RL-Shield: Mitigating Target Link-Flooding Attacks Using SDN and Deep Reinforcement Learning Routing Algorithm

Amir Rezapour*, Wen Guey Tzeng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

11 Scopus citations

Abstract

Link-flooding attacks (LFAs) are a new type of distributed denial-of-service (DDoS) attacks that can substantially damage network connectivity. LFAs flows are seemingly legitimate at the origin. But their cumulative volume at critical links causes congestion. We propose RL-Shield, a reinforcement learning based defense system against LFAs. It mitigates LFAs and, at the same time, effectively forwards data traffic in the network. RL-Shield introduces a new detection algorithm for monitoring IP behaviors using the Dirichlet distribution and Bayesian statistics. It monitors the interplay of LFAs and traffic engineering and identifies source IPs that persistently react to re-routing events. The detection algorithm controls two reinforcement learning based routing algorithms that use a hop-by-hop technique to connect related node pairs.We evaluate RL-Shield on various network topologies by simulating several attack strategies. The simulation results demonstrate the effectiveness and high-accuracy of RL-Shield.

Original languageEnglish
Pages (from-to)4052-4067
Number of pages16
JournalIEEE Transactions on Dependable and Secure Computing
Volume19
Issue number6
DOIs
StatePublished - 2022

Keywords

  • DDoS
  • Link-flooding attacks
  • deep reinforcement learning
  • routing algorithm
  • software defined networks

Fingerprint

Dive into the research topics of 'RL-Shield: Mitigating Target Link-Flooding Attacks Using SDN and Deep Reinforcement Learning Routing Algorithm'. Together they form a unique fingerprint.

Cite this