short-paper

A Reactive Defense Against Bandwidth Attacks Using Learning Automata

Authors:

Nafiseh Kahani,

Mehran S. FallahAuthors Info & Claims

ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Article No.: 31, Pages 1 - 6

https://doi.org/10.1145/3230833.3230844

Published: 27 August 2018 Publication History

Abstract

This paper proposes a new adaptively distributed packet filtering mechanism to mitigate the DDoS attacks targeted at the victim's bandwidth. The mechanism employs IP traceback as a means of distinguishing attacks from legitimate traffic, and continuous action reinforcement learning automata, with an improved learning function, to compute effective filtering probabilities at filtering routers. The solution is evaluated through a number of experiments based on actual Internet data. The results show that the proposed solution achieves a high throughput of surviving legitimate traffic as a result of its high convergence speed, and can save the victim's bandwidth even in case of varying and intense attacks.

References

[1]

Zubair B. Adi, E. and Philip H. 2017. Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services. Journal of Network and Computer Applications 91 (2017), 1--13.

Digital Library

[2]

A. Askey and R. Roy. 2010. Beta function. Cambridge University Press.

[3]

CAIDA. 2004. CAIDA skitter map. (2004). http://www.caida.org/tools/measurement/skitter.

[4]

M. S. Fallah and N. Kahani. 2014. TDPF: a traceback-based distributed packet filter to mitigate spoofed DDoS attacks. Security and Communication Networks 7, 2 (2014), 245--264.

Digital Library

[5]

V. A. Foroushani and A. N. Zincir-Heywood. 2014. TDFA: traceback-based defense against DDoS flooding attacks. In IEEE 28th International Conference on Advanced Information Networking and Applications (AINA). 597--604.

Digital Library

[6]

G. Frost. 1998. Stochastic optimization of vehicle suspension control systems via learning automata. Ph.D. Dissertation. Loughborough University.

[7]

Chen Z. Li J. Hongbin, L. and Vasilakos A.V. 2017. Preventing distributed denial-of-service flooding attacks with dynamic path identifiers. IEEE Transactions on Information Forensics and Security 12, 8 (2017), 1801--1815.

Digital Library

[8]

M. Howell, G. Frost, T. Gordon, and Q. Wu. 1997. Continuous action reinforcement learning applied to vehicle suspension control. Journal of Mechatronics 7, 3 (1997), 263--276.

[9]

N. Kahani, S. Shiry, and M. Bagherzadeh. 2008. Detecting denial of service attacks utilizing machine learning methods. In International Conference on the Applications of Digital Information and Web Technologies (ICADIWT). IEEE.

[10]

Khan S. Shams B. Khan, M. A. and J. Lloret. 2015. Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks. Security and Communication Networks 9, 15 (2015), 2715--2729.

Digital Library

[11]

R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxon, and S. Shenker. 2002. Controlling high bandwidth aggregates in the network. ACM SIGCOMM Computer Communication Review 32, 3 (2002), 62--73.

Digital Library

[12]

K.S. Narendra and M.A. Thathachar. 2012. Learning automata: an introduction. Courier Corporation (2012), 1--479.

[13]

S. Ping and L. Moonchuen. 2004. IP traceback marking scheme based packets filtering mechanism. In Workshop on IP Operations and Management. IEEE, 253--260.

[14]

M. Sung and J. Xu. 2003. IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. IEEE Transactions on Parallel and Distributed Systems 14, 9 (2003), 861--872.

Digital Library

[15]

A. Yaar, A. Perrig, and D. Song. 2005. FIT: fast Internet traceback. In IEEE INFOCOM. 1395--1406.

Cited By

Kazemi Kordestani JRazapoor Mirsaleh MRezvanian AMeybodi M(2021)An Introduction to Learning Automata and OptimizationAdvances in Learning Automata and Intelligent Optimization10.1007/978-3-030-76291-9_1(1-50)Online publication date: 24-Jun-2021
https://doi.org/10.1007/978-3-030-76291-9_1
Vafashoar RMorshedlou HRezvanian AMeybodi MVafashoar RMorshedlou HRezvanian AMeybodi M(2020)Varieties of Cellular Learning Automata: An OverviewCellular Learning Automata: Theory and Applications10.1007/978-3-030-53141-6_1(1-81)Online publication date: 25-Jul-2020
https://doi.org/10.1007/978-3-030-53141-6_1
Rezvanian AMoradabadi BGhavipour MDaliri Khomami MMeybodi MRezvanian AMoradabadi BGhavipour MDaliri Khomami MMeybodi M(2019)Introduction to Learning Automata ModelsLearning Automata Approach for Social Networks10.1007/978-3-030-10767-3_1(1-49)Online publication date: 23-Jan-2019
https://doi.org/10.1007/978-3-030-10767-3_1

Index Terms

A Reactive Defense Against Bandwidth Attacks Using Learning Automata
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Redundancy
  2. Embedded and cyber-physical systems
    1. Embedded systems
    2. Robotics
2. Networks
  1. Network properties
    1. Network reliability

Recommendations

A Learning Automata Based Solution for Preventing Distributed Denial of Service in Internet of Things
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing

Internet of Things (IoT) refers to the networked interconnection of everyday objects. IoT is an upcoming research field and is being regarded as the revolution in the world of communication because of its extensible applications in numerous fields. Due ...
Survey of network-based defense mechanisms countering the DoS and DDoS problems

This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. In this survey, we analyze the design decisions in the Internet that have created the potential for denial of service ...
Sustaining Availability of Web Services under Distributed Denial of Service Attacks

The recent tide of Distributed Denial of Service (DDoS) attacks against high-profile web sites demonstrate how devastating DDoS attacks are and how defenseless the Internet is under such attacks. We design a practical DDoS defense system that can ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

August 2018

603 pages

ISBN:9781450364485

DOI:10.1145/3230833

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Universität Hamburg: Universität Hamburg

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 August 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

ARES 2018

ARES 2018: International Conference on Availability, Reliability and Security

August 27 - 30, 2018

Hamburg, Germany

Acceptance Rates

ARES '18 Paper Acceptance Rate 128 of 260 submissions, 49%;

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
96
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kazemi Kordestani JRazapoor Mirsaleh MRezvanian AMeybodi M(2021)An Introduction to Learning Automata and OptimizationAdvances in Learning Automata and Intelligent Optimization10.1007/978-3-030-76291-9_1(1-50)Online publication date: 24-Jun-2021
https://doi.org/10.1007/978-3-030-76291-9_1
Vafashoar RMorshedlou HRezvanian AMeybodi MVafashoar RMorshedlou HRezvanian AMeybodi M(2020)Varieties of Cellular Learning Automata: An OverviewCellular Learning Automata: Theory and Applications10.1007/978-3-030-53141-6_1(1-81)Online publication date: 25-Jul-2020
https://doi.org/10.1007/978-3-030-53141-6_1
Rezvanian AMoradabadi BGhavipour MDaliri Khomami MMeybodi MRezvanian AMoradabadi BGhavipour MDaliri Khomami MMeybodi M(2019)Introduction to Learning Automata ModelsLearning Automata Approach for Social Networks10.1007/978-3-030-10767-3_1(1-49)Online publication date: 23-Jan-2019
https://doi.org/10.1007/978-3-030-10767-3_1

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents