Enlighten Publications

In this section

Per-host DDoS mitigation by direct-control reinforcement learning

Simpson, K. A. , Rogers, S. and Pezaros, D. P. (2020) Per-host DDoS mitigation by direct-control reinforcement learning. IEEE Transactions on Network and Service Management, 17(1), pp. 103-117. (doi: 10.1109/TNSM.2019.2960202)

Preview

Text
205890.pdf - Accepted Version
833kB

Abstract

DDoS attacks plague the availability of online services today, yet like many cybersecurity problems are evolving and non-stationary. Normal and attack patterns shift as new protocols and applications are introduced, further compounded by burstiness and seasonal variation. Accordingly, it is difficult to apply machine learning-based techniques and defences in practice. Reinforcement learning (RL) may overcome this detection problem for DDoS attacks by managing and monitoring consequences; an agent’s role is to learn to optimise performance criteria (which are always available) in an online manner. We advance the state-of-the-art in RL-based DDoS mitigation by introducing two agent classes designed to act on a per-flow basis, in a protocol-agnostic manner for any network topology. This is supported by an in-depth investigation of feature suitability and empirical evaluation. Our results show the existence of flow features with high predictive power for different traffic classes, when used as a basis for feedback-loop-like control. We show that the new RL agent models can offer a significant increase in goodput of legitimate TCP traffic for many choices of host density.

Item Type:	Articles
Additional Information:	This work has also been supported by the European Cooperation in Science and Technology (COST) Action CA15127: RECODIS.
Status:	Published
Refereed:	Yes
Glasgow Author(s) Enlighten ID:	Simpson, Dr Kyle and Pezaros, Professor Dimitrios and Rogers, Dr Simon
Authors:	Simpson, K. A., Rogers, S., and Pezaros, D. P.
College/School:	College of Science and Engineering > School of Computing Science
Journal Name:	IEEE Transactions on Network and Service Management
Publisher:	IEEE
ISSN:	1932-4537
ISSN (Online):	1932-4537
Published Online:	17 December 2019
Copyright Holders:	Copyright © 2019 IEEE
First Published:	First published in IEEE Transactions on Network and Service Management 17(1): 103-117
Publisher Policy:	Reproduced in accordance with the copyright policy of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record

Funder and Project Information

Project Code	Project Name	Principal Investigator	Funder's Name	Funder Ref	Lead Dept
172865	EPSRC DTP 16/17 and 17/18	Tania Galabova	Engineering and Physical Sciences Research Council (EPSRC)	EP/N509668/1	Research and Innovation Services
172888	Network Measurement as a Service (MaaS)	Dimitrios Pezaros	Engineering and Physical Sciences Research Council (EPSRC)	EP/N033957/1	Computing Science
173446	FRuIT: The Federated RaspberryPi Micro-Infrastructure Testbed	Jeremy Singer	Engineering and Physical Sciences Research Council (EPSRC)	EP/P004024/1	Computing Science

Deposit and Record Details

ID Code:	205890
Depositing User:	Mr Matt Mahon
Datestamp:	16 Dec 2019 14:35
Last Modified:	24 Aug 2020 09:57
Date of acceptance:	11 December 2019
Date of first online publication:	17 December 2019
Date Deposited:	16 December 2019
Data Availability Statement:	No