Abstract
The distributed denial of service (DDoS) attack is one of the most server threats to the current Internet and brings huge losses to society. Furthermore, it is challenging to defend DDoS due to the case that the DDoS traffic can appear similar to the legitimate ones. Router throttling is an accessible approach to defend DDoS attacks. Some existing router throttling methods dynamically adjust a given threshold value to keep the server load safe. However, these methods are not ideal as they exploit the information of the current time, so the perception of time series variations is poor. The DDoS problem can be seen as a Markov decision process (MDP). Multi-agent router throttling (MART) method based on hierarchical communication mechanism has been proposed to address this problem. However, each agent is independent with each other and has no communication among them, therefore, it is hard for them to collaborate to learn an ideal policy to defend DDoS. To solve this multi-agent partially observable MDP problem, we propose a centralized reinforcement learning router throttling method based on a centralized communication mechanism. Each router sends its own traffic reading to a central router, the central router then makes a decision for each router to choose the throttling rate. We also simulate the environment of the DDoS problem more realistic while modify the reward function of the MART to make the reward function of more coherent. To decrease the communication costs, we add a deep deterministic policy gradient network for each router to decide whether or not to send information to the central agent. The experiments validate that our proposed new smart router throttling method outperforms existing methods to the DDoS instruction response.
Highlights
Denial of Service attacks constitute one of the major cyber threats and among the most complicated security problems in today’s Internet [1]–[3]
Motivated by existing research about distributed router throttling methods, we propose a Centralized Reinforcement Learning Router Throttling with Less Communication (CRLRT-LC) method to learn a better policy while decreasing the communication costs
In this paper, to solve the Partial Observability Markov Decision Problem of the Distributed Denial of Service (DDoS) attack, we make three contributions to mitigate the effect of the DDoS attack
Summary
Denial of Service attacks constitute one of the major cyber threats and among the most complicated security problems in today’s Internet [1]–[3]. Of particular concerns are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can exhaust the computing and communication resources of its victim server within a short period of time [4], [5]. Competition, retaliation, and network extortion, many commercial sites, game servers, chat networks, and other network service providers have long been plagued by DDoS attacks. The traffic is generated from terminals spreading all over the Internet, and all traffic is aggregated at the victim server. The DDoS traffic can appear to be similar to the legitimate one since the damage may cause by the total volume of traffic and not the traffic content
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
