Automatic Feedback Control for Graceful Degradation of Real-Time Services in the Face of an Attack

Distributed denial of service (DDoS) attacks continue to pose a serious threat to various businesses and consumers. With the growth in the number of devices connected to the internet, these attacks continue to grow in number. Despite the availability of security tools, the attacks continue to happen and are causing various businesses to sweat. These tools may take anywhere from a few hours to a few days to counter the attacks, which is unacceptable. In this paper, we put forth a novel feedback control mechanism to minimize the effect of volumetric attacks such as DDoS. During an attack, the feedback control model detects and reduces the impact of the attack by maintaining the service level agreements (SLA) of the network service. The controller makes intelligent decisions to ensure the quality of service (QoS) metrics are gracefully degraded by tuning the micro-firewall rules such as the committed information rate and burst size. A proportional Integral (PI) controller is used as a closed-loop feedback controller to maintain the stability of the network in spite of an attack. This proposed architecture is verified in a lab setup, and we observe that we are able to minimize the degradation of the real-time service so that the user's quality of experience (QoE) is preserved. We validate the proposed architecture with a model generated by using the system identification technique. Results from the setup show that the closed-loop feedback control model stabilizes the network in real-time.