contention window is given as follows [9]:

$$\left\{\begin{array}{l}W=h\left(P_C\right)W_{\max }\\ h\left(P_C\right)=\left(5.18 \times P_C^2\right)-\left(0.65 \times P_C\right)+0.05\end{array}\right..$$

(2)

The h(P_C) is a curve-fitted function that maps the collision probability to a CW scaling factor, proposed in [9].

However, in highly dynamic and vulnerable environments such as LEO-NTN, the limitations of the collision–backoff model become evident. Most notably, it fails to distinguish the root cause of collisions. An access failure may result either from accidental collisions between legitimate UE or from fabricated conflicts generated by malicious attackers. Treating these two scenarios identically leads to inappropriate responses: under attack conditions, legitimate pieces of UE are misguided into excessive backoff periods, while attackers can exploit this behavior to persistently generate collisions and disrupt network access.

To overcome this fundamental flaw, the proposed AA-BI mechanism introduces a Threat-Backoff model. The core idea is to base backoff decisions not solely on the singular and ambiguous metric of collision, but on a more comprehensive and dynamic threat-aware system. To enable holistic assessment of the network state, an Effective Threat Intensity, denoted as P_eff is defined. This metric integrates three core components: the collision probability P_c, the DoS attack intensity P_dos, and the replay attack intensity P_rep. The mathematical expression is given as follows:

$$P_{eff}=P_c+P_{dos}+P_{rep}.$$

(3)

The gNB broadcasts this quantified threat intensity, enabling all pieces of UE to dynamically adjust their backoff window size accordingly. To achieve a smooth and responsive mapping, a Sigmoid function is adopted as the core mapping model. The Sigmoid function was selected for its ideal properties that match our design goals: (1) Its S-shaped curve provides a smooth, non-linear transition from a small backoff window under low-threat conditions to a large window under high-threat conditions, ensuring system stability; (2) Its bounded output between 0 and 1 naturally constrains the scaling factor for the backoff window within a defined range; (3) Its tunable parameters (k and x₀) allow the sensitivity and activation threshold of the response to be optimized for different network scenarios. See Figure 3.

By taking P_eff as input, the mapping model operates as follows: when the network threat is low (P_eff close to 0), the backoff window remains at a small baseline value to ensure low access latency; as the threat intensity exceeds a certain threshold, the backoff window increases rapidly to effectively mitigate congestion and attacks; under very high threat intensity, the backoff window approaches its maximum value to protect the network to the greatest extent. The mapping function can be expressed as

$$f\left(P_{eff}\right)={\displaystyle \frac{1}{\left(1+\exp \left(-k\times \left(P_{eff}-x_0\right)\right)\right)}}.$$

(4)

The k is the sensitivity coefficient that determines how rapidly the backoff window increases with the threat intensity—a larger k results in a faster expansion of the backoff window for the same increase in threat level. The parameter x₀ represents the activation threshold, indicating the critical point at which the system transitions from a light-load to a heavy-load state. When the comprehensive threat intensity remains below x₀, the backoff window stays close to its minimum value. Once the intensity exceeds x₀, the window increases sigmoidally with the threat level, enabling a smooth transition that ensures low latency under low threat and strong backoff under high threat. The final backoff window is thus given by

$${\mathrm{W}=\mathrm{W}}_{\min }+\left({\mathrm{W}}_{\max }-{\mathrm{W}}_{\min }\right)\times f(P_{eff}).$$

(5)

To illustrate the mechanism’s operation, consider a network initially in a benign state with a low composite threat level, e.g., P_eff = 0.1. The Sigmoid function maps this value to a small output, resulting in a backoff window close to the minimum size W_min, thus prioritizing low access latency. Now, suppose a DoS attack commences, causing the perceived threat intensity to rise sharply to P_eff = 0.6. The Sigmoid function now outputs a significantly larger value, leading to a rapid expansion of the backoff window. This adaptive response forces all UE—legitimate and malicious—to wait for a longer, randomized duration before retrying access. While this temporarily increases latency for legitimate users, it effectively throttles the overall access rate, starving the attacker of the persistent channel congestion it seeks to create. Consequently, the network stabilizes, and the likelihood of successful access for legitimate UE after the backoff period is significantly improved.

This shift from a collision-based to a threat-driven approach equips the backoff mechanism with context-awareness. It enables the system to understand the current network condition and respond more intelligently: under normal high-load scenarios, it moderately increases backoff, while under attack conditions, it rapidly and decisively elevates backoff intensity. This effectively suppresses malicious traffic and safeguards the random access process for legitimate users. The detailed algorithm is described in Algorithm 1.

