Efficient hybrid deep reinforcement learning mechanism for distributed denial of service attack detection in software defined networks
Loading...
Date
2022-05
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
NAMIBIA UNIVERSITY OF SCIENCE AND TECHNOLOGY
Abstract
The Internet architecture remains fixed since its invention but the Software Defined
Network (SDN) comes with more flexibility, innovation, and programmability aspects being a very
promising network architecture. However, the centralized control architecture in SDN represents a
single point of failure. This vulnerability is prone to Distributed Denial of Service attack (DDoS) which
remains a common and sophisticated attack on computer networks. With the controller faced with
DDoS attacks while already overloaded with decision making, it raises a major security concern for
SDN and therefore necessitates an efficient DDoS attack detection mechanism. This study aimed at
designing a mechanism that accurately detects DDoS attacks while using minimum computational
resources. We introduced a Hybrid Deep Reinforcement Learning Mechanism (HDRLM) for the SDN
at the controller. An evaluation of literature was conducted to identify DRL algorithms that are
accurate at the same time efficient. Double Deep Q-Network and Deep Q Network (DQN) were
identified, and Deep Q-Network (DQN) was adopted in the study. To confirm the performance,
simulated experimentation was used. Using the Design Science approach, a hybrid mechanism using
the Deep Q Network algorithm that combines two different Deep Learning Neural networks for
value approximation was designed. The HDRLM was demonstrated through experimentation in
which the CICIDS2017 dataset was used to train and evaluate its performance. Detection accuracy of
98.16% was obtained and an 8% on CPU usage during detection, an improvement of the resource
usage of the state-of-the-art detection mechanism. A positive upward trajectory of the accumulated
rewards demonstrated that the mechanism was able to learn the environment by itself. Despite not
achieving the highest accuracy, the HDRLM achieved a reasonably higher detection rate without
consuming more computational resources compared to available mechanisms. This study provides a
mechanism and an approach to designing mechanisms that reduce the cost of detection
Description
Keywords
Software Defined Networks, Distributed Denial of Service, Machine Learning, Intrusion Detection Systems, Deep Reinforcement Learning, CICIDS2017, Network Security
Citation
Musa, G, P. (2022). Efficient hybrid deep reinforcement learning mechanism for distributed denial of service attack detection in software defined networks [Master’s thesis, Namibia University of Science and Technology].