Biblio

Volumetric Distributed Denial of Service attacks forcefully disrupt the availability of online services by congesting network links with arbitrary high-volume traffic. This brute force approach has collateral impact on the upstream network infrastructure, making early attack traffic removal a key objective. To reduce infrastructure load and maintain service availability, we introduce ReCEIF, a topology-independent mitigation strategy for early, rule-based ingress filtering leveraging deep reinforcement learning. ReCEIF utilizes hierarchical heavy hitters to monitor traffic distribution and detect subnets that are sending high-volume traffic. Deep reinforcement learning subsequently serves to refine hierarchical heavy hitters into effective filter rules that can be propagated upstream to discard traffic originating from attacking systems. Evaluating all filter rules requires only a single clock cycle when utilizing fast ternary content-addressable memory, which is commonly available in software defined networks. To outline the effectiveness of our approach, we conduct a comparative evaluation to reinforcement learning-based router throttling.

A frequent problem of Internet services are Sybil attacks, i.e., malicious users create numerous fake identities for themselves. To avoid this, many services employ obstacles like Captchas to force (potentially malicious) users to invest human attention in creating new identities for the service. However, this only makes it more difficult but not impossible to create fake identities. Sybil attacks are especially encountered as a problem in decentralized systems since no single trust anchor is available to judge new users as honest or malicious. The avoidance of a single centralized trust-anchor, however, is desirable in many cases. As a consequence, various decentralized Sybil detection approaches have been proposed. The most promising ones are based on leveraging the trust relationships embedded within social graphs. While most of these approaches are focusing on detecting large existing groups of Sybil identities, our approach Detasyr instead restricts the creation of numerous Sybil identities. For that, tickets are distributed through the social graph and have to be collected, allowing for decentralized and privacy preserving authorization. Additionally, it offers a proof of authorization to users that are considered to be honest, allowing them to display their authorization towards others.