RL-Shield: Mitigating Target Link-Flooding Attacks using SDN and Deep Reinforcement Learning Routing Algorithm

Amir Rezapour, Wen Guey Tzeng

Research output: Contribution to journalArticlepeer-review

4 Scopus citations

Abstract

Link-flooding attacks (LFAs) are a new type of distributed denial-of-service (DDoS) attacks that can substantially damage network connectivity. LFAs flows are seemingly legitimate at the origin. But their cumulative volume at critical links causes congestion. We propose RL-Shield, a reinforcement learning based defense system against LFAs. It mitigates LFAs and, at the same time, effectively forwards data traffic in the network. RL-Shield introduces a new detection algorithm for monitoring IP behaviors using the Dirichlet distribution and Bayesian statistics. It monitors the interplay of LFAs and traffic engineering and identifies source IPs that persistently react to rerouting events. The detection algorithm controls two reinforcement learning based routing algorithms that use a hop-by-hop technique to connect related node pairs. We evaluate RL-Shield on various network topologies by simulating several attack strategies. The simulation results demonstrate the effectiveness and high-accuracy of RL-Shield.

Original languageEnglish
JournalIEEE Transactions on Dependable and Secure Computing
DOIs
StateAccepted/In press - 2021

Keywords

  • Bandwidth
  • DDoS
  • Deep Reinforcement Learning
  • Delays
  • Link-flooding Attacks
  • Monitoring
  • Network topology
  • Reinforcement learning
  • Routing
  • Routing Algorithm
  • Software Defined Networks
  • Throughput

Fingerprint

Dive into the research topics of 'RL-Shield: Mitigating Target Link-Flooding Attacks using SDN and Deep Reinforcement Learning Routing Algorithm'. Together they form a unique fingerprint.

Cite this