CPSS LR-DDoS Detection and Defense in Edge Computing Utilizing DCNN Q-Learning

Abstract

Read online

Existing intrusion detection and defense models for CPSS (Cyber-Physical-Social Systems) are based on analyzing the static intrusion characteristics, which cannot effectively detect large-scale Low-Rate Denial-of-Service (LR-DDoS) attacks, especially in the edge environment. In this paper, we firstly explore and enhance Mirai botnet to a sophisticated multi-targets low-rate TCP attack network, which makes edge LR-DDoS more powerful and obfuscates their activity. And then, we develop a novel intrusion detection and defense hybrid method for above CPSS LR-DDoS scenario in edge environment, which takes advantage of locality sensitive features extraction and Deep Convolution Neural Network (DCNN) to auto learn the optimal features of the original data distribution and employs deep reinforcement learning Q-network as the powerful decision maker to defend attacks. The experimental results in detection phase prove the proposed method can distinguish abnormal network attack flows with higher detection accuracy and faster response time than kinds of Support Vector Machines (SVM), K-means and Surface Learning Neural Network etc. Even more, it has a certain detection rate for unknown new attacks, which means the method is effective and suitable for the actual network environment. The experimental results in defense phase prove it can defense LR-DDoS attacks smoothly.

Keywords

• Deep convolution neural network
• Q learning
• deep reinforcement learning
• edge computing
• LR-DDoS
• CPSS