Algorithm 1: Attack-Aware Adaptive Backoff Indicator (AA-BI)

Input: Collision probability Pc, DoS attack intensity Pdos, Replay attack intensity Prep, sensitivity coefficient k, activation threshold x0, minimum backoff window Wmin, maximum backoff window Wmax

Output: Backoff window W for each UE

//gNodeB side: 1. Monitor the random access channel and 2. Estimate Pc, Pdos, Prep. 3. Compute the composite threat intensity Peff = Pc + Pdos + Prep. 4. Broadcast Peff to all User Equipments (UEs) within the coverage area.

//UE side: 5. Upon receiving Peff from gNodeB: 6. Calculate the Sigmoid mapping factor: f(Peff) = 1/(1 + exp(−k ∗ (Peff − x0))) 7. Determine the backoff window: W = Wmin + (Wmax − Wmin) ∗ f(Peff) 8. Select a random backoff time uniformly from [0, W] 9. Wait for the backoff time before initiating a new access attempt.

4. Performance Evaluation and Simulation Analysis

4.1. Simulation Environment and Parameter Design

To validate the effectiveness of the proposed AA-BI mechanism, a simulation platform was constructed based on the provided MATLAB 2025a code. The platform emulates a LEO-NTN scenario involving multiple pieces of UE and conducts a comparative analysis of the performance of different backoff mechanisms under both DoS and Replay attacks. Key parameters used in the simulations are summarized in

Table 1. Simulation Parameters.

Parameter	Description	Value
N	Total number of units of UE in the network	200–800
BE	Backoff Exponent	3–11
Wmin	Minimum backoff window	8
Wmax	Maximum backoff window	2048
k	Sensitivity coefficient	0–20
x0	Activation threshold	0–0.05
Pdos	DoS attack intensity	0–0.3
Prep	replay attack intensity	0–0.1

.

4.2. Evaluation Metrics

This section aims to rigorously evaluate the performance of the proposed AA-BI mechanism through simulation. The choice of evaluation metrics directly corresponds to the core objectives of this paper: ensuring the success rate and robustness of the two-step random access process under malicious attack conditions. The Access Success Rate (ASR) is defined as the probability that UE successfully accesses the satellite internet network upon its first attempt. It serves as the primary metric, directly measuring the likelihood that a legitimate UE can access the network successfully in the presence of collisions and attacks, reflecting the ultimate effectiveness of the scheme. This metric is crucial for evaluating access efficiency and user experience, requiring the simultaneous fulfillment of two conditions: (1) winning the channel contention, and (2) avoiding any malicious attacks. A high ASR indicates that UE can access the network quickly and reliably. In the simulation, the ASR is calculated using the following formula:

$$ASR=\left(1-{\mathrm{P}}_{\mathrm{c}}-{\mathrm{P}}_{\mathrm{rep}}\right)\times \left(1-{\mathrm{P}}_{\mathrm{j}}\right),$$

(6)

where the channel collision probability P_c is expressed as

$${\mathrm{P}}_{\mathrm{c}}=1-{(1-\tau )}^{N-1}.$$

(7)

In this expression, τ represents the transmission probability of a node (determined by the steady-state equation under different network conditions), and N denotes the total number of nodes. Figure 4 shows the variation in τ with N.

The joint attack probability P_j, which combines the intensity of DoS attacks P_dos and Replay attacks P_rep, is defined as

$$P_j=P_{dos}+P_{rep}\times \left(1-P_{dos}\right).$$

(8)

The JRR is an evaluation metric built upon the ASR that further incorporates network jitter and stability. It employs an exponential decay factor to adapt to high-collision and high-attack scenarios, making it more sensitive to fluctuations in network performance. A high JRR value indicates not only a high ASR but also a relatively stable network environment. In the simulation, the JRR is calculated as follows:

$$JRR=\exp \left(-P_c-P_{dos}\right)\times \left(1-P_{rep}\right).$$

(9)

4.3. Compared Algorithms

To thoroughly evaluate the performance of the proposed AA-BI mechanism, we compare it with two representative backoff algorithms: the conventional Binary Exponential Backoff (BEB) and the recent Improved Adaptive Backoff Algorithm (I-ABA). These algorithms are chosen to represent different generations of backoff strategies, from the classic approach to a more advanced adaptive method. A brief description of each algorithm is provided below.

BEB is the fundamental backoff algorithm used in many standards, such as IEEE 802.11 and Ethernet. Upon a collision, the node doubles its CW size, thus exponentially increasing the backoff duration. The backoff window W is chosen uniformly from [0, W − 1], where CW is initially set to a minimum value (W_min) and doubles after each collision until it reaches a maximum value (W_max). This mechanism aims to reduce the probability of repeated collisions by spreading out retransmissions. However, BEB is known to suffer from high latency and low efficiency under heavy load conditions because it cannot adapt to the current network state beyond the binary exponential increase.

