RL-Shield: Mitigating Target Link-Flooding Attacks Using SDN and Deep Reinforcement Learning Routing Algorithm

Link-flooding attacks (LFAs) are a new type of distributed denial-of-service (DDoS) attacks that can substantially damage network connectivity. LFAs flows are seemingly legitimate at the origin. But their cumulative volume at critical links causes congestion. We propose RL-Shield, a reinforcement learning based defense system against LFAs. It mitigates LFAs and, at the same time, effectively forwards data traffic in the network. RL-Shield introduces a new detection algorithm for monitoring IP behaviors using the Dirichlet distribution and Bayesian statistics. It monitors the interplay of LFAs and traffic engineering and identifies source IPs that persistently react to re-routing events. The detection algorithm controls two reinforcement learning based routing algorithms that use a hop-by-hop technique to connect related node pairs.We evaluate RL-Shield on various network topologies by simulating several attack strategies. The simulation results demonstrate the effectiveness and high-accuracy of RL-Shield.