Application-Layer DDoS Defense with Reinforcement Learning

Feng, Yebo; Li, Jun; Nguyen, Thanh H.

doi:10.1109/iwqos49365.2020.9213026

Cited by 17 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…where x i denotes the attack level in host i, β i denotes the attack rate, δ i denotes the defense rate, and E ij denotes the edge weights between hosts. Afterward, we apply Euler's method [60] to Equation (20) to derive the second discrete-time model with time index m and a random sample Z > 0 as:…”

Section: Visual Displaymentioning

confidence: 99%

See 1 more Smart Citation

Data-Driven Network Anomaly Detection with Cyber Attack and Defense Visualization

Muhati,

Rawat

2024

JCP

View full text Add to dashboard Cite

The exponential growth in data volumes, combined with the inherent complexity of network algorithms, has drastically affected network security. Data activities are producing voluminous network logs that often mask critical vulnerabilities. Although there are efforts to address these hidden vulnerabilities, the solutions often come at high costs or increased complexities. In contrast, the potential of open-source tools, recognized for their security analysis capabilities, remains under-researched. These tools have the potential for detailed extraction of essential network components, and they strengthen network security. Addressing this gap, our paper proposes a data analytics-driven network anomaly detection model, which is uniquely complemented with a visualization layer, making the dynamics of cyberattacks and their subsequent defenses distinctive in near real-time. Our novel approach, based on network scanning tools and network discovery services, allows us to visualize the network based on how many IP-based networking devices are live, then we implement a data analytics-based intrusion detection system that scrutinizes all network connections. We then initiate mitigation measures, visually distinguishing malicious from benign connections using red and blue hues, respectively. Our experimental evaluation shows an F1 score of 97.9% and a minimal false positive rate of 0.3% in our model, demonstrating a marked improvement over existing research in this domain.

show abstract

Section: Visual Displaymentioning

confidence: 99%

“…Addressing SYN-ACK-based attacks is a topic of much debate. The brute-force method, as described in [20], aims to inflate the data structure for TCP connections awaiting acknowledgment, making it cumbersome for average attacker requests to sustain bandwidth constraints. While effective, this method is not without its pitfalls.…”

mentioning

confidence: 99%

Data-Driven Network Anomaly Detection with Cyber Attack and Defense Visualization

Muhati,

Rawat

2024

JCP

View full text Add to dashboard Cite

show abstract

“…Feng et al [9] propose a reinforcement-learning-based model to detect and mitigate App-DDoS attacks. The model is continuously trained with various metrics related to the server's load, the dynamic behaviors of clients, and the network load of the victim.…”

Section: B Machine-learning Based Techniquesmentioning

confidence: 99%

Application Layer DDoS Attack Detection Using Cuckoo Search Algorithm-Trained Radial Basis Function

2022

View full text Add to dashboard Cite

In an application-layer distributed denial of service (App-DDoS) attack, zombie computers bring down the victim server with valid requests. Intrusion detection systems (IDS) cannot identify these requests since they have legal forms of standard TCP connections. Researchers have suggested several techniques for detecting App-DDoS traffic. There is, however, no clear distinction between legitimate and attack traffic. In this paper, we go a step further and propose a Machine Learning (ML) solution by combining the Radial Basis Function (RBF) neural network with the cuckoo search algorithm to detect App-DDoS traffic. We begin by collecting training data and cleaning them, then applying data normalizing and finding an optimal subset of features using the Genetic Algorithm (GA). Next, an RBF neural network is trained by the optimal subset of features and the optimizer algorithm of cuckoo search. Finally, we compare our proposed technique to the well-known k-nearest neighbor (k-NN), Bootstrap Aggregation (Bagging), Support Vector Machine (SVM), Multi-layer Perceptron) MLP, and (Recurrent Neural Network) RNN methods. Our technique outperforms previous standard and well-known ML techniques as it has the lowest error rate according to error metrics. Moreover, according to standard performance metrics, the results of the experiments demonstrate that our proposed technique detects App-DDoS traffic more accurately than previous techniques.

show abstract

“…Other techniques have been proposed to protect disadvantageous cyber systems from falling victim to resourceful and determined attacks such as Distributed Denial-of-Service (DDoS) or powerful jamming attacks. For example, [55] mitigates DDoS Flooding in Software-Defined Networks; [69] introduces a multi-objective reward function to guide an RL agent to learn the most suitable action in mitigating application-layer DDoS attacks; [70] proposes a feature adaption RL approach based on the space-time flow regularities in IoV for DDoS mitigation. Among the works of RL for DDoS attack, there has been recent attention on large-scale solution [54,53] via cooperative RL, low-rate attacks in the edge environment [71], and sparse constraint in cloud computing [72].…”

Section: Posture-related Vulnerabilitymentioning

confidence: 99%

Reinforcement Learning for Feedback-Enabled Cyber Resilience

Huang¹,

Huang²,

Zhu³

2021

Preprint

View full text Add to dashboard Cite

The rapid growth in the number of devices and their connectivity has enlarged the attack surface and made cyber systems more vulnerable. As attackers become increasingly sophisticated and resourceful, mere reliance on traditional cyber protection, such as intrusion detection, firewalls, and encryption, is insufficient to secure the cyber systems. Cyber resilience provides a new security paradigm that complements inadequate protection with resilience mechanisms. A Cyber-Resilient Mechanism (CRM) adapts to the known or zero-day threats and uncertainties in real-time and strategically responds to them to maintain the critical functions of the cyber systems in the event of successful attacks. Feedback architectures play a pivotal role in enabling the online sensing, reasoning, and actuation process of the CRM. Reinforcement Learning (RL) is an important class of algorithms that epitomize the feedback architectures for cyber resiliency. It allows the CRM to provide dynamic and sequential responses to attacks with limited or without prior knowledge of the environment and the attacker. In this work, we review the literature on RL for cyber resiliency and discuss the cyber-resilient defenses against three major types of vulnerabilities, i.e., posture-related, information-related, and human-related vulnerabilities. We introduce moving target defense, defensive cyber deception, and assistive human security technologies as three application domains of CRMs to elaborate on their designs. The RL algorithms also have vulnerabilities themselves. We explain the major vulnerabilities of RL and present works that develop several attack models, in which the attacks target the rewards, the state observations, and the action commands. We show that the attacker can trick the RL agent into learning a nefarious policy with minimum attacking effort. We discuss the potential defense methods to secure them and find that there is a lack of works focusing on the defensive mechanisms for RL-enabled systems. Finally, we discuss the future challenges of RL for cyber security and resiliency and emerging applications of RL-based CRMs.

show abstract

Application-Layer DDoS Defense with Reinforcement Learning

Cited by 17 publications

References 20 publications

Data-Driven Network Anomaly Detection with Cyber Attack and Defense Visualization

Data-Driven Network Anomaly Detection with Cyber Attack and Defense Visualization

Application Layer DDoS Attack Detection Using Cuckoo Search Algorithm-Trained Radial Basis Function

Reinforcement Learning for Feedback-Enabled Cyber Resilience

Contact Info

Product

Resources

About