I-ABA is an adaptive backoff algorithm proposed by Khanafer et al. [9] that aims to optimize channel utilization by dynamically adjusting the contention window based on the collision probability. Instead of using a fixed exponential increase, I-ABA uses a quadratic function to map the collision probability (Pc) to a scaling factor for the contention window, with the variation pattern shown in Formula (2). This design allows I-ABA to achieve smoother and more efficient channel utilization under dynamic network loads, as demonstrated in large-scale Wireless Body Area Networks (WBANs). However, a key limitation of I-ABA, which our work addresses, is that its adaptation is driven solely by the aggregate collision probability.

The selection of these two algorithms establishes a rigorous benchmark. BEB serves as a baseline for traditional, non-adaptive methods, while I-ABA represents the performance ceiling of modern, collision probability-based adaptive algorithms.

4.4. Analysis of Simulation Results

To provide a comprehensive analysis of the performance of the AA-BI algorithm and the I-ABA algorithm under different attack combinations, this section presents heatmaps illustrating the ASR and JRR. These heatmaps reflect the variations in ASR or JRR under different DoS attack probabilities (P_dos) and Replay attack probabilities (P_rep).

Figure 5 and Figure 6 present heatmaps of the ASR for the AA-BI and I-ABA algorithms, respectively. The color bar represents the value of the performance metric, with a transition from blue to red indicating an increase in the metric value. The color gradient in the heatmaps reveals the vulnerability of the network under varying attack intensities. Specifically, the AA-BI algorithm maintains high ASR values under low to moderate Replay attack probabilities (P_rep from 0 to 0.06) and DoS attack probabilities (P_dos from 0 to 0.2), with the corresponding regions in the heatmap predominantly appearing red and yellow. In contrast, the heatmap for the I-ABA algorithm is primarily dominated by blue and green hues, indicating lower performance. Under the specific condition of P_rep = 0.02 and P_dos = 0.05, the ASR of AA-BI reaches approximately 0.8, while that of I-ABA decreases to 0.55. Furthermore, AA-BI demonstrates significantly superior performance compared to I-ABA even under extreme conditions with higher attack probabilities.

Figure 7 and Figure 8 present heatmaps of the JRR for the AA-BI and I-ABA algorithms under varying attack probabilities. In regions with low attack probability (P_rep < 0.04 and P_dos < 0.15), the JRR values of AA-BI generally exceed 0.7, while those of I-ABA remain around 0.6. Under high attack probability conditions (P_rep approaching 0.1 and P_dos approaching 0.3), the JRR of AA-BI decreases to approximately 0.45, whereas that of I-ABA drops further to 0.4. These results demonstrate that the AA-BI algorithm achieves a higher JRR across a wide range of attack probabilities, maintaining stronger interference resistance under more challenging conditions. This capability is crucial for enhancing network stability and reliability.

Subsequently, this section compares the performance of four different backoff mechanisms under varying attack intensities. The attack scenario is configured such that the Replay attack intensity is one-third of the DoS attack intensity, with the DoS attack intensity P_dos increasing gradually from 0 to 0.3. Figure 9 and Figure 10 illustrate the trends in ASR and JRR, respectively, as functions of P_dos for the AA-BI algorithm (including two curves: “opt” representing optimal sensitivity coefficient and activation threshold, and “def” representing default parameters), the I-ABA algorithm, and the BEB algorithm.

Figure 9 demonstrates that the AA-BI(opt) algorithm achieves the highest ASR across all tested conditions, with its curve consistently remaining above the other three, indicating a significant advantage in random access performance. In contrast, the I-ABA and BEB algorithms exhibit lower ASR values, revealing their vulnerability under attack conditions. At low DoS attack probabilities, such as P_dos = 0.05, the ASR of AA-BI(opt) reaches 0.776, while the ASR values of AA-BI(def), I-ABA, and BEB are 0.723, 0.639, and 0.526, respectively. This indicates that AA-BI(opt) achieves ASR values 7.3%, 21.4%, and 47.5% higher than AA-BI(def), I-ABA, and BEB, respectively, under low-attack conditions. As P_dos increases to 0.3, the ASR of AA-BI(opt) remains at 0.473, while the ASR of AA-BI(def) and I-ABA decline to 0.465 and 0.378, respectively, and the ASR of BEB further decreases to 0.302. Under this high-attack condition, the ASR of AA-BI(opt) is 1.7%, 25.1%, and 56.6% higher than that of AA-BI(def), I-ABA, and BEB, respectively.

