Hauke Heseding

DESCRIPTION

This thesis focuses on the combination of highly-flexible softwarized network security systems (e.g., virtualized firewall and intrusion prevention systems) with state-of-the-art machine learning methods. Since today's attacks on communication infrastructures utilize flexible deployment systems with automation capabilities, adversaries can quickly shift between targets and modify their attack patterns to circumvent established defenses. Consequently, it becomes increasingly challenging to effectively counteract adaptive attackers on sufficiently small time-scales. Machine learning offers promising opportunities to facilitate automated, fluent decision making to adapt to an ever-shifting threat landscape.

Volumetric distributed denial of service (DDoS) scenarios serve as an example use-case throughout this thesis to investigate reinforcement learning methods for automated attack mitigation. The objective is to train an agent to observe a variety of attack patterns and to automatically select effective parameters for an ingress traffic filtering process. This end-to-end learning approach enables quick adaptation to adversarial behavior and allows it to strike an effective balance between filtering accuracy and resource investment, i.e., traffic analysis capacity and filtering complexity. In effect, a well-trained agent serves to improve DDoS mitigation by tailoring mitigation systems accurately to ongoing attacks on short time-scales.

ASSIGNMENT

The goal of this thesis is to improve upon previous work on reinforcement learning for DDoS mitigation (a tensorflow-based agent implementation as well as a simulation environment will be provided). In particular, dynamic patterns in DDoS attack traffic and potential feature candidates will be investigated. Based upon this, improved reinforcement learning concepts for DDoS mitigation will be designed and implemented to enhance adaptation capabilities of agents, which control software-based mitigation systems, and to optimize resource utilization during ongoing attacks. The feasibility of the approach will be evaluated with a prototype implementation.

PREREQUISITS

Familiarity with programming languages (Python, C++)
Familiarity with machine learning concepts
Familiarity with networking principles