DeepAir: Deep Reinforcement Learning for Adaptive Intrusion Response in Software-Defined Networks

In this paper, we propose an adaptive intrusion response solution based on deep reinforcement learning, namely DeepAir, to effectively defend against cyber-attacks in Software-Defined Networks (SDN). Specifically, we first study an intrusion response system (IRS) that operates at the SDN control pla...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE eTransactions on network and service management 2022-09, Vol.19 (3), p.2207-2218
Hauptverfasser:	Phan, Trung V., Bauschert, Thomas
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Control algorithms Control systems Control theory cyber-attacks and software-defined networks Cybersecurity Deep learning deep reinforcement learning Denial of service attacks Intrusion Intrusion detection Intrusion response system Logic gates Machine learning Markov processes Optimization Performance evaluation Q-learning Security Software-defined networking Traffic flow
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	2218
container_issue	3
container_start_page	2207
container_title	IEEE eTransactions on network and service management
container_volume	19
creator	Phan, Trung V. Bauschert, Thomas
description	In this paper, we propose an adaptive intrusion response solution based on deep reinforcement learning, namely DeepAir, to effectively defend against cyber-attacks in Software-Defined Networks (SDN). Specifically, we first study an intrusion response system (IRS) that operates at the SDN control plane. Next, we propose a dynamic intrusion response solution to maximize the attack defense performance while minimizing the negative impact on benign traffic forwarding and the policy deployment cost in the SDN data plane. Then, we model the intrusion response system based on a Markov decision process (MDP) approach and formulate the related optimization problem. Afterward, we develop a Double Deep {Q} -Network based intrusion response control algorithm to assist the intrusion response system to quickly obtain the optimal intrusion response policy. In our case study, we consider denial-of-service (DoS) attacks-the performance evaluation results demonstrate that DeepAir can effectively prevent malicious packets from arriving at the victim in all considered DoS attack scenarios, i.e., approximately 85% of attack packets are dropped. Moreover, by applying the optimal intrusion response policy, DeepAir can significantly reduce the ratio of Quality-of-Service violated traffic flows compared to a {Q} -learning based approach (by 70%), and to two existing solutions, i.e., GATE (by 75%) and GTAC-IRS (by 80%), respectively.
doi_str_mv	10.1109/TNSM.2022.3158468
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_9732448</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9732448</ieee_id><sourcerecordid>2723899558</sourcerecordid><originalsourceid>FETCH-LOGICAL-c293t-9adbcf93a48fdf02aab1eda448f7fef99301a7d1638146504c216cc57f0e208d3</originalsourceid><addsrcrecordid>eNpNkFtLAzEQhYMoWKs_QHwJ-Lw1l70kvpV6K9QKtj6HdHciqTZZk9Tiv3eXFvFpzgznzAwfQpeUjCgl8mY5XzyPGGFsxGkh8lIcoQGVnGV5wavjf_oUncW4JqQQVLIB0ncA7diGW9wL_ArWGR9q2IBLeAY6OOvecTfC40a3yX4DnroUttF617lj610EbB1eeJN2OkB2B8Y6aPAc0s6Hj3iOToz-jHBxqEP09nC_nDxls5fH6WQ8y2omecqkbla1kVznwjSGMK1XFBqdd21lwEjJCdVVQ0suaF4WJK8ZLeu6qAwBRkTDh-h6v7cN_msLMam13wbXnVSsYlxIWRSic9G9qw4-xgBGtcFudPhRlKiepOpJqp6kOpDsMlf7jAWAP7-sOOu-478Y7HBx</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2723899558</pqid></control><display><type>article</type><title>DeepAir: Deep Reinforcement Learning for Adaptive Intrusion Response in Software-Defined Networks</title><source>IEEE Electronic Library (IEL)</source><creator>Phan, Trung V. ; Bauschert, Thomas</creator><creatorcontrib>Phan, Trung V. ; Bauschert, Thomas</creatorcontrib><description><![CDATA[In this paper, we propose an adaptive intrusion response solution based on deep reinforcement learning, namely DeepAir, to effectively defend against cyber-attacks in Software-Defined Networks (SDN). Specifically, we first study an intrusion response system (IRS) that operates at the SDN control plane. Next, we propose a dynamic intrusion response solution to maximize the attack defense performance while minimizing the negative impact on benign traffic forwarding and the policy deployment cost in the SDN data plane. Then, we model the intrusion response system based on a Markov decision process (MDP) approach and formulate the related optimization problem. Afterward, we develop a Double Deep <inline-formula> <tex-math notation="LaTeX">{Q} </tex-math></inline-formula>-Network based intrusion response control algorithm to assist the intrusion response system to quickly obtain the optimal intrusion response policy. In our case study, we consider denial-of-service (DoS) attacks-the performance evaluation results demonstrate that DeepAir can effectively prevent malicious packets from arriving at the victim in all considered DoS attack scenarios, i.e., approximately 85% of attack packets are dropped. Moreover, by applying the optimal intrusion response policy, DeepAir can significantly reduce the ratio of Quality-of-Service violated traffic flows compared to a <inline-formula> <tex-math notation="LaTeX">{Q} </tex-math></inline-formula>-learning based approach (by 70%), and to two existing solutions, i.e., GATE (by 75%) and GTAC-IRS (by 80%), respectively.]]