ABSTRACT
This paper proposes a new adaptively distributed packet filtering mechanism to mitigate the DDoS attacks targeted at the victim's bandwidth. The mechanism employs IP traceback as a means of distinguishing attacks from legitimate traffic, and continuous action reinforcement learning automata, with an improved learning function, to compute effective filtering probabilities at filtering routers. The solution is evaluated through a number of experiments based on actual Internet data. The results show that the proposed solution achieves a high throughput of surviving legitimate traffic as a result of its high convergence speed, and can save the victim's bandwidth even in case of varying and intense attacks.
- Zubair B. Adi, E. and Philip H. 2017. Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services. Journal of Network and Computer Applications 91 (2017), 1--13. Google ScholarDigital Library
- A. Askey and R. Roy. 2010. Beta function. Cambridge University Press.Google Scholar
- CAIDA. 2004. CAIDA skitter map. (2004). http://www.caida.org/tools/measurement/skitter.Google Scholar
- M. S. Fallah and N. Kahani. 2014. TDPF: a traceback-based distributed packet filter to mitigate spoofed DDoS attacks. Security and Communication Networks 7, 2 (2014), 245--264. Google ScholarDigital Library
- V. A. Foroushani and A. N. Zincir-Heywood. 2014. TDFA: traceback-based defense against DDoS flooding attacks. In IEEE 28th International Conference on Advanced Information Networking and Applications (AINA). 597--604. Google ScholarDigital Library
- G. Frost. 1998. Stochastic optimization of vehicle suspension control systems via learning automata. Ph.D. Dissertation. Loughborough University.Google Scholar
- Chen Z. Li J. Hongbin, L. and Vasilakos A.V. 2017. Preventing distributed denial-of-service flooding attacks with dynamic path identifiers. IEEE Transactions on Information Forensics and Security 12, 8 (2017), 1801--1815. Google ScholarDigital Library
- M. Howell, G. Frost, T. Gordon, and Q. Wu. 1997. Continuous action reinforcement learning applied to vehicle suspension control. Journal of Mechatronics 7, 3 (1997), 263--276.Google ScholarCross Ref
- N. Kahani, S. Shiry, and M. Bagherzadeh. 2008. Detecting denial of service attacks utilizing machine learning methods. In International Conference on the Applications of Digital Information and Web Technologies (ICADIWT). IEEE.Google Scholar
- Khan S. Shams B. Khan, M. A. and J. Lloret. 2015. Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks. Security and Communication Networks 9, 15 (2015), 2715--2729. Google ScholarDigital Library
- R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxon, and S. Shenker. 2002. Controlling high bandwidth aggregates in the network. ACM SIGCOMM Computer Communication Review 32, 3 (2002), 62--73. Google ScholarDigital Library
- K.S. Narendra and M.A. Thathachar. 2012. Learning automata: an introduction. Courier Corporation (2012), 1--479.Google Scholar
- S. Ping and L. Moonchuen. 2004. IP traceback marking scheme based packets filtering mechanism. In Workshop on IP Operations and Management. IEEE, 253--260.Google Scholar
- M. Sung and J. Xu. 2003. IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. IEEE Transactions on Parallel and Distributed Systems 14, 9 (2003), 861--872. Google ScholarDigital Library
- A. Yaar, A. Perrig, and D. Song. 2005. FIT: fast Internet traceback. In IEEE INFOCOM. 1395--1406.Google Scholar
Index Terms
- A Reactive Defense Against Bandwidth Attacks Using Learning Automata
Recommendations
A Learning Automata Based Solution for Preventing Distributed Denial of Service in Internet of Things
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social ComputingInternet of Things (IoT) refers to the networked interconnection of everyday objects. IoT is an upcoming research field and is being regarded as the revolution in the world of communication because of its extensible applications in numerous fields. Due ...
Survey of network-based defense mechanisms countering the DoS and DDoS problems
This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. In this survey, we analyze the design decisions in the Internet that have created the potential for denial of service ...
Sustaining Availability of Web Services under Distributed Denial of Service Attacks
The recent tide of Distributed Denial of Service (DDoS) attacks against high-profile web sites demonstrate how devastating DDoS attacks are and how defenseless the Internet is under such attacks. We design a practical DDoS defense system that can ...
Comments