Deep Reinforcement Learning based Smart Mitigation of DDoS Flooding in Software-Defined Networks

Distributed Denial-of-Service (DDoS) flooding attack has remained as one of the most destructive attacks for more than two decades. Although great efforts have been made to design the defense mechanism, it is still difficult to mitigate these attacks in real time smartly and effectively for the reason that attack traffic may mix with benign traffic. Software-Defined Networks (SDN) decouples control and data plane in the network. Its centralized control paradigm and global view of the network bring some new chances to enhance the defense ability against network attacks. In this paper, we propose a deep reinforcement learning based framework, which can smartly learn the optimal mitigation policies under different attack scenarios and mitigate the DDoS flooding attack in real time. This framework is an effective system to defend against a wide range of DDoS flooding attacks such as TCP SYN, UDP, and ICMP flooding. It can intelligently learn the patterns of attack traffic and throttle the attack traffic, while the traffic of benign users is forwarded normally. We compare our proposed framework with a baseline along with a popular state-of-the-art router throttling method. The experimental results show that our approach can outperform both of them in five attacking scenarios with different attack dynamics significantly.

[1]  Kpatcha M. Bayarou,et al.  OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[2]  Yang Xu,et al.  DDoS attack detection under SDN context , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[3]  Yixin Chen,et al.  FADM: DDoS Flooding Attack Detection and Mitigation System in Software-Defined Networking , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[4]  Mianxiong Dong,et al.  FCSS: Fog-Computing-based Content-Aware Filtering for Security Services in Information-Centric Social Networks , 2019, IEEE Transactions on Emerging Topics in Computing.

[5]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[6]  Jun Xu,et al.  IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[7]  Bo Zhao,et al.  Detecting and Mitigating Target Link-Flooding Attacks Using SDN , 2019, IEEE Transactions on Dependable and Secure Computing.

[8]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[9]  Michael K. Reiter,et al.  Defending against denial-of-service attacks with puzzle auctions , 2003, 2003 Symposium on Security and Privacy, 2003..

[10]  Jianhua Li,et al.  Big Data Analysis-Based Secure Cluster Management for Optimized Control Plane in Software-Defined Networks , 2018, IEEE Transactions on Network and Service Management.

[11]  Jianhua Li,et al.  Big Data Analysis-Based Security Situational Awareness for Smart Grid , 2018, IEEE Transactions on Big Data.

[12]  Daniel Kudenko,et al.  Distributed response to network intrusions using multiagent reinforcement learning , 2015, Eng. Appl. Artif. Intell..

[13]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.