SDN/NFV-based framework for autonomous defense against slow-rate DDoS attacks by using reinforcement learning

Abstract

The unforeseen and skyrocketed shift in the number of connections to the Internet during the last years has created vast and critical vulnerabilities in networks that cybercriminals have quickly seized to launch high-volume DDoS attacks. Existing tools, such as advanced firewalls or intrusion prevention systems (IPS), cannot handle such an elevated volume of attacks because these solutions are dependent on humans. Therefore, adaptation of the current network security solutions to automated ones is more significant than ever to foster the development of the zero-touch networks and service management (ZSM) paradigm. Building on our preliminary work in this field, in this study, we provide a software-defined networking (SDN)-based framework that automates the detection and mitigation of slow-rate DDoS attacks. The framework uses deep learning (DL) to detect attacks and reinforcement learning (RL) to mitigate them. Furthermore, a network function virtualization (NFV)-assisted moving target defense (MTD) mechanism is included to amplify the effectiveness and flexibility of the solution. The framework is tested on a simulated network using open-source tools, namely Open Network Operating System (ONOS), Containernet, Apache Web Server, and Docker. The source code of a prototype of the framework is shared, which can be used and improved by interested researchers. Finally, the experimental results demonstrate that RL agents learn optimal DDoS mitigation policies in different scenarios and that they quickly adapt to new conditions that vary in short periods of time.