An optimized reinforcement learning based MTD mutation strategy for securing edge IoT against DDoS attack

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-07-21 DOI:10.1016/j.jisa.2025.104138

Amir Javadpour , Forough Ja’fari , Chafika Benzaïd , Tarik Taleb

{"title":"An optimized reinforcement learning based MTD mutation strategy for securing edge IoT against DDoS attack","authors":"Amir Javadpour , Forough Ja’fari , Chafika Benzaïd , Tarik Taleb","doi":"10.1016/j.jisa.2025.104138","DOIUrl":null,"url":null,"abstract":"<div><div>Distributed Denial of Service (DDoS) attacks are among the most destructive and challenging threats to mitigate for computer networks, particularly in edge IoT environments. Moving Target Defense (MTD) is a promising security mechanism that undermines the adversary’s gathered information by dynamically altering the attack surface. A selection of network nodes is chosen for mutation, and these changes hinder the adversary from achieving their objectives. However, identifying the optimal set of nodes for effectively and efficiently mitigating a DDoS attack remains a significant challenge. Existing MTD approaches have only considered a single factor—either the node’s vulnerability level or connectivity—and often lack generality and scalability for real-world IoT implementations. In this paper, we propose an enhanced MTD approach called CVbMA (Connection- and Vulnerability-based MTD Approach) that jointly considers both the vulnerability levels and connection weights of nodes to inform mutation strategies. To ensure practical applicability and adaptability, we develop a cost-aware Reinforcement Learning (RL) framework that incorporates explicit mutation costs into the reward function and utilizes neural ranking and model compression for scalability. Extensive evaluations are conducted using both Mininet-based simulations and a physical IoT testbed with real attack traces and heterogeneous devices. Comprehensive benchmarking and ablation studies against state-of-the-art MTD baselines demonstrate that the proposed framework significantly reduces the adversary’s success rate and incidents of server crashes, while maintaining low overhead and achieving high adaptivity. A detailed analysis of real-world deployments highlights the robustness of systems under operational constraints, including fluctuating latency, hardware diversity, and asynchronous events. Limitations and future enhancements, including topology-aware RL, adaptive mutation scheduling, and continuous model updates, are discussed. The results affirm the practical, scalable, and robust potential of cost-sensitive RL-based MTD for next-generation IoT security.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104138"},"PeriodicalIF":3.8000,"publicationDate":"2025-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001759","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Distributed Denial of Service (DDoS) attacks are among the most destructive and challenging threats to mitigate for computer networks, particularly in edge IoT environments. Moving Target Defense (MTD) is a promising security mechanism that undermines the adversary’s gathered information by dynamically altering the attack surface. A selection of network nodes is chosen for mutation, and these changes hinder the adversary from achieving their objectives. However, identifying the optimal set of nodes for effectively and efficiently mitigating a DDoS attack remains a significant challenge. Existing MTD approaches have only considered a single factor—either the node’s vulnerability level or connectivity—and often lack generality and scalability for real-world IoT implementations. In this paper, we propose an enhanced MTD approach called CVbMA (Connection- and Vulnerability-based MTD Approach) that jointly considers both the vulnerability levels and connection weights of nodes to inform mutation strategies. To ensure practical applicability and adaptability, we develop a cost-aware Reinforcement Learning (RL) framework that incorporates explicit mutation costs into the reward function and utilizes neural ranking and model compression for scalability. Extensive evaluations are conducted using both Mininet-based simulations and a physical IoT testbed with real attack traces and heterogeneous devices. Comprehensive benchmarking and ablation studies against state-of-the-art MTD baselines demonstrate that the proposed framework significantly reduces the adversary’s success rate and incidents of server crashes, while maintaining low overhead and achieving high adaptivity. A detailed analysis of real-world deployments highlights the robustness of systems under operational constraints, including fluctuating latency, hardware diversity, and asynchronous events. Limitations and future enhancements, including topology-aware RL, adaptive mutation scheduling, and continuous model updates, are discussed. The results affirm the practical, scalable, and robust potential of cost-sensitive RL-based MTD for next-generation IoT security.

查看原文本刊更多论文

一种优化的基于强化学习的MTD突变策略，保护边缘物联网免受DDoS攻击

分布式拒绝服务（DDoS）攻击是计算机网络中最具破坏性和挑战性的威胁之一，特别是在边缘物联网环境中。移动目标防御（MTD）是一种很有前途的安全机制，它通过动态改变攻击面来破坏攻击者收集的信息。选择一些网络节点进行突变，这些变化会阻碍攻击者实现他们的目标。然而，确定最优节点集以有效和高效地减轻DDoS攻击仍然是一个重大挑战。现有的MTD方法只考虑了单个因素——节点的漏洞级别或连接性——并且对于现实世界的物联网实现通常缺乏通用性和可扩展性。在本文中，我们提出了一种增强的MTD方法，称为CVbMA（基于连接和漏洞的MTD方法），该方法联合考虑节点的漏洞级别和连接权重来通知突变策略。为了确保实际的适用性和适应性，我们开发了一个成本感知的强化学习（RL）框架，该框架将明确的突变成本纳入奖励函数，并利用神经排序和模型压缩来实现可扩展性。使用基于mininet的模拟和具有真实攻击痕迹和异构设备的物理物联网测试平台进行了广泛的评估。针对最先进的MTD基线的全面基准测试和消除研究表明，所提议的框架显著降低了对手的成功率和服务器崩溃事件，同时保持了低开销并实现了高适应性。对实际部署的详细分析强调了系统在操作约束（包括波动延迟、硬件多样性和异步事件）下的健壮性。讨论了局限性和未来的增强，包括拓扑感知RL、自适应突变调度和持续的模型更新。结果证实了成本敏感的基于rl的MTD在下一代物联网安全方面的实用性、可扩展性和强大潜力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.