Abstract

Distributed Denial-of-Service (DDoS) flooding attack has remained as one of the most destructive attacks for more than two decades. Although great efforts have been made to design the defense mechanism, it is still difficult to mitigate these attacks in real time smartly and effectively for the reason that attack traffic may mix with benign traffic. Software-Defined Networks (SDN) decouples control and data plane in the network. Its centralized control paradigm and global view of the network bring some new chances to enhance the defense ability against network attacks. In this paper, we propose a deep reinforcement learning based framework, which can smartly learn the optimal mitigation policies under different attack scenarios and mitigate the DDoS flooding attack in real time. This framework is an effective system to defend against a wide range of DDoS flooding attacks such as TCP SYN, UDP, and ICMP flooding. It can intelligently learn the patterns of attack traffic and throttle the attack traffic, while the traffic of benign users is forwarded normally. We compare our proposed framework with a baseline along with a popular state-of-the-art router throttling method. The experimental results show that our approach can outperform both of them in five attacking scenarios with different attack dynamics significantly.