></description><identifier>ISSN: 1932-4537</identifier><identifier>EISSN: 1932-4537</identifier><identifier>DOI: 10.1109/TNSM.2022.3158468</identifier><identifier>CODEN: ITNSC4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Algorithms ; Control algorithms ; Control systems ; Control theory ; cyber-attacks and software-defined networks ; Cybersecurity ; Deep learning ; deep reinforcement learning ; Denial of service attacks ; Intrusion ; Intrusion detection ; Intrusion response system ; Logic gates ; Machine learning ; Markov processes ; Optimization ; Performance evaluation ; Q-learning ; Security ; Software-defined networking ; Traffic flow</subject><ispartof>IEEE eTransactions on network and service management, 2022-09, Vol.19 (3), p.2207-2218</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c293t-9adbcf93a48fdf02aab1eda448f7fef99301a7d1638146504c216cc57f0e208d3</citedby><cites>FETCH-LOGICAL-c293t-9adbcf93a48fdf02aab1eda448f7fef99301a7d1638146504c216cc57f0e208d3</cites><orcidid>0000-0002-4018-0275</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9732448$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9732448$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Phan, Trung V.</creatorcontrib><creatorcontrib>Bauschert, Thomas</creatorcontrib><title>DeepAir: Deep Reinforcement Learning for Adaptive Intrusion Response in Software-Defined Networks</title><title>IEEE eTransactions on network and service management</title><addtitle>T-NSM</addtitle><description><![CDATA[In this paper, we propose an adaptive intrusion response solution based on deep reinforcement learning, namely DeepAir, to effectively defend against cyber-attacks in Software-Defined Networks (SDN). Specifically, we first study an intrusion response system (IRS) that operates at the SDN control plane. Next, we propose a dynamic intrusion response solution to maximize the attack defense performance while minimizing the negative impact on benign traffic forwarding and the policy deployment cost in the SDN data plane. Then, we model the intrusion response system based on a Markov decision process (MDP) approach and formulate the related optimization problem. Afterward, we develop a Double Deep <inline-formula> <tex-math notation="LaTeX">{Q} </tex-math></inline-formula>-Network based intrusion response control algorithm to assist the intrusion response system to quickly obtain the optimal intrusion response policy. In our case study, we consider denial-of-service (DoS) attacks-the performance evaluation results demonstrate that DeepAir can effectively prevent malicious packets from arriving at the victim in all considered DoS attack scenarios, i.e., approximately 85% of attack packets are dropped. Moreover, by applying the optimal intrusion response policy, DeepAir can significantly reduce the ratio of Quality-of-Service violated traffic flows compared to a <inline-formula> <tex-math notation="LaTeX">{Q} </tex-math></inline-formula>-learning based approach (by 70%), and to two existing solutions, i.e., GATE (by 75%) and GTAC-IRS (by 80%), respectively.]]></description><subject>Algorithms</subject><subject>Control algorithms</subject><subject>Control systems</subject><subject>Control theory</subject><subject>cyber-attacks and software-defined networks</subject><subject>Cybersecurity</subject><subject>Deep learning</subject><subject>deep reinforcement learning</subject><subject>Denial of service attacks</subject><subject>Intrusion</subject><subject>Intrusion detection</subject><subject>Intrusion response system</subject><subject>Logic gates</subject><subject>Machine learning</subject><subject>Markov processes</subject><subject>Optimization</subject><subject>Performance evaluation</subject><subject>Q-learning</subject><subject>Security</subject><subject>Software-defined networking</subject><subject>Traffic flow</subject><issn>1932-4537</issn><issn>1932-4537</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkFtLAzEQhYMoWKs_QHwJ-Lw1l70kvpV6K9QKtj6HdHciqTZZk9Tiv3eXFvFpzgznzAwfQpeUjCgl8mY5XzyPGGFsxGkh8lIcoQGVnGV5wavjf_oUncW4JqQQVLIB0ncA7diGW9wL_ArWGR9q2IBLeAY6OOvecTfC40a3yX4DnroUttF617lj610EbB1eeJN2OkB2B8Y6aPAc0s6Hj3iOToz-jHBxqEP09nC_nDxls5fH6WQ8y2omecqkbla1kVznwjSGMK1XFBqdd21lwEjJCdVVQ0suaF4WJK8ZLeu6qAwBRkTDh-h6v7cN_msLMam13wbXnVSsYlxIWRSic9G9qw4-xgBGtcFudPhRlKiepOpJqp6kOpDsMlf7jAWAP7-sOOu-478Y7HBx</recordid><startdate>202209</startdate><enddate>202209</enddate><creator>Phan, Trung V.