Figure 10 further confirms the superior performance of the AA-BI(opt) algorithm in terms of JRR. Under low P_dos conditions, such as P_dos = 0.05, the JRR of AA-BI(opt) reaches 0.852, while the JRR values of AA-BI(def), I-ABA, and BEB are 0.798, 0.742, and 0.657, respectively. This indicates that AA-BI(opt) achieves a JRR that is 6.8%, 14.8%, and 29.7% higher than that of AA-BI(def), I-ABA, and BEB under low-attack conditions. As P_dos increases to 0.15, the JRR of AA-BI(opt) remains at 0.662, while the JRR of I-ABA and AA-BI(def) decrease to 0.640 and 0.569, respectively, and the JRR of BEB further declines to 0.504. Under high-attack conditions (P_dos = 0.3), the JRR of AA-BI(opt) is approximately 1.2%, 16.3%, and 31.3% higher than that of AA-BI(def), I-ABA, and BEB, respectively.

With the number of random access users fixed at N = 200, the AA-BI(opt) algorithm demonstrates significant advantages in both key performance metrics—Access Success Rate and Jamming Resilience Rate—particularly under high-attack scenarios, where the performance improvement is most pronounced. These results underscore the potential and importance of AA-BI(opt) in the design of secure and reliable wireless communication networks.

Figure 11 and Figure 12 present the variation curves of the ASR and JRR for the four backoff algorithms—I-ABA, AA-BI(opt), AA-BI(def), and BEB—as the number of units of UE increases from 100 to 800, under fixed attack intensities (P_dos = 0.15, P_rep = 0.05).

Figure 11 shows that as the number of units of UE increases, the ASR of all algorithms exhibits a monotonic decreasing trend, reflecting the combined impact of intensified channel contention and rising collision probability. Notably, AA-BI(opt) consistently maintains the highest ASR. Particularly when the number of units of UE reaches 800, its ASR remains at 0.498, outperforming I-ABA (0.486), AA-BI(def) (0.446), and BEB (0.161). This result demonstrates that AA-BI(opt), leveraging its threat-aware dynamic window adjustment mechanism, sustains superior ASR even under high user load.

In terms of JRR performance, as illustrated in Figure 12, AA-BI(opt) also exhibits outstanding stability, leading across the entire range of UE numbers. When the number of units of UE reaches 500, the JRR of AA-BI(opt) is 0.588, approximately 10.1%, 2.4%, and 37.1% higher than that of I-ABA (0.534), AA-BI(def) (0.574), and BEB (0.429), respectively. Moreover, as the number of units of UE continues to increase, the decline rate of JRR for I-ABA and AA-BI(def) is significantly steeper than that of AA-BI(opt), further highlighting the latter’s comprehensive advantage in jointly addressing network congestion and malicious attacks.

In summary, the AA-BI(opt) algorithm achieves optimal performance in both ASR and JRR, with its advantages becoming more pronounced as the user scale expands. By integrating multi-source threat indicators and a non-linear mapping strategy, it effectively enhances both access success and system robustness, providing a reliable solution for LEO satellite internet access scenarios characterized by high user load and strong attack intensity.

To ensure a comprehensive evaluation, the proposed AA-BI mechanism is compared against two prominent backoff algorithms: (1) Binary Exponential Backoff (BEB): The classic algorithm that exponentially increases the contention window after a collision. (2) Improved Adaptive Backoff Algorithm (I-ABA): A state-of-the-art adaptive algorithm that adjusts the contention window based on collision probability using a quadratic function.

5. Conclusions

This paper proposed an Attack-Aware Adaptive Backoff Indicator (AA-BI) mechanism to enhance the security and robustness of the two-step random access process in LEO Satellite Internet. The core innovation lies in a paradigm shift from a conventional collision-driven backoff model to a threat-aware model. By constructing a composite threat intensity metric (P_eff) that integrates collision probability, DoS attack strength, and replay attack intensity, AA-BI enables a more accurate assessment of the network state. The subsequent mapping of this threat level to a dynamic backoff window via a tunable Sigmoid function allows for intelligent adaptation: it maintains low latency under benign conditions while triggering rapid, decisive backoff to suppress malicious traffic under attack.

Simulation results demonstrate the superior performance of the proposed AA-BI mechanism. Under both high-attack and high-load scenarios, AA-BI significantly outperforms the I-ABA and BEB benchmarks in terms of ASR and JRR. These performance gains are a direct consequence of the threat-aware design. The mechanism effectively protects legitimate UE by preventing the misclassification of malicious collisions as mere network congestion, thereby avoiding the excessive backoff penalties that traditional algorithms impose on honest users. The consistent performance advantage across varying network scales and attack intensities confirms the strong adaptability and reliability of AA-BI.

The proposed mechanism, with its low-complexity and offline-optimized parameters, provides an efficient solution for securing random access in vulnerable LEO-NTN environments. Future work will explore the online adaptive optimization of key parameters and the design of cross-layer collaborative defense mechanisms to further strengthen network resilience. Future work will focus on online adaptive optimization of key parameters and the design of cross-layer collaborative defense mechanisms.