Visible to the public A Reactive Defense Against Bandwidth Attacks Using Learning Automata

TitleA Reactive Defense Against Bandwidth Attacks Using Learning Automata
Publication TypeConference Paper
Year of Publication2018
AuthorsKahani, Nafiseh, Fallah, Mehran S.
Conference NameProceedings of the 13th International Conference on Availability, Reliability and Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6448-5
KeywordsBandwidth Attacks, Distributed Denial of Service (DDoS), Distributed Packet Filtering, IP Traceback, learning automata, Metrics, pubcrawl, resilience, Resiliency, Router Systems Security

This paper proposes a new adaptively distributed packet filtering mechanism to mitigate the DDoS attacks targeted at the victim's bandwidth. The mechanism employs IP traceback as a means of distinguishing attacks from legitimate traffic, and continuous action reinforcement learning automata, with an improved learning function, to compute effective filtering probabilities at filtering routers. The solution is evaluated through a number of experiments based on actual Internet data. The results show that the proposed solution achieves a high throughput of surviving legitimate traffic as a result of its high convergence speed, and can save the victim's bandwidth even in case of varying and intense attacks.

Citation Keykahani_reactive_2018