A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new cost-effective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks

A Decomposition Approach to Multi-Vehicle Cooperative Control

We present methods that generate cooperative strategies for multi-vehicle control problems using a decomposition approach. By introducing a set of tasks to be completed by the team of vehicles and a task execution method for each vehicle, we decomposed the problem into a combinatorial component and a continuous component. The continuous component of the problem is captured by task execution, and the combinatorial component is captured by task assignment. In this paper, we present a solver for task assignment that generates near-optimal assignments quickly and can be used in real-time applications. To motivate our methods, we apply them to an adversarial game between two teams of vehicles. One team is governed by simple rules and the other by our algorithms. In our study of this game we found phase transitions, showing that the task assignment problem is most difficult to solve when the capabilities of the adversaries are comparable. Finally, we implement our algorithms in a multi-level architecture with a variable replanning rate at each level to provide feedback on a dynamically changing and uncertain environment.Comment: 36 pages, 19 figures, for associated web page see http://control.mae.cornell.edu/earl/decom

Power system security enhancement by HVDC links using a closed-loop emergency control

In recent years, guaranteeing that large-scale interconnected systems operate safely, stably and economically has become a major and emergency issue. A number of high profile blackouts caused by cascading outages have focused attention on this issue. Embedded HVDC (High Voltage Direct Current) links within a larger AC power system are known to act as a “firewall” against cascading disturbances and therefore, can effectively contribute in preventing blackouts. A good example is the 2003 blackout in USA and Canada, where the Québec grid was not affected due to its HVDC interconnection. In the literature, many works have studied the impact of HVDC on the power system stability, but very few examples exist in the area of its impact on the system security. This paper presents a control strategy for HVDC systems to increase their contribution to system security. A real-time closed-loop control scheme is used to modulate the DC power of HVDC links to alleviate AC system overloads and improve system security. Simulations carried out on a simplified model of the Hydro-Québec network show that the proposed method works well and can greatly improve system security during emergency situations.Peer reviewedFinal Accepted Versio