AdaDoS: Adaptive DoS Attack via Deep Adversarial Reinforcement Learning in SDN

TL;DR

AdaDoS introduces an adaptive, RL-based DoS attack model that dynamically evades detection in SDN environments by modeling the attack as a competitive game and employing reciprocal learning to operate under limited information.

Contribution

This paper presents the first RL-based adaptive DoS attack framework in SDN, utilizing a game-theoretic approach and reciprocal learning to evade existing detection methods.

Findings

AdaDoS effectively evades existing DoS detectors.

The reciprocal learning module improves attack performance under limited observations.

Demonstrates the first application of RL to adaptive DoS attack generation.

Abstract

Existing defence mechanisms have demonstrated significant effectiveness in mitigating rule-based Denial-of-Service (DoS) attacks, leveraging predefined signatures and static heuristics to identify and block malicious traffic. However, the emergence of AI-driven techniques presents new challenges to SDN security, potentially compromising the efficacy of existing defence mechanisms. In this paper, we introduce~AdaDoS, an adaptive attack model that disrupt network operations while evading detection by existing DoS-based detectors through adversarial reinforcement learning (RL). Specifically, AdaDoS models the problem as a competitive game between an attacker, whose goal is to obstruct network traffic without being detected, and a detector, which aims to identify malicious traffic. AdaDoS can solve this game by dynamically adjusting its attack strategy based on feedback from the SDN and the detector. Additionally, recognising that attackers typically have less information than defenders, AdaDoS formulates the DoS-like attack as a partially observed Markov decision process (POMDP), with the attacker having access only to delay information between attacker and victim nodes. We address this challenge with a novel reciprocal learning module, where the student agent, with limited observations, enhances its performance by learning from the teacher agent, who has full observational capabilities in the SDN environment. AdaDoS represents the first application of RL to develop DoS-like attack sequences, capable of adaptively evading both machine learning-based and rule-based DoS-like attack detectors.