Resource-Efficient Low-Rate DDoS Mitigation With Moving Target Defense in Edge Clouds

Edge computing (EC) and container technology have been widely used to increase the flexibility of computing resources and meet the real-time requirements for delay-sensitive applications. However, it has been shown that edge clouds suffer from distributed denial-of-service (DDoS) attacks, especially low-rate DDoS (LDDoS) attacks, which can be stealthily crafted to evade detection. Unfortunately, the existing techniques cannot provide effective protection, and the amplifying resource consumption and service delay incurred by defense greatly diminish the efficiency of the security system. To tackle these problems, this paper exploits Moving Target Defense (MTD) techniques and deep reinforcement learning (DRL) for mitigating the impact of LDDoS attacks in a resource-efficient way by effectively partially invalidating, avoiding, and tolerating malicious traffic that improves the web services' security and quality with lower overhead. We first design several lightweight MTD mechanisms by utilizing the built-in functionalities of container-based applications. To further optimize resource utilization, we formulate the interaction between attacks and MTD deployment as a Markov decision process (MDP), and adopt a deep Q-network (DQN) algorithm to achieve the best trade-off between effectiveness and overhead. The simulations prove the effectiveness of the proposed approach in LDDoS mitigation, with a significant improvement of up to 31.7% in security and 26.95% in service quality when compared with other practical strategies, and the experimental results also demonstrate that our method exhibits the lowest response time per request of 276.66 ms and the lowest webpage load time of 1.413 s with only 2.44% additional memory usage in comparison with previous works in the high workload scenario.