P4 網路中結合移動目標防禦及分段路由之 強化式學習 DDoS 防禦機制;A Reinforcement Learning-Based DDoS Defense Mechanism Integrating Moving Target Defense and Segment Routing Using P4-enabled Programmable Networks

NCU Institutional Repository > 資訊電機學院 > 資訊工程研究所 > 博碩士論文 > Item 987654321/98589

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://ir.lib.ncu.edu.tw/handle/987654321/98589

题名:	P4 網路中結合移動目標防禦及分段路由之強化式學習 DDoS 防禦機制;A Reinforcement Learning-Based DDoS Defense Mechanism Integrating Moving Target Defense and Segment Routing Using P4-enabled Programmable Networks
作者:	劉冠廷;Liu, Kuan-Ting
贡献者:	資訊工程學系
关键词:	分散式阻斷服務攻擊;強化學習;移動目標防禦;分段路由;軟體定義網路;P4;Distributed Denial-of-Service;Reinforcement Learning;Moving Target Defense;Segment Routing;Software-Defined Networking;Programming protocol packet processors
日期:	2025-08-19
上传时间:	2025-10-17 12:58:00 (UTC+8)
出版者:	國立中央大學
摘要:	近年來，物聯網（Internet of Things, IoT）設備的快速普及，但由於多數缺乏資安防護，容易遭攻擊者操控組成殭屍網路（Botnet）發動分散式阻斷攻擊（Distributed Denial-of-Service, DDoS），傳統防火牆（Firewall）與一般機器學習（Machine Learning）防禦方式難以應對彈性與策略多樣性上的需求。本研究目標為設計一種能即時判斷並採取多元防禦動作的機制，以強化對DDoS攻擊的應變能力。本研究提出RLMTS（Reinforcement Learning with Moving Target Defense and Segment Routing）機制，結合強化式學習（Reinforcement Learning）、移動目標防禦（Moving Target Defense, MTD）技術與分段路由（Segment Routing），並基於軟體定義網路（Software Definition Networking, SDN）架構下的Programming Protocol-Independent Packet Processor（P4）可程式化資料平面實作。透過訓練的Conservative Q-Learning（CQL）模型，系統可根據即時流量特徵動態執行放行、誤導或封鎖等動作，進而調整封包路徑來加強防禦效果。RLMTS在防禦召回率（Recall）上優於文獻所採用的Proximal Policy Optimization（PPO）方法為9%，在F1-score方面亦提升11%，顯示RLMTS在攻擊偵測上展現更優異的綜合效能。在RTT延遲控制上，RLMTS相較於無防禦情境可降低90.25%，亦優於PPO方法47.27%；在吞吐量方面，相較無防禦情境提升188.14%，較PPO方法提升8.77%。整體來說， RLMTS 機制在面對 DDoS 攻擊時，於分類精度、防禦即時性與效能穩定性等各方面，皆展現出優於現有方法的綜合表現。 ;In recent years, the rapid proliferation of Internet of Things (IoT) devices has introduced new security challenges. Due to the lack of adequate cybersecurity protection, many IoT devices are easily compromised and manipulated into botnets to launch Distributed Denial-of-Service (DDoS) attacks. Traditional defense mechanisms such as firewalls and conventional machine learning approaches often fall short in addressing the flexibility and diversity required for effective DDoS mitigation strategies. This study aims to design a mechanism capable of making real-time decisions and dynamically applying multiple defense actions to enhance responsiveness against DDoS attacks. This paper proposes the RLMTS (Reinforcement Learning with Moving Target Defense and Segment Routing) mechanism, which integrates Reinforcement Learning (RL), Moving Target Defense (MTD), and Segment Routing (SR) technologies. The system is implemented on a Software-Defined Networking (SDN) architecture using the Programming Protocol-Independent Packet Processor (P4) to construct a programmable data plane. By utilizing a trained Conservative Q-Learning (CQL) model, the system can dynamically execute actions such as allow, mislead, or drop based on real-time traffic features, thereby adjusting packet forwarding paths to enhance defense performance. Experimental results show that the proposed RLMTS mechanism outperforms the Proximal Policy Optimization (PPO)-based method in prior literature, achieving a 9% improvement in Recall and an 11% increase in F1-score for attack detection. In terms of latency control, RLMTS reduces RTT by 90.25% compared to the no-defense scenario and by 47.27% compared to the PPO method. Furthermore, RLMTS maintains a stable throughput of 10.596 Mbps during attacks, representing a 188.14% improvement over no defense and an 8.77% increase over PPO. Overall, the RLMTS mechanism demonstrates superior performance in classification accuracy, real-time responsiveness, and system stability when defending against DDoS attacks.
显示于类别:	[資訊工程研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	8	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....