Per-host DDoS mitigation by direct-control reinforcement learning

Simpson, K. A. , Rogers, S. and Pezaros, D. P. (2020) Per-host DDoS mitigation by direct-control reinforcement learning. IEEE Transactions on Network and Service Management, 17(1), pp. 103-117. (doi: 10.1109/TNSM.2019.2960202)

205890.pdf - Accepted Version



DDoS attacks plague the availability of online services today, yet like many cybersecurity problems are evolving and non-stationary. Normal and attack patterns shift as new protocols and applications are introduced, further compounded by burstiness and seasonal variation. Accordingly, it is difficult to apply machine learning-based techniques and defences in practice. Reinforcement learning (RL) may overcome this detection problem for DDoS attacks by managing and monitoring consequences; an agent’s role is to learn to optimise performance criteria (which are always available) in an online manner. We advance the state-of-the-art in RL-based DDoS mitigation by introducing two agent classes designed to act on a per-flow basis, in a protocol-agnostic manner for any network topology. This is supported by an in-depth investigation of feature suitability and empirical evaluation. Our results show the existence of flow features with high predictive power for different traffic classes, when used as a basis for feedback-loop-like control. We show that the new RL agent models can offer a significant increase in goodput of legitimate TCP traffic for many choices of host density.

Item Type:Articles
Additional Information:This work has also been supported by the European Cooperation in Science and Technology (COST) Action CA15127: RECODIS.
Glasgow Author(s) Enlighten ID:Simpson, Dr Kyle and Pezaros, Professor Dimitrios and Rogers, Dr Simon
Authors: Simpson, K. A., Rogers, S., and Pezaros, D. P.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:IEEE Transactions on Network and Service Management
ISSN (Online):1932-4537
Published Online:17 December 2019
Copyright Holders:Copyright © 2019 IEEE
First Published:First published in IEEE Transactions on Network and Service Management 17(1): 103-117
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
172865EPSRC DTP 16/17 and 17/18Tania GalabovaEngineering and Physical Sciences Research Council (EPSRC)EP/N509668/1Research and Innovation Services
172888Network Measurement as a Service (MaaS)Dimitrios PezarosEngineering and Physical Sciences Research Council (EPSRC)EP/N033957/1Computing Science
173446FRuIT: The Federated RaspberryPi Micro-Infrastructure TestbedJeremy SingerEngineering and Physical Sciences Research Council (EPSRC)EP/P004024/1Computing Science