Hauke Heseding

DESCRIPTION

Distributed denial of service~(DDoS) attacks constitute a continuous, severe threat to communication infrastructures. Particularly, congesting bottleneck links with unsolicited high-volume traffic (so-called volumetric DDoS attacks) have become increasingly popular. While the attack mechanics are simplistic, mounting an effective defense remains a complex and resource intensive task, especially when attack traffic composition changes on small time scales.

Based on prior work, this thesis focuses on designing a control loop for Software Defined Networks (SDN) to enable analysis of attack traffic with monitoring algorithms (Hierarchical Heavy Hitters, HHH) and subsequent computation of filter rules for early attack traffic removal. The goal is to conceptualize an SDN-based framework that enables a (reinforcement learning) agent to adaptively select effective filter rules and program them into an ingress filter to achieve fluent adaptation to changing attack traffic characteristics.

ASSIGNMENT

The goal of this thesis is to design a framework to combine a TCAM-based ingress filter with HHH-based monitoring algorithms and a remote reinforcement learning agent. Specifically, communication requirements between these components need to be analyzed and methods for direct embedding of HHH algorithms and transport of monitoring information will be developed. Effectiveness of the design should be evaluated based on a prototype implementation in diverse attack scenarios, i.e., leveraging multiple different DDoS attack vectors over time. Modular integration of other monitoring algorithms and agents should be pursued to facilitate future proofing and to allow for further studies.