</creator><creator>Bauschert, Thomas</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-4018-0275</orcidid></search><sort><creationdate>202209</creationdate><title>DeepAir: Deep Reinforcement Learning for Adaptive Intrusion Response in Software-Defined Networks</title><author>Phan, Trung V. ; Bauschert, Thomas</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c293t-9adbcf93a48fdf02aab1eda448f7fef99301a7d1638146504c216cc57f0e208d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Algorithms</topic><topic>Control algorithms</topic><topic>Control systems</topic><topic>Control theory</topic><topic>cyber-attacks and software-defined networks</topic><topic>Cybersecurity</topic><topic>Deep learning</topic><topic>deep reinforcement learning</topic><topic>Denial of service attacks</topic><topic>Intrusion</topic><topic>Intrusion detection</topic><topic>Intrusion response system</topic><topic>Logic gates</topic><topic>Machine learning</topic><topic>Markov processes</topic><topic>Optimization</topic><topic>Performance evaluation</topic><topic>Q-learning</topic><topic>Security</topic><topic>Software-defined networking</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Phan, Trung V.</creatorcontrib><creatorcontrib>Bauschert, Thomas</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><jtitle>IEEE eTransactions on network and service management</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Phan, Trung V.</au><au>Bauschert, Thomas</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DeepAir: Deep Reinforcement Learning for Adaptive Intrusion Response in Software-Defined Networks</atitle><jtitle>IEEE eTransactions on network and service management</jtitle><stitle>T-NSM</stitle><date>2022-09</date><risdate>2022</risdate><volume>19</volume><issue>3</issue><spage>2207</spage><epage>2218</epage><pages>2207-2218</pages><issn>1932-4537</issn><eissn>1932-4537</eissn><coden>ITNSC4</coden><abstract><![CDATA[In this paper, we propose an adaptive intrusion response solution based on deep reinforcement learning, namely DeepAir, to effectively defend against cyber-attacks in Software-Defined Networks (SDN). Specifically, we first study an intrusion response system (IRS) that operates at the SDN control plane. Next, we propose a dynamic intrusion response solution to maximize the attack defense performance while minimizing the negative impact on benign traffic forwarding and the policy deployment cost in the SDN data plane. Then, we model the intrusion response system based on a Markov decision process (MDP) approach and formulate the related optimization problem. Afterward, we develop a Double Deep <inline-formula> <tex-math notation="LaTeX">{Q} </tex-math></inline-formula>-Network based intrusion response control algorithm to assist the intrusion response system to quickly obtain the optimal intrusion response policy. In our case study, we consider denial-of-service (DoS) attacks-the performance evaluation results demonstrate that DeepAir can effectively prevent malicious packets from arriving at the victim in all considered DoS attack scenarios, i.e., approximately 85% of attack packets are dropped. Moreover, by applying the optimal intrusion response policy, DeepAir can significantly reduce the ratio of Quality-of-Service violated traffic flows compared to a <inline-formula> <tex-math notation="LaTeX">{Q} </tex-math></inline-formula>-learning based approach (by 70%), and to two existing solutions, i.e., GATE (by 75%) and GTAC-IRS (by 80%), respectively.]]></abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TNSM.2022.3158468</doi><tpages>12</tpages><orcidid>https://orcid.org/0000-0002-4018-0275</orcidid></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1932-4537
ispartof	IEEE eTransactions on network and service management, 2022-09, Vol.19 (3), p.2207-2218
issn	1932-4537 1932-4537
language	eng
recordid	cdi_ieee_primary_9732448
source	IEEE Electronic Library (IEL)
subjects	Algorithms Control algorithms Control systems Control theory cyber-attacks and software-defined networks Cybersecurity Deep learning deep reinforcement learning Denial of service attacks Intrusion Intrusion detection Intrusion response system Logic gates Machine learning Markov processes Optimization Performance evaluation Q-learning Security Software-defined networking Traffic flow
title	DeepAir: Deep Reinforcement Learning for Adaptive Intrusion Response in Software-Defined Networks
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-20T12%3A37%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DeepAir:%20Deep%20Reinforcement%20Learning%20for%20Adaptive%20Intrusion%20Response%20in%20Software-Defined%20Networks&rft.jtitle=IEEE%20eTransactions%20on%20network%20and%20service%20management&rft.au=Phan,%20Trung%20V.&rft.date=2022-09&rft.volume=19&rft.issue=3&rft.spage=2207&rft.epage=2218&rft.pages=2207-2218&rft.issn=1932-4537&rft.eissn=1932-4537&rft.coden=ITNSC4&rft_id=info:doi/10.1109/TNSM.2022.3158468&rft_dat=%3Cproquest_RIE%3E2723899558%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2723899558&rft_id=info:pmid/&rft_ieee_id=9732448&rfr_iscdi=true