当前位置: X-MOL 学术IEEE Trans. Netw. Serv. Manag. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Per-Host DDoS Mitigation by Direct-Control Reinforcement Learning
IEEE Transactions on Network and Service Management ( IF 5.3 ) Pub Date : 2020-03-01 , DOI: 10.1109/tnsm.2019.2960202
Kyle A. Simpson , Simon Rogers , Dimitrios P. Pezaros

DDoS attacks plague the availability of online services today, yet like many cybersecurity problems are evolving and non-stationary. Normal and attack patterns shift as new protocols and applications are introduced, further compounded by burstiness and seasonal variation. Accordingly, it is difficult to apply machine learning-based techniques and defences in practice. Reinforcement learning (RL) may overcome this detection problem for DDoS attacks by managing and monitoring consequences; an agent’s role is to learn to optimise performance criteria (which are always available) in an online manner. We advance the state-of-the-art in RL-based DDoS mitigation by introducing two agent classes designed to act on a per-flow basis, in a protocol-agnostic manner for any network topology. This is supported by an in-depth investigation of feature suitability and empirical evaluation. Our results show the existence of flow features with high predictive power for different traffic classes, when used as a basis for feedback-loop-like control. We show that the new RL agent models can offer a significant increase in goodput of legitimate TCP traffic for many choices of host density.

中文翻译:

通过直接控制强化学习缓解每主机 DDoS

DDoS 攻击困扰着当今在线服务的可用性,但就像许多网络安全问题一样,它在不断发展且不稳定。随着新协议和应用程序的引入,正常和攻击模式会发生变化,突发性和季节性变化进一步加剧。因此,很难在实践中应用基于机器学习的技术和防御。强化学习 (RL) 可以通过管理和监控后果来克服 DDoS 攻击的检测问题;代理的作用是学习以在线方式优化性能标准(始终可用)。我们通过引入两个代理类来推进基于 RL 的 DDoS 缓解的最新技术,这些代理类旨在针对任何网络拓扑以与协议无关的方式在每个流的基础上行动。这得到了对特征适用性和经验评估的深入调查的支持。我们的结果表明,当用作类似反馈回路的控制的基础时,存在对不同流量类别具有高预测能力的流特征。我们表明,对于许多主机密度选择,新的 RL 代理模型可以显着增加合法 TCP 流量的吞吐量。
更新日期:2020-03-01
down
wechat
bug