An Approach for Mitigating Denial of Service Attack

Distributed Denial of Service (DDoS) attacks are the most common types of cyber-attack on the internet and are rapidly increasing. Denial of service/distributed denial of service attack is an explicit attempt to make a machine or a network resource unavailable to its intended users. Attackers interrupt/suspend services of the host connected to internet temporarily or indefinitely.It involves saturating the target machine with external communication requests such that it cannot either respond to legitimate traffic or responds so slowly as to be rendered effectively unavailable. Two general form of Dos attacks are - those attacks that crashes services (computer attack) and those that flood services (network attack). Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack.The aim of the project is to implement an approach for mitigating DDoS based on “The Interface Based Rate Limiting (IBRL) algorithm”, used to mitigate the identified DDoS attacks. The implementation is carried out on a simulation tool Omnett++ installed on linux machine. The results are the plots that show that there is considerable increase in the two important and significant measures, response time and packet drop metrics for legitimate users even under DoS and DDoS attacks

Distributed Reinforcement Learning for Network Intrusion Response

The increasing adoption of technologies and the exponential growth of networks has made the area of information technology an integral part of our lives, where network security plays a vital role. One of the most serious threats in the current Internet is posed by distributed denial of service (DDoS) attacks, which target the availability of the victim system. Such an attack is designed to exhaust a server's resources or congest a network's infrastructure, and therefore renders the victim incapable of providing services to its legitimate users or customers. To tackle the distributed nature of these attacks, a distributed and coordinated defence mechanism is necessary, where many defensive nodes, across different locations cooperate in order to stop or reduce the flood. This thesis investigates the applicability of distributed reinforcement learning to intrusion response, specifically, DDoS response. We propose a novel approach to respond to DDoS attacks called Multiagent Router Throttling. Multiagent Router Throttling provides an agent-based distributed response to the DDoS problem, where multiple reinforcement learning agents are installed on a set of routers and learn to rate-limit or throttle traffic towards a victim server. One of the novel characteristics of the proposed approach is that it has a decentralised architecture and provides a decentralised coordinated response to the DDoS problem, thus being resilient to the attacks themselves. Scalability constitutes a critical aspect of a defence system since a non-scalable mechanism will never be considered, let alone adopted, for wide deployment by a company or organisation. We propose Coordinated Team Learning (CTL) which is a novel design to the original Multiagent Router Throttling approach based on the divide-and-conquer paradigm, that uses task decomposition and coordinated team rewards. To better scale-up CTL is combined with a form of reward shaping. The scalability of the proposed system is successfully demonstrated in experiments involving up to 1000 reinforcement learning agents. The significant improvements on scalability and learning speed lay the foundations for a potential real-world deployment