AutoDefense: Reinforcement Learning Based Autoreactive Defense Against Network Attacks

Attributed to the programmability and visibility provided by Software Defined Network (SDN) technologies, more flexible and complex functions can be performed on network attacks. However, identifying the attack traffic accurately for attack mitigation is a challenge. Most existing solutions leverage traffic characteristics to achieve this goal. Recent attacks characteristics have become more complex and indistinguishable from legitimate traffic. In this paper, we propose AutoDefense, a novel framework that leverages reinforcement learning techniques to deploy defense policies dynamically and adaptively based on the signals collected from the data plane. While we seek to achieve the same goal with the existing efforts where the network/server resources the attackers control should be limited, we allow more legitimate flows to enter the network, rather than relinquish bandwidth when attacks happen. Through evaluations, we demonstrate that AutoDefense could reduce 39% of the attack traffic and allow 48.6% more legitimate flows in the network. AutoDefense also improves the average flow completion time by 42.7% for the flows with a long tail latency.