iQUIC: An intelligent framework for defending QUIC connection ID-based DoS attack using advantage actor–critic RL

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-16 DOI:10.1016/j.cose.2025.104463

Debasmita Dey, Nirnay Ghosh

{"title":"iQUIC: An intelligent framework for defending QUIC connection ID-based DoS attack using advantage actor–critic RL","authors":"Debasmita Dey, Nirnay Ghosh","doi":"10.1016/j.cose.2025.104463","DOIUrl":null,"url":null,"abstract":"<div><div>QUIC (Quick UDP Internet Connections) is a relatively recent transport layer protocol that Google deployed and implemented for the first time in 2012. The key aspect of this protocol is that it is faster than TCP, more secure than UDP, and more efficient regarding resource usage. It has been adopted by some Internet-based applications, viz., YouTube, Gmail, etc. Recent advancements in 5G/6G communication technology have enabled the integration of QUIC with many real-time applications. One of the drawbacks in the design of the QUIC protocol is its vulnerability against attacks related to connection ID, and a recent attack of this type is the <em>retire connection ID stuffing attack</em>. This attack leads to a denial of service (DoS) condition, thus hindering network operations and services. Few preventive solutions have been proposed, but they focus on closing the connection after detecting an attack scenario, which results in service disruption. In this paper, we attempted to render flexibility to this rigid security defense mechanism situation by proposing <em>iQUIC</em>, an intelligent framework to configure a network condition monitoring QUIC server. The framework inputs the network data to a local <em>Advantage Actor–Critic (A2C) Reinforcement Learning (RL)</em> engine to support decision-making regarding accepting/rejecting a request from a client or issuing a warning signal to it. The framework also enables the server to stochastically suspend connections with the client(s) following in <span><math><mi>ϵ</mi></math></span>-greedy approach after a predefined observation window. To replicate a real-world QUIC-enabled network, we devised a small QUIC network consisting of two clients and a server and generated substantial QUIC traffic by implementing a U-Net-based GAN (Generative Adversarial Network) model from scratch. A simulation-based performance evaluation demonstrates that the QUIC server powered by the actor–critic RL learns to make optimal decisions with time.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104463"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482500152X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

QUIC (Quick UDP Internet Connections) is a relatively recent transport layer protocol that Google deployed and implemented for the first time in 2012. The key aspect of this protocol is that it is faster than TCP, more secure than UDP, and more efficient regarding resource usage. It has been adopted by some Internet-based applications, viz., YouTube, Gmail, etc. Recent advancements in 5G/6G communication technology have enabled the integration of QUIC with many real-time applications. One of the drawbacks in the design of the QUIC protocol is its vulnerability against attacks related to connection ID, and a recent attack of this type is the retire connection ID stuffing attack. This attack leads to a denial of service (DoS) condition, thus hindering network operations and services. Few preventive solutions have been proposed, but they focus on closing the connection after detecting an attack scenario, which results in service disruption. In this paper, we attempted to render flexibility to this rigid security defense mechanism situation by proposing iQUIC, an intelligent framework to configure a network condition monitoring QUIC server. The framework inputs the network data to a local Advantage Actor–Critic (A2C) Reinforcement Learning (RL) engine to support decision-making regarding accepting/rejecting a request from a client or issuing a warning signal to it. The framework also enables the server to stochastically suspend connections with the client(s) following in

ϵ

-greedy approach after a predefined observation window. To replicate a real-world QUIC-enabled network, we devised a small QUIC network consisting of two clients and a server and generated substantial QUIC traffic by implementing a U-Net-based GAN (Generative Adversarial Network) model from scratch. A simulation-based performance evaluation demonstrates that the QUIC server powered by the actor–critic RL learns to make optimal decisions with time.

查看原文本刊更多论文

iQUIC：一种智能框架，用于防御基于QUIC连接id的DoS攻击，使用优势actor - critical RL

QUIC（快速UDP互联网连接）是一个相对较新的传输层协议，谷歌于2012年首次部署和实现。该协议的关键方面是它比TCP更快，比UDP更安全，并且在资源使用方面更有效。它已被一些基于互联网的应用程序所采用，如YouTube、bgmail等。5G/6G通信技术的最新进展使QUIC能够与许多实时应用集成。QUIC协议设计中的一个缺点是它容易受到与连接ID相关的攻击，最近这种类型的攻击是退休连接ID填充攻击。这种攻击会导致拒绝服务（DoS）的情况，从而阻碍网络运行和服务。目前提出的预防性解决方案很少，但它们都侧重于在检测到攻击场景后关闭连接，从而导致业务中断。在本文中，我们试图通过提出iQUIC，一种智能框架来配置网络状态监控QUIC服务器，从而为这种僵化的安全防御机制提供灵活性。该框架将网络数据输入到本地优势参与者-评论家（A2C）强化学习（RL）引擎，以支持有关接受/拒绝客户端请求或向其发出警告信号的决策。该框架还使服务器能够在预定义的观察窗口后按照ϵ-greedy方法随机挂起与客户端的连接。为了复制真实世界的QUIC网络，我们设计了一个由两个客户端和一个服务器组成的小型QUIC网络，并通过从头开始实现基于u - net的GAN（生成对抗网络）模型产生了大量的QUIC流量。基于模拟的性能评估表明，由actor-critic RL驱动的QUIC服务器可以随着时间学习做出最佳决策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.